This is so common these days I heard years ago people filtering out such messages.
Just check your machine carefully - I once had a break-in that was caused from a stupid chain of mistakes: i switched sshd to listen on its default port (22) for some time (instead of some arbitrary port as it was used to be) + router forwarded 22 connections to the linux machine (as needed for SSH to work) + yes, there was a little issue of a test user I once created, named "test" with password "test"... . Violla! a robot sounded the "bingo!" alarm somewhere... . I had to reinstall my machine (which wasn't that bad, but still...). Lesson? carefully check your machine's "entry points" and as much as you can - try not to assume things to be in certain status before checking that (like, "I don't have stupid test users on machines" - check your configured users) as that can fail you. In other words - don't presume anything. Check it, to evaluate your status. Boaz. On Sun, 3 Jan 2010 16:34:29 +0200, Gabor Szabo <szab...@gmail.com> wrote: > I just noticed someone bombarding my machine trying to login via ssh. >>From auth.log > > Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user > amavisd from 202.138.142.216 port 35172 ssh2 > Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user > clamav from 202.138.142.216 port 39941 ssh2 > Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216 > Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user > unknown > Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 > Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216 > Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user > unknown > Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 > Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user > clamav from 202.138.142.216 port 35699 ssh2 > Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user > appserver from 202.138.142.216 port 40470 ssh2 > > > So what is your suggestion. What to do with it? > > Gabor > > _______________________________________________ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
