Hi.

I was checking my system logs on the other day and found interesting report.
Since I am newbie, I don't know the detail of it. But I figure that someone tried to crack my fc2 box.
Could anyone tell me if it is an attempt to crack, and if so, what could I do to secure my box.

Thanks in advance.

Ps: I have a hardware firewall in a router and disabled fc2's software firewall.

From security log
Sep 19 11:34:19 localhost sshd[7040]: Failed password for illegal user test from ::ffff:205.209.168.20 port 56444 ssh2
Sep 19 11:34:20 localhost sshd[7042]: Illegal user guest from ::ffff:205.209.168.20

and from system log:
Sep 19 11:34:20 localhost sshd(pam_unix)[7042]: check pass; user unknown
Sep 19 11:34:20 localhost sshd(pam_unix)[7042]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=205.209.168.20

i think they tried to brute force login, they did not get in however if it shows as auth failure

just make sure you have a good password and is this a server or a desktop?

Hi-

You said you have a hardware firewall and so I assume your FC box is behind it correct? If so, do you have any port forwarding enabled on the firewall? That's the only way I can see for someone on the outside to be able to hit your FC2. If the hardware FW is properly configured and no ports are being forwarded, you may want to check your wireless connection, if you have one.

If you do have port forwarding enabled on your FW so that you can access your FC2 box from outside, I would deny access to every IP address except the ones from which you will be remoting to your Linux box with. You may also want to have the default failure response from your FW be "host unreachable" if supported by your hardware firewall.

Thanks for quick reply.

I'm using fc2 as a desktop. And I do have some fowarding enabled for amule. I guess I should only enable port fowarding when I use amule. Or is there other ways to secure my fc2 box?

ps: It would be a good idea to post "howto maximize security in fedora core" just for newbies like me. ^^

carlito's way this may help:

http://www.fedoraforum.org/forum/showthread.php?t=22413 i am also using it, gives you warnings of attacks.

Great~!

I'll try the firestarter when I get to home.

Thanks.

trust me you will like it....is there for a reason, SECURITY.

Yeah I get those alot of my firewall logs. Don't be to worried just bot scanning threw internet looking for answering ports.

Yeah I get those alot of my firewall logs. Don't be to worried just bot scanning threw internet looking for answering ports.
yes that too...
;)

I get these everyday. I think it's a trojan going round or a custom script run on a range of IP's.

I get these everyday. I think it's a trojan going round or a custom script run on a range of IP's.

you happen to know the name of this trojan?

No, I haven't managed to find out yet. I will keep looking though.

No, I haven't managed to find out yet. I will keep looking though.

ok....i am curious if listed ....in clam., i'll check.

i would recommend APF firewall as it has built in Anti DOS system and easy to install or configure.

i would recommend APF firewall as it has built in Anti DOS system and easy to install or configure.

post the source, my man.

http://www.fedoraforum.org/forum/article.php?a=1

Including Installation and config

I caught a list of IP addresses on my security log but most of them were trying to access via sshd, since I don't really have the need to be using sshd, I just disabled it from runlevel 3-5.

Yes, turn off SSH if you're not using it.

Ned