[CentOS] Unknown rootkit causes compromised servers

Tue Jan 29 13:30:11 UTC 2008
Johnny Hughes <johnny at centos.org>

Chris Mauritz wrote:
> Alfredo Perez wrote:
>> I will add to that list, change ssh port 22 to somthing else
>>
> 
> Why?  Most of the script kiddies now check all the higher ports for ssh
> too.  Moving ssh's port around solves nothing.

Actually, I have to disagree.

SOME of the script kiddies check higher ports for SSH *_BUT_* I only see 
4% of the brute force attempts to login on ports other than 22.

I would say that dropping brute force login attempts by 96% is quite a 
good reason to move the SSH port from 22 to something else.

It is certainly not the only thing you need to do, but it is nonetheless 
a good thing to do.

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080129/b8f2b37f/attachment-0005.sig>