Shalom,
I assume your system is exposed in some way to the Internet.
Checklist:
1) If possible use a firewall to limit from where login. If you can limit the networks permitted to log in, you can drastically reduce the scope of this problem.
2) Consider using tcp wrappers (free from
http://software.hp.com) to limit logins more smoothly.
3) If these are ssh login attempts, change the root login in sshd_config to only key based logins. This will make root access attempts useless because to login as root you will need to first place a public key on the system. Creates a good chicken or egg situation for you.
4) Use Bastille (
http://software.hp.com) to harden your system and stop running services that are not needed.
5) Stop using telnet and ftp, use ssh and sftp. The latter two encrypt the data stream and authentication, which makes it less likely that you will be hacked.
6) Stop using r protocols in inetd.conf. Transfer rate will drop due to the data stream being encrypted, as will authentication speed.
7) Tighten file permissions in general. World writeable is bad.
8) Tighten umask for users. Make files less vulnerable.
9) Make sure you run security_patch_check (Bastille) and install all needed security patches.
10) I did create a daemon that shuts down ip addresses that have too many bad logins but it created a very long firewall block list. I can try and dig it up if you want.
This list is not complete but is a good start.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
