Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 12-16-2005, 11:38 AM   #1
Registered: Dec 2005
Distribution: Slackware 13.1
Posts: 82

Rep: Reputation: 15
someone trying to brute force me

i was just checking out my logs and i noticed two occassions of someone using a script of some kind to log in as root and alot of random user names. as far as i saw all tries were denied. i am wondering how often this happens to anyone and should i be really worried? also is there a way to shut down log in capabilities if it is detected that someone is trying to brute force their way in?
Old 12-16-2005, 11:43 AM   #2
Registered: Sep 2004
Distribution: Slack!
Posts: 150

Rep: Reputation: 15
Generally this is just part of the background whitenoise on the Internet... If you have strong passwords you should be safe. If you are paranoid (not a bad thing) look into Snort - it can handle keeping track of your system for you.
Old 12-16-2005, 11:43 AM   #3
Registered: Feb 2002
Posts: 50

Rep: Reputation: 15
Are these ssh attacks. If so I would take a look at hosts deny from sourcefoge. I would also read up on securing the sshd_config file
Old 12-16-2005, 11:47 AM   #4
LQ Guru
Registered: Mar 2004
Distribution: Slackware
Posts: 6,541

Rep: Reputation: 866Reputation: 866Reputation: 866Reputation: 866Reputation: 866Reputation: 866Reputation: 866
You're opening your TCP 22 port,
sometime someone run a script that scans the network,
he/she see your port is open and need to test your
password strategy.

It is not uncommon, some run ssh on different ports
and other simply don't run ssh at all
Old 12-16-2005, 12:32 PM   #5
Registered: Nov 2005
Posts: 183

Rep: Reputation: 30
cd /etc/ssh/sshd_config

uncomment PermintRootLogin no <-may need to change to no.

all the script kiddies out there are trying common passwords with root as the user. Dont let the root account login, then someone has to quess your password (use a good one) and your username.

after you are in you an always su to root

Old 12-16-2005, 12:38 PM   #6
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
One other approach would be to move to public/private key authentication and disable username/password logins for ssh altogether. Then the script kiddies can try all the combinations they want and don't have a snowballs chance in hell of getting in.
Old 12-16-2005, 12:49 PM   #7
Registered: Oct 2005
Location: California
Distribution: SLED 10, openSuSE 10.2, Ubuntu Drapper
Posts: 713

Rep: Reputation: 30
Just a newbie question, but what logs were you checking? Thanks.
Old 12-16-2005, 12:52 PM   #8
Registered: Dec 2005
Distribution: Slackware 13.1
Posts: 82

Original Poster
Rep: Reputation: 15
im a newb too, but heres the log for checking that sort of thing.../var/log/messages

thanks for all the responces everyone.
Old 12-16-2005, 03:02 PM   #9
Senior Member
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45

That's the security forum sticky on the matter, they have pretty much beat this old horse down in there.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH brute force.... compromised? heri0n Linux - Security 15 11-21-2004 06:51 PM
brute force 'mungas bungas ' ovparrilla Linux - Software 2 07-06-2004 03:38 PM
Nessus Brute Force Gerardoj Linux - General 0 12-27-2003 05:07 PM
Brute force DHCP SSBN Linux - Networking 10 10-21-2003 11:34 AM
Brute Force kwigibo Linux - General 2 08-01-2002 01:42 AM > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:20 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration