HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Installation/Configuration (
-   -   SSH Attack from Fedora Core 2 (

agurung 22nd August 2006 09:56

SSH Attack from Fedora Core 2

We have another problem again. One of my friend has a fedora core 2 box setup. He mainly use for compilling programs e.g. Java, C and some time used for as a test web server.

Now all of sudden this server is trying to make hug numbers of ssh connection to different server. now we blocked ssh connection on firewall so that this server is not creating problem for other server. some time it also kills whole firewall...

i must admit we are not so use to linux predominately from windows background.. we spend some time and couldn't figure out how to fix it. we are also thinking to reinstall all together..

we will really appreciate if anyone could give a hint where things could have gone wrong.

falko 23rd August 2006 15:56

First, you should check your system for trojans and rootkits with rkhunter and chkrootkit:

agurung 24th August 2006 01:54


We did checked with those tools and didn't find any major issues. Now we have shut down ssh server and we do not see any ssh request going out from this server any more.

We haven't tried turning ssh server on and thinking to replace the server all together only problem now is all those setup which took some time to build.

If there is better idea we will really appreciate.

Thank you

falko 25th August 2006 06:23

Are there maybe some cron jobs that try to connect to other servers using SSH, or did you grant shell access to your users? Maybe one of them is trying to connect to other servers...

All times are GMT +2. The time now is 01:34.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.