[SOLVED] can a remote hacker keep trying to log in to my notebook connected to the internet?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
can a remote hacker keep trying to log in to my notebook connected to the internet?
Hi-
I am starting to use a password manager to protect (ironically) some program files for a free program I made. It isn't about banking etc. The program takes a long time to make and I'd like to try and protect it.
Having said that, can a remote computer hacker just sit there and try password after password to gain access to my linux pc? Is there any time out thing to slow them down? I use fedora.
I read in 2013 they could crack 16 alphanumeric random passwords in an hour.
Having said that, can a remote computer hacker just sit there and try password after password to gain access to my linux pc? Is there any time out thing to slow them down? I use fedora.
Yes. The fact is, though, that, unless hackers have a specific reason to target you, they are unlikely to persist if they don't gain access quickly. Random port scans are a fact of life on the internet, and they are that: random. The scanners are looking for easy targets. It is also true that the the longer a password is, the harder it is to crack. You can learn more at this article: http://www.howtogeek.com/166832/brut...is-vulnerable/
If you haven't already done so, you might want to install fail2ban.
i saw a john the ripper tutorial. that is pretty easy to use. but you need access to the files on the pc. I bet the firewall helps. i wonder if a hacker has to log-in first or if they get access to whatever the user is doing currently with their files e.g. already logged in.
I think of things like flash plug-in for mozilla, and i cringe because flash is everywhere.
anyways.... I think if they know, they can. I can only do things like make passwords longer etc.
i checked my firewalld. Then I installed zenmap and checked for open ports on the ip with ifconfig :-)
I usually go to auditmypc. I like zenmap/nmap-frontend.
Having a good firewall is always wise. On Linux, you can check the settings from the command line with
Code:
# iptables -L
(You will likely have to be root to do this.)
One thing many users overlook is this: They leave their router password at default. If I have to install a new router, the first thing I do is change the password (I use KeePassX to generate and store my passwords). I also close all unneeded outgoing and incoming ports in my router, opening only the ones I need. Doing that reduces the attack vectors significantly.
With the Linux security model, a hacker would have to get logged in to have access to your system. If a hacker were able to crack your user password, he or she would have access only to user's home directory; not to system files that require root access or to other users' files, if there are multiple users in the system.
I use same password manager. I am sending a donation in februrary. First pay for presents and pay down credit card. then one of my number one priorities in feb. is to send a donation to that cool software - keepassx! I got someone at work to use it to for home use.
That's a good idea. I shall do the same, as long as I don't have to sign up for Flattr.
Wish they had KeePassX caps. My favorite way of supporting projects is to buy gear. Then I can go into shops and have clerks ask me, for example, "What is Fluxbox?"
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.