Friday, January 22, 2010

DO NOT allow root to login remotely

Most of hackers or bots try to login your system using root account.

Here are my login log for today.



Jan 22 07:33:12 SS sshd[27679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:14 SS sshd[27679]: Failed password for root from 125.100.27.36 port 33058 ssh2
Jan 22 07:33:16 SS sshd[27681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:17 SS sshd[27681]: Failed password for root from 125.100.27.36 port 33251 ssh2
Jan 22 07:33:19 SS sshd[27683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:21 SS sshd[27683]: Failed password for root from 125.100.27.36 port 33652 ssh2
Jan 22 07:33:22 SS sshd[27685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:24 SS sshd[27685]: Failed password for root from 125.100.27.36 port 34040 ssh2
Jan 22 07:33:25 SS sshd[27687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:28 SS sshd[27687]: Failed password for root from 125.100.27.36 port 34421 ssh2
Jan 22 07:33:29 SS sshd[27689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:31 SS sshd[27689]: Failed password for root from 125.100.27.36 port 34794 ssh2
Jan 22 07:33:33 SS sshd[27691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:35 SS sshd[27691]: Failed password for root from 125.100.27.36 port 35120 ssh2
Jan 22 07:33:36 SS sshd[27693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:38 SS sshd[27693]: Failed password for root from 125.100.27.36 port 35430 ssh2
Jan 22 07:33:40 SS sshd[27695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:42 SS sshd[27695]: Failed password for root from 125.100.27.36 port 35781 ssh2
Jan 22 07:33:43 SS sshd[27697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:46 SS sshd[27697]: Failed password for root from 125.100.27.36 port 36107 ssh2
Jan 22 07:33:47 SS sshd[27699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:49 SS sshd[27699]: Failed password for root from 125.100.27.36 port 36419 ssh2
Jan 22 07:33:50 SS sshd[27701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:52 SS sshd[27701]: Failed password for root from 125.100.27.36 port 36732 ssh2
Jan 22 07:33:54 SS sshd[27703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:56 SS sshd[27703]: Failed password for root from 125.100.27.36 port 37035 ssh2

So, for security reason, disable root remote login and choose a strong user name and password.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)