[CentOS] I appear to be attacking others

Tue Feb 7 17:52:39 UTC 2006
Chris Mauritz <chrism at imntv.com>

John Hinton wrote:
> sophana wrote:
>
>> using denyhosts is sufficient for me. After several password 
>> attempts, it simply disables the ip address.
>> I now have 133 denied ips in /etc/hosts.deny
>> Of course, you have to make sure that you don't use simple passwords
>>
> I find it easier to deny all and then allow the very few who actually 
> use ssh. But, this can get you into trouble if you suddenly find you 
> need to shell in when out of town. A backdoor somewhere is a good idea!

Just be careful.  I was in China last month and had a server in NYC that 
needed some minor surgery.  I ssh'ed in and spent about 10 minutes 
fixing things.  Even though this machine is running ssh on a 
non-standard port, within MINUTES that port (and only that port) was 
being probed from inside China.  And I was connecting from a 5 star 
hotel in Beijing (not some Internet cafe).  The world is truly becoming 
a dangerous place in terms of computer security.

Cheers,