Hi,
After playing with my router in an attempt to open my server up to the outside world, I gave up after failing to ever get an SSH connection via my external IP address. Assuming it was a no go, and the ISP wasn't allowing it, I just left everything "open" as it wasn't working anyway.
Recently, I was reading the root emails because I've never done that and thought why not, and was surprised to find common username login attempts from here, there and everywhere. I guess everyone can see my machine but me!
I wasn't really concerned, because the first thing I did before trying this was to configure key-only access via sshd. I must have forgotten to do that, as I just keyed in through a VM.
I'm going to reinstall everything anyway just in case, but before I do, is there a way I can verify that anything has been messed with? There's nothing in the logs to say anybody got in, but then again, they could have modified the logs. I did notice that a user writable flag was added to /usr/local/bin/sudo, but I'm not sure if that's relevant (I read it in the mail, there were other things but just as meaningless to me).
I've always been curious about this sort of thing, and I guess now I've got a chance to take a look. My data still appears to be there, so there were no malicious wipes or anything. Nothing here is critical stuff, so I'm not really concerned that anybody (might have) got in. What would be useful now though is confirmation. I picked a pretty solid password, but I'm not naive enough to think that was enough.
Any tips, tutorials, jokes are welcome
After playing with my router in an attempt to open my server up to the outside world, I gave up after failing to ever get an SSH connection via my external IP address. Assuming it was a no go, and the ISP wasn't allowing it, I just left everything "open" as it wasn't working anyway.
Recently, I was reading the root emails because I've never done that and thought why not, and was surprised to find common username login attempts from here, there and everywhere. I guess everyone can see my machine but me!
I wasn't really concerned, because the first thing I did before trying this was to configure key-only access via sshd. I must have forgotten to do that, as I just keyed in through a VM.
I'm going to reinstall everything anyway just in case, but before I do, is there a way I can verify that anything has been messed with? There's nothing in the logs to say anybody got in, but then again, they could have modified the logs. I did notice that a user writable flag was added to /usr/local/bin/sudo, but I'm not sure if that's relevant (I read it in the mail, there were other things but just as meaningless to me).
I've always been curious about this sort of thing, and I guess now I've got a chance to take a look. My data still appears to be there, so there were no malicious wipes or anything. Nothing here is critical stuff, so I'm not really concerned that anybody (might have) got in. What would be useful now though is confirmation. I picked a pretty solid password, but I'm not naive enough to think that was enough.
Any tips, tutorials, jokes are welcome