[Wolves] Hacking attempt - what next

Re-LoaD reload at brum2600.net
Mon Dec 8 11:14:25 UTC 2008

Wayne wrote:
> Hi Guys,
> I left the port for ssh open on my router for only siz hours while I did 
> some work from home  (first time I've done it in three years)
> and logs show that some Russian signed in to a user account and may or 
> may not have downloaded some stuff.

Always a good idea to change the port that ssh binds to there are many 
scanners out there looking for port 22.

edit sshd_config

# What ports, IPs and protocols we listen for
Port [your port number here]

just remember that will now be your ssh port on your router.

you can try running rkhunter if only for interest.

Then get the CD out reinstall and restore your user account files from a 
back up (of course we all have backups)

What's your ISP ??


More information about the Wolves mailing list