[Dxspider-support] Internet attacks via ssh

[Mike McCarthy, W1NR]

Over the past few weeks, my server has seen numerous attempts at logins
via ssh.  There are several vulnerabilities in older versions of openssl
that could cause a server to crash or hang or even allow a hacker to
gain access to the system.  I have been using ssh with passwords
disabled only allowing public key authentication for some time to allow
me to manage the system remotely.  Because of these attempts, I have
blocked ssh at my firewall for now.

My current server is running Red Hat 7.3, which many of you know is no
longer supported by Red Hat.  The last patch level of OpenSSL for 7.3 is
one of the vulnerable versions.  My new server will be running SuSE 9.1,
but it is still under test and not fully configured for WEB and mail.
Looks like I will accelerate my efforts to get my new box on line ASAP.

If you have ssh enabled on your cluster node, I urge you to update the
OpenSSL package or upgrade to a supported and auto patchable version of
Linux.  Be sure to turn off password authentication and use public key
authentication.  PuTTY does a great job handling remote logins via ssh
using public key authentication.

Please don't ask me to help you configure your server for ssh.  There
are plenty of how-to's and books on the subject.  If you don't use ssh,
be sure the daemon is shut off or block port 22 at your firewall.

73 de Mike, W1NR
sysop for telnet:dxc.w1nr.net