From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 2C05C138A2D for ; Thu, 14 Feb 2013 16:51:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 027CD21C009; Thu, 14 Feb 2013 16:51:35 +0000 (UTC) Received: from smtpq2.tb.mail.iss.as9143.net (smtpq2.tb.mail.iss.as9143.net [212.54.42.165]) by pigeon.gentoo.org (Postfix) with ESMTP id 69A64E058F for ; Thu, 14 Feb 2013 16:51:33 +0000 (UTC) Received: from [212.54.42.134] (helo=smtp3.tb.mail.iss.as9143.net) by smtpq2.tb.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from ) id 1U621x-0004eJ-Uo for gentoo-user@lists.gentoo.org; Thu, 14 Feb 2013 17:51:29 +0100 Received: from 54192f23.cm-5-2a.dynamic.ziggo.nl ([84.25.47.35] helo=klos.dyndns-at-home.com) by smtp3.tb.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from ) id 1U621x-0005xN-GU for gentoo-user@lists.gentoo.org; Thu, 14 Feb 2013 17:51:29 +0100 Received: from localhost (localhost.localdomain [127.0.0.1]) by klos.dyndns-at-home.com (Postfix) with ESMTP id 547DE7342D for ; Thu, 14 Feb 2013 17:51:24 +0100 (CET) X-Virus-Scanned: by amavisd-new at klos.home Received: from klos.dyndns-at-home.com ([127.0.0.1]) by localhost (klos.dyndns-at-home.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkfsQcQdaHmW for ; Thu, 14 Feb 2013 17:51:13 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by klos.dyndns-at-home.com (Postfix) with ESMTP id 870D97343F for ; Thu, 14 Feb 2013 17:51:13 +0100 (CET) Received: from apollo.localnet (apollo.thuis.klos2day.nl [192.168.10.49]) (Authenticated sender: paul) by klos.dyndns-at-home.com (Postfix) with ESMTPSA id 404357342D for ; Thu, 14 Feb 2013 17:51:07 +0100 (CET) From: Paul Klos To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] pam_get_uid: no such user Date: Thu, 14 Feb 2013 17:51:05 +0100 Message-ID: <2982193.qFHaFKoIpo@apollo> User-Agent: KMail/4.9.5 (Linux/3.6.11-gentoo; KDE/4.9.5; x86_64; ; ) In-Reply-To: References: <511BE981.6030803@gmail.com> <511C644F.2060407@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-Ziggo-spambar: ---- X-Ziggo-spamscore: -4.9 X-Ziggo-spamreport: ALL_TRUSTED=-1,BAYES_00=-1.9,PROLO_TRUST_RDNS=-3,RDNS_DYNAMIC=0.982,RP_MATCHES_RCVD=-0.001 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-Archives-Salt: ed015b87-00e5-43d0-bfd9-e5f6775622e1 X-Archives-Hash: 4c8ecf8769c31c23035664256ffe42c7 Op donderdag 14 februari 2013 04:56:53 schreef Stroller: >=20 > On 14 February 2013, at 04:13, Daniel Frey wrote: > > ... > > I've poked into this a bit more, and every 60 seconds 5 attempts at= > > logon are being made=E2=80=A6 This weekend I'll reformat & reinstal= l. >=20 > Excuse me if this is a dumb question, but does this machine have any = ports open to the internet? >=20 > This thread reminds me of how we sometimes hear of logfiles full of m= any ssh attempts made by script kiddies and botnets. >=20 > Stroller. >=20 >=20 Same here, I've seen multitudes of messages like this, with different u= ser names, in log files on servers with open ports 22. As long as you d= on't allow interactive logins you shoud be fine, right? I think there might also be some advanced iptables hacking that might h= elp you block too many requests from the same source IP. This is still = on my list of stuff to look at 'some time'. One thing I have used with apparent succes is access a different port o= n the outside, and redirect that to 22 on the inside. It's security thr= ough obscurity, I know, but it seemed quite effective nonetheless. Cheers, Paul