SSH scanning
It's a weekend, I know, but I can't resist checking on Maui and opapa.
Been checking the logs on opapa when I noticed login failures using accounts like 'test' and 'user'. Hmmm... These aren't standard Linux accounts. And no one else has SSH privileges on opapa.
So I checked and did a
Turns out this incident is similar to those happening worldwide. In the security mailing lists I subscribe to, similar incidents have been cropping up. The recommended solution was to harden SSH.
Already done that: no root logins. But that's not enough. Would have to implement RSA key logins. And notify the Boss, too.
Been checking the logs on opapa when I noticed login failures using accounts like 'test' and 'user'. Hmmm... These aren't standard Linux accounts. And no one else has SSH privileges on opapa.
So I checked and did a
whois on the culprit host. Traced it back to an ISP in Korea. Something's afoot.Turns out this incident is similar to those happening worldwide. In the security mailing lists I subscribe to, similar incidents have been cropping up. The recommended solution was to harden SSH.
Already done that: no root logins. But that's not enough. Would have to implement RSA key logins. And notify the Boss, too.
Comments
Post a Comment