Hi there, I found these in my event log from yesterday:
>>> Mar 23 09:33:16 www sshd[10998]: input_userauth_request: illegal user www Mar 23 09:33:18 www sshd[10998]: Failed none for illegal user www from 213.26.96.103 port 2276 ssh2 Mar 23 09:33:18 www sshd[10998]: Failed keyboard-interactive for illegal user www from 213.26.96.103 port 2276 ssh2 Mar 23 09:33:18 www sshd[10998]: Failed password for illegal user www from 213.26.96.103 port 2276 ssh2 Mar 23 09:33:19 www sshd[10997]: input_userauth_request: illegal user oracle Mar 23 09:33:19 www sshd[10997]: Failed none for illegal user oracle from 213.26.96.103 port 2275 ssh2 Mar 23 09:33:19 www sshd[10997]: Failed keyboard-interactive for illegal user oracle from 213.26.96.103 port 2275 ssh2 Mar 23 09:33:19 www sshd[10997]: Failed password for illegal user oracle from 213.26.96.103 port 2275 ssh2 Mar 23 09:33:19 www sshd[10999]: input_userauth_request: illegal user test Mar 23 09:33:19 www sshd[10999]: Failed none for illegal user test from 213.26.96.103 port 2277 ssh2 Mar 23 09:33:19 www sshd[10999]: Failed keyboard-interactive for illegal user test from 213.26.96.103 port 2277 ssh2 Mar 23 09:33:20 www sshd[10999]: Failed password for illegal user test from 213.26.96.103 port 2277 ssh2 <<< It seems that from the timestamp that it's most likely a script kiddy; The time duration beween failed password attempts seems really short. I'm just wonder if anyone's seen a script that does this and is available widely, or is it a good chance that I've got someone trying to break in? None of my other services seem to have been probed, just ssh. Thanks, Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
