Successful SSH Attack - Need help cleaning up
gthornock at yahoo.com
Sun Oct 29 14:56:15 MST 2006
--- Steve <smorrey at gmail.com> wrote:
> Just a note, for in the future what I have done is moved SSH
> to an obscure port way off in the boonies. Never had an SSH
> attack attempt since doing so.
> But yeah everyone is correct, wipe that puppy and re-install
Moving SSH to a different port might help, but it's not terribly
difficult to detect. Whether you do that or not, I'd recommend
that you disable password authentication and require public key.
I haven't had an attack attempt since I did that.
And yes, your best bet after a successful attack is to wipe the
box and re-install.
PGP Key ID: 071B173D
Fingerprint: ED30 B048 6833 56B4 28C0 CE52 F12B 884A 071B 173D
More information about the PLUG