Successful SSH Attack - Need help cleaning up

Gary Thornock gthornock at
Sun Oct 29 14:56:15 MST 2006

--- Steve <smorrey at> wrote:
> Just a note, for in the future what I have done is moved SSH
> to an obscure port way off in the boonies.  Never had an SSH
> attack attempt since doing so.
> But yeah everyone is correct, wipe that puppy and re-install
> clean.

Moving SSH to a different port might help, but it's not terribly
difficult to detect.  Whether you do that or not, I'd recommend
that you disable password authentication and require public key.
I haven't had an attack attempt since I did that.

And yes, your best bet after a successful attack is to wipe the
box and re-install.

PGP Key ID: 071B173D
Fingerprint: ED30 B048 6833 56B4 28C0 CE52 F12B 884A 071B 173D

More information about the PLUG mailing list