Category Archives: Security

Internet surveillance and the privacy wars on Sunday Extra: Background Briefing

An interview with Cory Doctorow presented by Jonathan Green was broadcast on ABC Radio National on 29 November 2015. Doctorow stated that the internet is increasingly being used as a tool of surveillance by government security agencies, law enforcement and those with a profit motive. The data gathering activity that is done by the government is considered as not beneficial for citizens. Therefore, people ought to reject this program in order to protect their privacy.

Privacy is not about sharing nothing, but about knowing who is sharing what.  In the past, it was difficult to eavesdrop on other people’s conversations. However, when the telephone was introduced, it became easier to hear what other people were saying. There are many technology corporations which run their businesses by selling data, tapping technology, software, servers, and computing power to government agencies. Meanwhile, the NSA is developing surveillance techniques using drone technology. This fact indicates that in the future, the internet may be an uncomfortable place for democracy. The government intelligence agencies are shifting their activity from human intelligence to signal intelligence which targets video, phone, email and other kinds of electronic communication. It is also revealed that the NSA surveillance program monitors one of every 10,000 people. They use their technology not for targeted people but randomly. They do not necessarily need to know their targets, they just gather all the information they can for anything they need.

A simple thing that can help protect people from this surveillance activity is using cryptography. People can use many available encryption tools that help them to scramble information thoroughly. Government agencies need high technological understanding and a lot of time and space to break the encryption. As a result, people can have better protection for their privacy on the internet.

 

Reference:

Internet Surveillance And The Privacy Wars On Sunday Extra: Background Briefing 2015, podcast, 29 November, ABC Radio, viewed 27 January 2016, <https://radio.abc.net.au/programitem/pgYRGq0lY7

 

Advertisements

The Heartbleed Bug

The Heartbleed Bug adalah kerentanan serius dalam pustaka (library) perangkat lunak kriptografi yang populer, OpenSSL. Kelemahan ini memungkinkan seseorang untuk mencuri informasi yang dilindungi, dalam kondisi normal, dengan enkripsi SSL / TLS digunakan untuk mengamankan Internet. SSL / TLS memberikan keamanan dan privasi pada komunikasi melalui Internet untuk aplikasi seperti web, email, instant messaging (IM) dan beberapa virtual private network (VPN).

The Heartbleed bug memungkinkan setiap orang di Internet untuk membaca memori sistem pada versi OpenSSL yang rentan. Melalui bug ini, dimungkinkan bocornya kunci rahasia yang digunakan untuk mengidentifikasi penyedia layanan dan untuk mengenkripsi lalu lintas, nama dan password pengguna dan konten yang sebenarnya. Hal ini memungkinkan penyerang untuk menguping komunikasi, mencuri data langsung dari layanan dan pengguna dan untuk meniru atau memalsukan layanan dan pengguna.

Dalam praktiknya, apa sebenarnya yang bocor?

Beberapa penguji telah mencoba beberapa layanan mereka sendiri dari perspektif penyerang. Mereka menyerang dari luar, tanpa meninggalkan jejak. Tanpa menggunakan informasi rahasia atau kredensial mereka juga mampu mencuri kunci rahasia yang digunakan untuk sertifikat X.509, nama pengguna dan password, pesan instan, email dan dokumen bisnis serta komunikasi yang penting .

Bagaimana menghentikan kebocoran?

Selama versi rentan OpenSSL masih digunakan, maka kebocoran dapat terjadi. OpenSSL yang telah diperbaiki telah dirilis dan harus digunakan. Vendor sistem operasi, vendor alat, dan vendor software independen harus mengadopsi memperbaiki dan memberitahu pengguna mereka. Penyedia layanan dan pengguna harus menginstal perbaikan yang tersedia untuk sistem operasi, peralatan jaringan dan perangkat lunak yang mereka gunakan.

Ini merupakan sebagian terjemahan dari http://heartbleed.com
Untuk memeriksa apakah suatu layanan rentan terhadap ancaman ini, coba gunakan tools Heartbleed Test 

Reset (forgotten) SLES 11 root password

Here’s a simple way to reset your Suse Linux Enterprise Server 11.

1. Boot your server until the boot options page

2. On boot options page, select Failsafe mode and add this to the end of the boot option:

init=/bin/bash

EasyCapture6

3. After that, you will get the root shell. Just type passwd command and set your new password.

booting

Wawancara Menkominfo seputar Aksi Hacking di Indonesia

Screen shot 2013-02-05 at 8.48.09 AMPagi ini, ada  wawancara MetroTV bertajuk “Hacker, Penjahat atau Aset?” dengan narasumber Menkominfo, Bapak Tifatul Sembiring dan Gildas  (KKI) membahas kasus hukum peretasan di Indonesia. Dilatarbelakangi berita yang mencuat beberapa waktu yang lalu mengenai penangkapan Wildan Yani Ashari yang diketahui telah melakukan defacing situs Presiden SBY (presidensby.info).

Menurut Menkominfo, apa yang dilakukan oleh Wildan dikategorikan sebagai tindak pidana dan melanggar Undang-Undang ITE dengan ancaman hukuman maksimal 6 tahun. Tidak seperti yang ramai diberitakan di media yaitu 12 tahun. “Enam tahun itu maksimal, kemungkinan bisa kurang dari itu mengingat pelaku masih berusia muda” ujar beliau. Namun putusan itu tergantung hasil penyidikan Bareskrim Polri.

Dijelaskan lagi oleh Menkominfo, metode peretasan yang dilakukan oleh Wildan adalah dengan mengarahkan alamat domain situs presidensby.info ke server lain, sehingga tampilan yang diperlihatkan pun berbeda dengan aslinya. Pemerintah telah mengorganisir beberapa badan untuk menangani kasus seperti ini, seperti ID-SIRTII, ID-CERT, dll. Badan ini akan memberikan respon jika terdeteksi serangan di dunia cyber dan memberikan alert (notifikasi) kepada pemilik/pengelola sistem yang menjadi target serangan.

Gildas  menambahkan, aksi hacking yang terjadi bisa jadi karena banyaknya tutorial/panduan untuk melakukan hacking yang tidak diimbangi dengan pesan moral agar  tidak menggunakannya untuk kegiatan yang melanggar hukum. Ia mengutarakan pengetahuan yang dimiliki oleh para hacker akan bermanfaat jika digunakan dalam kegiatan yang positif dan legal seperti Penetration Testing, yaitu menguji keamanan suatu sistem atas permintaan dari pemilik atau pengelola sistem. Hal tersebut bisa menjadi suatu lapangan pekerjaan yang cukup dibutuhkan oleh beberapa perusahaan. Selain itu, pemerintah juga perlu memfasilitasi bakat tersebut agar mereka memperoleh arah yang baik dalam menyalurkan kemampuan tersebut.

Someone tried to log into my server

Someone from IP 88.191.116.104 (Evicom.Net) tried to log into my server using ssh brute force or dictionary attack technique this morning.

This ip has been blacklisted as published in http://danger.rulez.sk/projects/bruteforceblocker/blist.php

Here’s the display of my realtime log when attacker worked:

Dec 17 09:02:39 mail sshd[14018]: Invalid user web from 88.191.116.104
Dec 17 09:02:42 mail sshd[14020]: Invalid user web from 88.191.116.104
Dec 17 09:02:45 mail sshd[14025]: Invalid user web from 88.191.116.104
Dec 17 09:02:48 mail sshd[14027]: Invalid user web from 88.191.116.104
Dec 17 09:02:51 mail sshd[14034]: Invalid user web from 88.191.116.104
Dec 17 09:02:53 mail sshd[14037]: Invalid user web from 88.191.116.104
Dec 17 09:02:57 mail sshd[14039]: Invalid user web from 88.191.116.104
Dec 17 09:03:00 mail sshd[14041]: Invalid user web from 88.191.116.104
Dec 17 09:03:02 mail sshd[14043]: Invalid user web from 88.191.116.104
Dec 17 09:03:05 mail sshd[14049]: Invalid user web from 88.191.116.104
Dec 17 09:03:08 mail sshd[14051]: Invalid user web from 88.191.116.104
Dec 17 09:03:11 mail sshd[14053]: Invalid user web from 88.191.116.104
Dec 17 09:03:14 mail sshd[14059]: Invalid user web from 88.191.116.104
Dec 17 09:03:17 mail sshd[14179]: Invalid user web from 88.191.116.104
Dec 17 09:03:20 mail sshd[14254]: Invalid user web from 88.191.116.104
Dec 17 09:03:23 mail sshd[14256]: Invalid user web from 88.191.116.104
Dec 17 09:03:25 mail sshd[14258]: Invalid user web from 88.191.116.104
Dec 17 09:03:28 mail sshd[14260]: Invalid user web from 88.191.116.104
Dec 17 09:03:31 mail sshd[14262]: Invalid user web from 88.191.116.104
Dec 17 09:03:34 mail sshd[14268]: Invalid user web from 88.191.116.104
Dec 17 09:03:37 mail sshd[14270]: Invalid user web from 88.191.116.104
Dec 17 09:03:40 mail sshd[14272]: Invalid user web from 88.191.116.104
Dec 17 09:03:43 mail sshd[14274]: Invalid user web from 88.191.116.104
Dec 17 09:03:46 mail sshd[14279]: Invalid user user from 88.191.116.104
Dec 17 09:03:49 mail sshd[14282]: Invalid user user from 88.191.116.104
Dec 17 09:03:52 mail sshd[14284]: Invalid user user from 88.191.116.104
Dec 17 09:03:54 mail sshd[14291]: Invalid user user from 88.191.116.104
Dec 17 09:03:57 mail sshd[14293]: Invalid user user from 88.191.116.104
Dec 17 09:04:00 mail sshd[14296]: Invalid user user from 88.191.116.104
Dec 17 09:04:03 mail sshd[14311]: Invalid user user from 88.191.116.104
Dec 17 09:04:06 mail sshd[14435]: Invalid user user from 88.191.116.104
Dec 17 09:04:09 mail sshd[14483]: Invalid user user from 88.191.116.104
Dec 17 09:04:12 mail sshd[14626]: Invalid user user from 88.191.116.104
Dec 17 09:04:15 mail sshd[14632]: Invalid user user from 88.191.116.104
Dec 17 09:04:18 mail sshd[14644]: Invalid user user from 88.191.116.104
Dec 17 09:04:21 mail sshd[14827]: Invalid user user from 88.191.116.104
Dec 17 09:04:24 mail sshd[14829]: Invalid user user from 88.191.116.104
Dec 17 09:04:27 mail sshd[14831]: Invalid user user from 88.191.116.104
Dec 17 09:04:30 mail sshd[14833]: Invalid user user from 88.191.116.104
Dec 17 09:04:33 mail sshd[14839]: Invalid user user from 88.191.116.104
Dec 17 09:04:36 mail sshd[14841]: Invalid user user from 88.191.116.104
Dec 17 09:04:38 mail sshd[14843]: Invalid user user from 88.191.116.104
Dec 17 09:04:41 mail sshd[14845]: Invalid user user from 88.191.116.104
Dec 17 09:04:44 mail sshd[14850]: Invalid user user from 88.191.116.104
Dec 17 09:04:47 mail sshd[14852]: Invalid user user from 88.191.116.104
Dec 17 09:04:50 mail sshd[14854]: Invalid user user from 88.191.116.104
Dec 17 09:04:53 mail sshd[14856]: Invalid user amanda from 88.191.116.104
Dec 17 09:04:56 mail sshd[14858]: Invalid user amanda from 88.191.116.104
Dec 17 09:04:59 mail sshd[14865]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:02 mail sshd[14869]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:05 mail sshd[14877]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:08 mail sshd[14879]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:11 mail sshd[14881]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:14 mail sshd[14886]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:17 mail sshd[14888]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:20 mail sshd[14890]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:23 mail sshd[15085]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:26 mail sshd[15089]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:29 mail sshd[15091]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:32 mail sshd[15097]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:34 mail sshd[15103]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:37 mail sshd[15105]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:40 mail sshd[15108]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:43 mail sshd[15110]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:46 mail sshd[15115]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:49 mail sshd[15117]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:52 mail sshd[15120]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:55 mail sshd[15122]: Invalid user amanda from 88.191.116.104
Dec 17 09:05:58 mail sshd[15124]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:01 mail sshd[15126]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:04 mail sshd[15206]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:07 mail sshd[15274]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:10 mail sshd[15407]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:13 mail sshd[15466]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:16 mail sshd[15472]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:19 mail sshd[15474]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:21 mail sshd[15476]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:24 mail sshd[15672]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:27 mail sshd[15676]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:30 mail sshd[15679]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:33 mail sshd[15685]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:36 mail sshd[15687]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:39 mail sshd[15689]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:42 mail sshd[15691]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:45 mail sshd[15696]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:48 mail sshd[15698]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:52 mail sshd[15700]: Invalid user amanda from 88.191.116.104
Dec 17 09:06:55 mail sshd[15702]: Invalid user amanda1 from 88.191.116.104
Dec 17 09:06:58 mail sshd[15704]: Invalid user amanda2 from 88.191.116.104
Dec 17 09:07:01 mail sshd[15706]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:04 mail sshd[15712]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:06 mail sshd[15714]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:09 mail sshd[15723]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:12 mail sshd[15728]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:15 mail sshd[15735]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:18 mail sshd[15739]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:21 mail sshd[15741]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:24 mail sshd[15743]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:27 mail sshd[15937]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:30 mail sshd[15939]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:33 mail sshd[15945]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:36 mail sshd[15947]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:39 mail sshd[15949]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:42 mail sshd[15954]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:44 mail sshd[15959]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:47 mail sshd[15966]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:50 mail sshd[15971]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:53 mail sshd[16008]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:56 mail sshd[16010]: Invalid user cyrus from 88.191.116.104
Dec 17 09:07:59 mail sshd[16012]: Invalid user cyrus from 88.191.116.104
Dec 17 09:08:02 mail sshd[16017]: Invalid user cyrus from 88.191.116.104
Dec 17 09:08:05 mail sshd[16098]: Invalid user cyrus from 88.191.116.104
Dec 17 09:08:08 mail sshd[16158]: Invalid user eric from 88.191.116.104
Dec 17 09:08:10 mail sshd[16286]: Invalid user eric from 88.191.116.104
Dec 17 09:08:13 mail sshd[16353]: Invalid user eric from 88.191.116.104
Dec 17 09:08:16 mail sshd[16359]: Invalid user eric from 88.191.116.104
Dec 17 09:08:19 mail sshd[16362]: Invalid user eric from 88.191.116.104
Dec 17 09:08:22 mail sshd[16364]: Invalid user eric from 88.191.116.104
Dec 17 09:08:25 mail sshd[16368]: Invalid user eric from 88.191.116.104
Dec 17 09:08:28 mail sshd[16527]: Invalid user eric from 88.191.116.104
Dec 17 09:08:31 mail sshd[16563]: Invalid user eric from 88.191.116.104
Dec 17 09:08:34 mail sshd[16570]: Invalid user eric from 88.191.116.104
Dec 17 09:08:37 mail sshd[16572]: Invalid user eric from 88.191.116.104
Dec 17 09:08:40 mail sshd[16574]: Invalid user eric from 88.191.116.104
Dec 17 09:08:43 mail sshd[16576]: Invalid user eric from 88.191.116.104
Dec 17 09:08:46 mail sshd[16581]: Invalid user eric from 88.191.116.104
Dec 17 09:08:49 mail sshd[16583]: Invalid user eric from 88.191.116.104
Dec 17 09:08:51 mail sshd[16585]: Invalid user eric from 88.191.116.104
Dec 17 09:08:54 mail sshd[16587]: Invalid user eric from 88.191.116.104
Dec 17 09:08:57 mail sshd[16589]: Invalid user eric from 88.191.116.104
Dec 17 09:09:00 mail sshd[16591]: Invalid user eric from 88.191.116.104
Dec 17 09:09:03 mail sshd[16597]: Invalid user eric from 88.191.116.104
Dec 17 09:09:06 mail sshd[16599]: Invalid user eric from 88.191.116.104
Dec 17 09:09:09 mail sshd[16601]: Invalid user eric from 88.191.116.104
Dec 17 09:09:12 mail sshd[16603]: Invalid user eric from 88.191.116.104
Dec 17 09:09:15 mail sshd[16609]: Invalid user eric from 88.191.116.104
Dec 17 09:09:18 mail sshd[16612]: Invalid user eric from 88.191.116.104
Dec 17 09:09:21 mail sshd[16619]: Invalid user eric from 88.191.116.104
Dec 17 09:09:24 mail sshd[16622]: Invalid user eric from 88.191.116.104
Dec 17 09:09:27 mail sshd[16624]: Invalid user eric from 88.191.116.104
Dec 17 09:09:30 mail sshd[16744]: Invalid user eric from 88.191.116.104
Dec 17 09:09:32 mail sshd[16823]: Invalid user eric from 88.191.116.104
Dec 17 09:09:35 mail sshd[16826]: Invalid user eric from 88.191.116.104
Dec 17 09:09:38 mail sshd[16828]: Invalid user eric from 88.191.116.104
Dec 17 09:09:41 mail sshd[16830]: Invalid user eric from 88.191.116.104
Dec 17 09:09:44 mail sshd[16835]: Invalid user eric from 88.191.116.104
Dec 17 09:09:47 mail sshd[16837]: Invalid user eric1 from 88.191.116.104
Dec 17 09:09:50 mail sshd[16839]: Invalid user eric2 from 88.191.116.104
Dec 17 09:09:53 mail sshd[16841]: Invalid user patrick from 88.191.116.104
Dec 17 09:09:56 mail sshd[16844]: Invalid user patrick from 88.191.116.104
Dec 17 09:09:59 mail sshd[16846]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:02 mail sshd[16848]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:05 mail sshd[16943]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:08 mail sshd[17109]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:11 mail sshd[17119]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:14 mail sshd[17125]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:17 mail sshd[17318]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:20 mail sshd[17320]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:23 mail sshd[17322]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:26 mail sshd[17329]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:29 mail sshd[17332]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:31 mail sshd[17438]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:34 mail sshd[17534]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:37 mail sshd[17536]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:40 mail sshd[17538]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:43 mail sshd[17540]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:46 mail sshd[17545]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:49 mail sshd[17547]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:52 mail sshd[17549]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:55 mail sshd[17551]: Invalid user patrick from 88.191.116.104
Dec 17 09:10:58 mail sshd[17553]: Invalid user patrick from 88.191.116.104
Dec 17 09:11:01 mail sshd[17555]: Invalid user patrick from 88.191.116.104
Dec 17 09:11:04 mail sshd[17562]: Invalid user patrick from 88.191.116.104
Dec 17 09:11:06 mail sshd[17564]: Invalid user patrick from 88.191.116.104
Dec 17 09:11:09 mail sshd[17566]: Invalid user patrick from 88.191.116.104
Dec 17 09:11:12 mail sshd[17568]: Invalid user patrick from 88.191.116.104
Dec 17 09:11:15 mail sshd[17574]: Invalid user patrick from 88.191.116.104
Dec 17 09:11:18 mail sshd[17576]: Invalid user patrick from 88.191.116.104
Dec 17 09:11:21 mail sshd[17578]: Invalid user patrick from 88.191.116.104
Dec 17 09:11:24 mail sshd[17580]: Invalid user patrick from 88.191.116.104
Dec 17 09:11:27 mail sshd[17582]: Invalid user patrick1 from 88.191.116.104
Dec 17 09:11:30 mail sshd[17589]: Invalid user patrick2 from 88.191.116.104
Dec 17 09:11:33 mail sshd[17595]: Invalid user sarah from 88.191.116.104
Dec 17 09:11:36 mail sshd[17789]: Invalid user sarah from 88.191.116.104
Dec 17 09:11:38 mail sshd[17791]: Invalid user sarah from 88.191.116.104
Dec 17 09:11:41 mail sshd[17794]: Invalid user sarah from 88.191.116.104
Dec 17 09:11:44 mail sshd[17800]: Invalid user sarah from 88.191.116.104
Dec 17 09:11:47 mail sshd[17802]: Invalid user sarah from 88.191.116.104
Dec 17 09:11:50 mail sshd[17804]: Invalid user sarah from 88.191.116.104
Dec 17 09:11:53 mail sshd[17806]: Invalid user sarah from 88.191.116.104
Dec 17 09:11:56 mail sshd[17808]: Invalid user sarah from 88.191.116.104
Dec 17 09:11:59 mail sshd[17810]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:02 mail sshd[17812]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:05 mail sshd[17890]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:08 mail sshd[17959]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:11 mail sshd[18122]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:14 mail sshd[18155]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:16 mail sshd[18161]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:19 mail sshd[18163]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:22 mail sshd[18165]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:25 mail sshd[18167]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:28 mail sshd[18171]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:31 mail sshd[18174]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:34 mail sshd[18185]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:37 mail sshd[18375]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:40 mail sshd[18383]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:43 mail sshd[18385]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:46 mail sshd[18390]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:49 mail sshd[18392]: Invalid user sarah from 88.191.116.104
Dec 17 09:12:52 mail sshd[18394]: Invalid user sarah from 88.191.116.104

When I realized that someone was doing something nasty, I changed some /etc/sshd_config security parameters and restarted the sshd service and made the attacker went to /dev/null

Here are some suggestions for sshd config:

  1. Change the default sshd port (22) to something else (>1024)
  2. Disable root login
  3. Limit login attempts
  4. Block the source IP that violate this rule (you can use Fail2Ban)
  5. Use complex password (combination of alphs, number, and special chars, more than 8 chars, not available in english dictionary)

I hope this kind of attack doesn’t happen anymore 🙂

%d bloggers like this: