David Purton wrote:
Hi all, just looking for some advice.
I just noticed a stack of failed attempts to ssh into my box as root
over the last half an hour or so. I've now blocked the offending ip
address, so hopefully they'll go away. Is there anything else I
can/should do? Is it worth complaining to the owner of the subnet?
Can't hurt. I would. Cops too.
I don't allow root to log in directly over ssh anyway, so what would a
person gain from trying to do this?
Your box.
[EMAIL PROTECTED]:~$ whois 156.63.113.108
cheers
dc
Here's the the bits of /var/log/auth.log
Jul 26 09:40:20 vetinari PAM_unix[28059]: authentication failure; (uid=0) -> root for ssh service
Jul 26 09:40:22 vetinari sshd[28059]: Failed password for root from 156.63.113.108 port 54515 ssh2
State of Ohio Network STATE-OHIO (NET-156-63-0-0-1)
156.63.0.0 - 156.63.255.255
Lakeshore Northeast Ohio Computer Association OH-156-63-113-0-24 (NET-156-63-113-0-1)
156.63.113.0 - 156.63.113.255
# ARIN WHOIS database, last updated 2004-07-24 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database.
In the words of Arlo Guthrie Kill! Kill! KILL! KILL! _KILL!_ etc.
Jul 26 09:40:25 vetinari PAM_unix[28061]: authentication failure; (uid=0) -> root for ssh service Jul 26 09:40:28 vetinari sshd[28061]: Failed password for root from 156.63.113.108 port 54638 ssh2 Jul 26 09:40:31 vetinari PAM_unix[28063]: authentication failure; (uid=0) -> root for ssh service Jul 26 09:40:33 vetinari sshd[28063]: Failed password for root from 156.63.113.108 port 54883 ssh2 Jul 26 09:50:08 vetinari PAM_unix[28102]: authentication failure; (uid=0) -> root for ssh service Jul 26 09:50:10 vetinari sshd[28102]: Failed password for root from 156.63.113.108 port 47511 ssh2 Jul 26 09:50:13 vetinari PAM_unix[28104]: authentication failure; (uid=0) -> root for ssh service Jul 26 09:50:16 vetinari sshd[28104]: Failed password for root from 156.63.113.108 port 47623 ssh2 Jul 26 09:50:19 vetinari PAM_unix[28106]: authentication failure; (uid=0) -> root for ssh service Jul 26 09:50:22 vetinari sshd[28106]: Failed password for root from 156.63.113.108 port 47838 ssh2 Jul 26 09:56:26 vetinari PAM_unix[28140]: authentication failure; (uid=0) -> root for ssh service Jul 26 09:56:28 vetinari sshd[28140]: Failed password for root from 156.63.113.108 port 57815 ssh2 Jul 26 09:56:32 vetinari PAM_unix[28142]: authentication failure; (uid=0) -> root for ssh service Jul 26 09:56:34 vetinari sshd[28142]: Failed password for root from 156.63.113.108 port 58004 ssh2 Jul 26 09:56:38 vetinari PAM_unix[28150]: authentication failure; (uid=0) -> root for ssh service Jul 26 09:56:40 vetinari sshd[28150]: Failed password for root from 156.63.113.108 port 58186 ssh2 Jul 26 10:01:58 vetinari PAM_unix[28197]: authentication failure; (uid=0) -> root for ssh service Jul 26 10:02:01 vetinari sshd[28197]: Failed password for root from 156.63.113.108 port 38701 ssh2 Jul 26 10:07:10 vetinari PAM_unix[28624]: authentication failure; (uid=0) -> root for ssh service Jul 26 10:07:12 vetinari sshd[28624]: Failed password for root from 156.63.113.108 port 47086 ssh2 Jul 26 10:07:15 vetinari PAM_unix[28626]: authentication failure; (uid=0) -> root for ssh service Jul 26 10:07:17 vetinari sshd[28626]: Failed password for root from 156.63.113.108 port 47194 ssh2 Jul 26 10:07:21 vetinari PAM_unix[28628]: authentication failure; (uid=0) -> root for ssh service Jul 26 10:07:23 vetinari sshd[28628]: Failed password for root from 156.63.113.108 port 47397 ssh2
--
Cheers John
-- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
