[HLUG] Last couple of messages didn't go through

David Shorthouse kungfu at globalnet.co.uk
Tue Jan 3 01:25:48 GMT 2006


Thanks Mark,

I'm not sure but it may have been because I sent the file from my Linux
machine the address it would have come from would have been
david at linux.site?
I will have a look to see if there is anything similar in suse9.3 I expect
it will be something like secure.

Thanks again

Dave.

-----Original Message-----
From: Mark Broadbent [mailto:markb at wetlettuce.com]
Sent: 01 January 2006 2:15 PM
To: Herefordshire Linux Users Group.
Subject: Re: [HLUG] Last couple of messages didn't go through


David Shorthouse wrote:
> Hi All,
>
> ...
>
> PS why didn't my message not go through last time see below. :

Didn't see in the mod requests, it might have been blocked further upstream.

>
> Happy new-year.....

And you.

>
> Hi All,
>
> I hope everyone is still merry after the Christmas break and ready for the
> New years one.... :)
>
> I have noticed someone has been/or trying to gain access to my ssh on my
> linux server. I get a log sent to my gmail account every hour from my
> router. I have noticed that the ssh port 22 being used. see below.
>
> Wed, 2005-12-28 19:29:02 - TCP Packet - Source:202.63.114.43,46799
> Destination:192.168.0.2,22 - [SSH match]
> Wed, 2005-12-28 19:29:14 - TCP Packet - Source:202.63.114.43,48700
> Destination:192.168.0.2,22 - [SSH match]
> Wed, 2005-12-28 19:29:17 - TCP Packet - Source:202.63.114.43,48779
> Destination:192.168.0.2,22 - [SSH match]
> Wed, 2005-12-28 19:29:21 - TCP Packet - Source:202.63.114.43,48858
> Destination:192.168.0.2,22 - [SSH match]
> Wed, 2005-12-28 19:29:26 - TCP Packet - Source:202.63.114.43,49768
> Destination:192.168.0.2,22 - [SSH match]
>
> Although from this i can tell someone is trying to gain access but is
there
> somewhere that will log ssh attempts???
>

If your using a redhat based distro then try looking in /var/log/secure,
debian based try /var/log/auth for failed login attempts.  This is
[unfortunately] fairly normal behaviour for open SSH servers on the
Internet, just make sure you keep your distro up-to-date.  I'd also
recommend that only allow logins using public-key authentication and
disable root logins for extra security.

Thanks
Mark


--
Mark Broadbent <markb at wetlettuce.com>
Herefordshire LUG Master

Web: www.wetlettuce.com
LUG: www.herefordshire.lug.org.uk







More information about the Herefordshire mailing list