Got hacked?
Eric "Shubes"
plug at shubes.net
Fri Feb 23 06:00:57 MST 2007
Darrin Chandler wrote:
> On Thu, Feb 22, 2007 at 09:43:21PM -0700, Jon M. Hanson wrote:
>> I'm guessing they got in through some kind of guest account you have
>> setup (but maybe didn't know about) or another common account name with
>> a weak password. I constantly watch my system logs and several times a
>> week I'll get a ton of attempts to try to brute force passwords to
>> various accounts through SSH.
>
> It's quite possible. I get those same attempts, and pretty much everyone
> else does too. In response, some people set up elaborate schemes (port
> knockers and whatnot) in order to protect themselves. It's not as secure
> as they think. Allowing password authentication with good passwords is
> bad. Allowing it when your password is 'golfnut' is asking for trouble.
> Yes, even if you spell it 'g01FnuT'. (Ok, how many of you winced just
> now because I guessed your password or got close?)
>
> Those of you out there running sshd, PLEASE consider using ssh-keygen
> and using the key pairs for authentication *instead* of passwords, and
> setting "PasswordAuthentication no" in your config. It really is pretty
> easy, and really will make your system safer. Of course that's not all
> there is to security, but I've seen many people have otherwise secure
> systems, with everything patched and up to date, and allow password auth
> with weak passwords. It's like putting bars on your windows and leaving
> the front door open.
>
This sounds like a nice mini-presentation (howto) for a meeting.
--
-Eric 'shubes'
More information about the PLUG-discuss
mailing list