Forums | MacLife

I have a server running from my desktop on 10.5.6. I have firewall turned on for blocking everything except for the applications that I authenticate and standard ports for SSH, FTP, File Sharing and Web Sharing. I run geektool which I have showing firewall log, ssh log, windowssharing log. This morning I woke up to messages everywhere saying "failed password attempt for invalid user root from 66.167.***.*** port 40581 ssh2" First off going for an unusual port and going for root access. I do not have root access enabled. My question is without it enabled it will just say invalid user the entire time correct? I should not enable it and create an extremely weird password for it since without that account either way they wouldn't be able to connect? Now if they had the admin account and got in that way they would be able to create a root user or at least use su root knowing the admin password. I already have a long complicated password for my admin account, have guest access turned off and no other accounts on the server. Is there anything else that I could be doing to deter someone trying to get in?

Update:

I did a little snooping and found that the IP originated from the San Jose, CA area. And looking through my logs more they had been attempting most of the night on different port numbers but always SSH protocol.

Last edited by Fatum (2009-02-28 7:49 am)