Sign in with
Sign up | Sign in
Your question

Why are so many people trying to hack my computer?

Tags:
  • Computers
  • Networking
Last response: in Networking
Share
February 5, 2011 5:31:55 PM

I've set up my home computer as an SSH server (using 4NT as a shell) so that I can leave it on and log into it from from other locations such as my friend's house etc.

Recently I checked the log because I wanted to figure out from which computer I have logged in to my home computer. As I went through the event logs I was shocked to find out that hundreds if not thousands of different computers have tried to log into my computer without authorization. They tried user names such as a, aaa, root, test, oracle, ... the list is replete with failed log-in attempts.

I did some IP lookup on some of the addresses and I got hits on countries such as Russia, China, Colombia, Kazachstan, Zambia, UK, Australia, USA, Italy, ...

Could someone explain to me why so many people attempting to hack into my computer? What's going on? Dont' they have better things to do? It's not like I have announced my IP address to the whole world even though it seems that way.

More about : people hack computer

February 6, 2011 9:49:47 AM

SSH is a program that allows for a secure and encrypted connection between two computers using the SSL/TLS protocol. Through SSH I can either access a command based shell, initiate an sFTP session or open a VPN connection. It is very good for transferring files or quick administration.

For Windows I can think of two SSH Server/Daemons that are available; OpenSSH or Bitvise WinSSHd. The default log-in shell for windows is command.com or cmd which is rather primitive so I switched to using 4NT from JPSoft which is a more powerful replacement for command.com that is more like Bash or Tcsh in terms of features. I use WinXP x64 which is a derivative of Windows 2003 Server x64.

By default the SSH daemon listens at port 22 which I have set it at. Port 22 is a standard port for SSH and everybody knows it. I find it difficult to see how someone outside can see specifically what operating system I'm using through this port without logging in. So I don't understand how this particular port paints a "red bulls eye" on my computer.

I tried site digger and it seems like a great testing program, thanks for that. It looks like a tool that you use to scan a server or a computer on a network for ports, identify the services attached to them (such as SSH, VNC, RDP etc.) and spot the vulnerabilities that come with these services. I don't know of any particular vulnerabilities about SSH. As long as the log-in credentials are strong enough I don't think I need to worry about getting hacked.

I'm not sure if I understand this program correctly but it seems like the internet is full of people with similar tools that systematically scan computers like mine for vulnerabilities and try to exploit them. The question is why.

This whole thing is kind of bizarre; imagine how it would be like if like 10-50 people come to your house every day trying to get inside, climbing all over you house checking your windows and the door fiddling with it trying different sets of keys...

It would be interesting to attach a fake SSH server to port 22 that accepts everything and pretends to be a log-in shell just to see what these people would do if they get inside.
February 6, 2011 11:17:05 PM

g00ey said:
I've set up my home computer as an SSH server (using 4NT as a shell) so that I can leave it on and log into it from from other locations such as my friend's house etc.

Recently I checked the log because I wanted to figure out from which computer I have logged in to my home computer. As I went through the event logs I was shocked to find out that hundreds if not thousands of different computers have tried to log into my computer without authorization. They tried user names such as a, aaa, root, test, oracle, ... the list is replete with failed log-in attempts.

I did some IP lookup on some of the addresses and I got hits on countries such as Russia, China, Colombia, Kazachstan, Zambia, UK, Australia, USA, Italy, ...

Could someone explain to me why so many people attempting to hack into my computer? What's going on? Dont' they have better things to do? It's not like I have announced my IP address to the whole world even though it seems that way.


It is standard practice for "hackers" to scan IP ranges for people who has services with weak passwords.

Someone in Russia/China/etc has an app that runs 24/7/365 that does nothing other than probing computers to try to gain access. You opened up port 22 for SSH and their automated program see the opened port and attempts to connect with known popular passwords.

If you don't want these attempts, pick a port above 1024 to host SSH. The higher, the better. Most apps only scan the first 1024 ports because these are the ports for most common services.
Related resources
!