I was reviewing my logs today and I found someone is trying to hack into my linux box. They are trying to ssh into my box which I have enabled but they did not guess the password. Is there anyway to block or drop this kind of stuff? Is this the new way to hack now?
This is certainly nothing new, it's about the oldest attack in the book. A very good password is one important thing here. Need some help picking a good password? See: swordfish a password generator
You also could shutoff ssh service to the internet. I assume that you have a good reason for accepting ssh connections from the internet so this may not be an option. Blocking that ip address is a thought, but a determined cracker will move to another ip address.
You could try contacting the owner of the ip address. But I see it seems to originate at some school in Korea...
So I don't know what to tell you. It's just life on the internet...
Last edited by Perderabo; 03-05-2005 at 10:32 PM..
I also detected that some random hosts in Japan, Korea and China trying to brute-force SSH into my box. What I did was to set up some firewall rules with iptables to block all hosts from SSHing into my box except a few ones (from internal network, my machine at work etc.)