If your Server is having open IP, which can be accessed from internet, you better check your system logs periodically to make sure that the attackers are not sccuessful in logging in to your system.

If you are using Linux, then check the log file /var/log/secure and search for the string “Failed password for invalid user”. For Solaris it is /var/log/authlog file.
Log in as root (Yes, lock the root direct login) and run this command, which will send you the list of Brutal attacks, timestamp and IP address where from it is sent.

cat /var/log/secure | grep “Failed password for invalid user” | mailx -s “Brutal Attack on `hostname` as of `date` | This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

There are many ways to address it. One is block the IPs (which will keep you busy almost every day as there are ton of hackers out there) and other is change the ssh port from 22 to something else. I have done the second option on my servers and I don't see any of such attack attempts from that day.

Good Luck!

Comments (1)

	1. 07-25-2008 18:05
	Good posting on Security. Expect more on such subjects. Registered

8x8S

Write Comment

Thankyou for your comments. Feel free to comment if there are any mistake in the postings also. If you have a Blog or website, feel free to provide the link. We will take a peak. Just ensure to *Refresh* your browser for a new security code to be displayed prior to clicking on the 'Send' button. Keep in mind that the above process only applies if you simply entered the wrong security code.
Name:
Homepage
BBCode:
Comment:
Code:*
	I wish to be contacted by email regarding additional comments

Copy Right: AKOComments v.1.4.6