[BlueOnyx:12319] Re: Server hacked?
Dr. Blunt
cleardata at earthlink.net
Wed Feb 27 12:52:50 -05 2013
That's true I forgot to mention it.
Hopefully some of the lines will help.
At 08:48 AM 2/27/2013, you wrote:
>I see a bunch of logging, naming, and blocking. But it also shows TCP
>Port 22 (SSH) blocked completely - and a new service (SSH2) running and
>allowed on TCP Port 20200.
>
>Problem with that - you've first got to change your SSH to listen on TCP
>Port 20200. If not -- the above set of rules will only block SSH access
>to the server and you've got no way in!
>
>The change required is the "Port" entry in the /etc/ssh/sshd_config
>file. And don't forget to restart SSH after the change with "service sshd
>restart".
More information about the Blueonyx
mailing list