break-in attempts on my server
David Hummel
dhml at comcast.net
Sun Nov 20 18:01:05 EST 2005
On Sun, Nov 20, 2005 at 05:15:35PM -0500, David Kramer wrote:
>
> Note that I had just done a SuseWatcher upgrade. I don't remember
> what it upgraded, and don't know how to find out, but based on the
> timing, I assume that's what killed Postifx.
Perhaps pay more attention to what the upgrade tool is doing under the
hood. If there isn't an easy way to find out, consider using a
different tool. Updaters shouldn't kill running servers, they should
ensure that the servers are restarted after the update. It's not clear
if that's what's happening here.
> So I started combing through my /var/log/messages and found LOTS of
> entries like:
>
8>< [ log entries ]
>
> Is there *anything* else I can do?
Firewall rules are a start. I would also disable password
authentication, and use public keys. There's also the obvious stuff
like disabling root logins, etc.
-David
More information about the Discuss
mailing list