Did you type php --version
or /Applications/XAMPP/xamppfiles/bin/php --version
? And to which php.ini did you add that line? To /etc/php.ini
or to /Applications/XAMPP/xamppfiles/etc/php.ini
?
The first path always references OS-X default PHP (which is PHP5.4), the later references XAMPPs PHP (which is PHP5.5 and has a different API then PHP5.4).
So I assume that you compiled the module for PHP5.5 (XAMPP) and have added it to PHP5.4 (OS-X). That can't work at all! You'l have to add the mongo so-Path to the end of the correct php.ini-file which in your case is the one for XAMPP which (if I recall corerctly) is located at /Applications/XAMPP/xamppfiles/lib/php.ini
Does this mean that someone is trying to brute force the root password
on this machine over SSH? Or is it something less nefarious?
It could be attempts to brute force in via SSH, but even if it was “nefarious” I would not lose any sleep over it. Most any server that is publicly accessible on the Internet gets probed by attackers all the time. Someone virtually “casing the joint” is nothing to lose sleep over; actual penetration of the system is.
Heck, I just checked the auth.log
on a public server I manage and count over 2000+ “authentication failure” attempts over the past 24 hours when I run this command:
sudo grep "authentication failure;" /var/log/auth.log | wc -l
Sounds scary but honestly, who cares? A quick visual check of the log entries in auth.log
using a slightly modified version of the above command:
sudo grep "authentication failure;" /var/log/auth.log
…shows me stuff like this:
Mar 15 07:02:09 hostname sshd[2213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.35 user=root
Mar 15 07:02:19 hostname sshd[2236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.35 user=root
Mar 15 07:02:31 hostname sshd[2355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.35 user=root
Note how all of the attempted access attempts are on the root
account? On any system I setup, root
get’s neutered right away. So these attempts are past fruitless in my case. So if you check your auth.log
and see tons of attempts to ssh
into the system via the root
account, make sure your system’s root
account is completely disabled to knock that concern off of the list.
Past the root
account attempts, if you see accesses of seemingly random usernames to your system that too is another attempt to hack into the system. And unless those usernames equate to some username on your system, I would not worry about them at all either.
Now some sysadmins would say the best solution to this issue is to simple disable password authentication completely from SSH and only use SSH key pairs, but I tend to think that is overkill. Not saying SSH key pairs are weak—they aren’t—but if a system’s access methods are setup sanely and securely from day one, and the passwords are robust enough to not easily be hacked, then the system is quite secure. That’s because the biggest vulnerability on modern web servers is the front-facing web application actually running on the server itself and not things like SSH.
At the end of the day I would not worry about these kinds of random “war dialing” attempts, but rather be preemptively rational in making sure the server itself has the root
user account disabled. If you still operate a public server in 2015 with the root
account enabled, you’re basically asking for headaches in the long run.
Best Answer
brew info hydra
shows:To allow ssh support, install using command:
It is always a good idea to use
brew info
before runningbrew install