[NBLUG/talk] I'm getting ssh scanned! Should I be worried?
Dave Sisley
dsisley at arczip.com
Mon Oct 4 16:41:56 PDT 2004
On Mon, Oct 04, 2004 at 01:25:32PM -0700, troy wrote:
>
> I have a php script whose name is hopefully tough to guess sitting on my
> webserver. Its purpose is to write out a file with the ip address of
> the person who hits that page. Then, in /etc/hosts.allow I have:
>
> sshd: 192.168.9. #and so on, for ip's that I trust.
> sshd: /path/to/ip.txt
>
> BTW, I think you've done the right things:
>
> 1) you watch your logs
> 2) you're using strong(er) passwords
> 3) allowing only your user
Thanks to you & Ron for the reassuring words!
>
>
> Oh, and just in case it wasn't clear, ioerror isn't really a "bad
> guy" ;-)
hmmmm...
>
> -troy
>
> The php script is exceedingly simple, so here it is...
>
> <?php
>
> function get_ip()
> {
> return getenv("REMOTE_ADDR");
> }
>
> ?>
>
> <?php
> $out='/path/to/ip.txt';
> $log='/path/to/iplog.txt';
>
> print "Was:";
> readfile($out);
> print "<br>";
> $ip=get_ip();
> $fp=fopen($out,"w");
> fputs($fp,$ip);
> fclose($fp);
>
> $lfp=fopen($log,"a");
> fputs($lfp,$ip);
> fputs($lfp,"\n");
> fclose($lfp);
>
> print "Wrote: ";
> readfile($out);
> ?>
I too am exceedingly simple, so let me make sure I understand your script:
Basically, if you call up this 'sort of secret' php page with a
browser on some remote machine, it will log the ip address of that
machine in a file on your home computer. Then you can log into the
home box via ssh because it will now see that new ip address in your
home computer's hosts.allow file, by way of ip.txt.
If I get it, that's pretty clever. I don't know php, but it seems
easy enough. What are the chances of the page being hit by a
spider-bot of some sort? I guess an intruder would still need a
proper user/password pair to get in.
-dave.
--
Dave Sisley
dsisley at arczip.com
roth-sisley.net
More information about the talk
mailing list