Re: [vcf-midatlantic] OT Linux Malware
Ethan via vcf-midatlantic writes:
My signature is "approximately" true. I got tired of seeing "this email > free of > malware because I run such-and-so anti-virus program". Bill Dudley
Brute force attempts to log into Linux hosts by SSH isn't exactly malware though? It's not like a graphical or script ad delivered via a commercial ad network on a web page that exploits vulnerabilities in a browser.
First, the attempts were not on a Linux box but from a Linux box.
You can easily free yourself from the SSH attempts by moving sshd to a different port if you must leave it open to the entire internet. Also turning off interactive (password) based logins can help.
I have ssh running on a different -- not port 22 -- port.
First, the attempts were not on a Linux box but from a Linux box.
Nitpick, but even if it *is* a Linux host, it could be simply compromised, or even someone trying to bruteforce from home.
You can easily free yourself from the SSH attempts by moving sshd to a different port if you must leave it open to the entire internet. Also turning off interactive (password) based logins can help.
I have ssh running on a different -- not port 22 -- port.
I run fail2ban on anything Internet-facing. Nowadays all of my servers listen for SSH on IPv6 only, that has *drastically* decreased bruteforce attempts. Using a different port is of course security through obscurity (as would be relying on IPv6 being hard to scan), but I see it as valid in a layered approach. Thanks, Jonathan
participants (2)
-
Systems Glitch -
VAXman@tmesis.org