Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: my server is attempting to ssh brute force...

  1. #11
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: my server is attempting to ssh brute force...

    Quote Originally Posted by Ms. Daisy View Post
    most people aren't interested in in-depth investigations
    Should it be a question to ask? I don't read that many threads but I see it's not uncommon for replies to just state "re-install from scratch" without asking any questions. So could it be in the approach as well?


    Quote Originally Posted by Ms. Daisy View Post
    Users will only learn how to prevent it in the future if they care enough to take the time and learn. I have come to expect that they usually don't. Hopefully I'm wrong.
    Anyone who has dealt with a few cases knows you aren't. Still there are a few things I hope you and anyone else would consider:
    - One compromise is one too many. It reflects badly on Linux as a whole and unless dealt with properly it poses a risk (again) for other systems.
    - These are Ubuntu users coming to the Ubuntu forum for help. So what level of quality may they expect from advice here under the banner of the Ubuntu brand?
    - Successfully wrapped-up cases become part of this forums "knowledge base" educating others and possibly serving as reference in new cases.

  2. #12
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: my server is attempting to ssh brute force...

    Quote Originally Posted by unspawn View Post
    Anyone who has dealt with a few cases knows you aren't. Still there are a few things I hope you and anyone else would consider:
    - One compromise is one too many. It reflects badly on Linux as a whole and unless dealt with properly it poses a risk (again) for other systems.
    - These are Ubuntu users coming to the Ubuntu forum for help. So what level of quality may they expect from advice here under the banner of the Ubuntu brand?
    - Successfully wrapped-up cases become part of this forums "knowledge base" educating others and possibly serving as reference in new cases.
    It really depends on how much time and effort a person has to seeing what logs and whatnot look like when their system in running correctly. If the compromise occured because of a software exploit, it should be shown in the logs unless the attacker was through enough to sanitize the logs.

    There are a lot of questions posed on this located here:
    https://wiki.ubuntu.com/BasicSecurity/DidIJustGetOwned
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  3. #13
    Join Date
    Sep 2011
    Beans
    1,531

    Re: my server is attempting to ssh brute force...

    Quote Originally Posted by unspawn View Post
    Should it be a question to ask? I don't read that many threads but I see it's not uncommon for replies to just state "re-install from scratch" without asking any questions. So could it be in the approach as well?
    That's why my first post in this thread includes a link to the "Did I Just Get Owned" wiki. IMO that wiki is the best place for someone to start investigating a potentially owned box. If they have more questions or want to go deeper they'll come back and ask. I agree that we should have a knowledge base which includes said wiki.
    Quote Originally Posted by unspawn View Post
    - One compromise is one too many. It reflects badly on Linux as a whole and unless dealt with properly it poses a risk (again) for other systems.
    I disagree with you there. It doesn't reflect badly on Linux at all, it highlights the importance of security considerations on all operating systems.

  4. #14
    Join Date
    Oct 2007
    Beans
    338

    Re: my server is attempting to ssh brute force...

    Here is a great article on the subject or maybe more so the switch from windows to linux PS. when in doubt back it up, lifes easier that way.
    http://www.zdnet.com/windows-securit...se-4010025280/

  5. #15
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: my server is attempting to ssh brute force...

    Quote Originally Posted by Ms. Daisy View Post
    btw logwatch is very cool. I had never seen it before. I highly recommend it for all servers.
    I installed in a couple days ago and I can say it is quite handy.

    Thanks for suggesting it, unspawn.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  6. #16
    Join Date
    Aug 2006
    Beans
    1,374
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: my server is attempting to ssh brute force...

    I would like some information from the OP. Curious about his response on this. (That would make two beans on his/her account)

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •