Suggest you run this command from a terminal whois 94.242.250.53
and see if the output gives you any clues. Cheers Ian On 18/08/12 18:32, Stuart Bird wrote:
Hi All Could anyone cast an eye over the following log entries and tell me if this is just script kiddie stuff, or whether I should be more concerned? The entries are from my "auth.log" file on an Ubuntu 12.04 server (vps). The server hosts one web site at the moment. It's been up for about three months now, but these entries have only started over the last couple of days. Aug 18 08:05:56 localhost sshd[11478]: Address 94.242.250.53 maps to mail.smtpdestek.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Aug 18 08:05:56 localhost sshd[11478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.242.250.53 user=root Aug 18 08:05:58 localhost sshd[11478]: Failed password for root from 94.242.250.53 port 47297 ssh2 Aug 18 08:05:58 localhost sshd[11478]: Received disconnect from 94.242.250.53: 11: Bye Bye [preauth] Aug 18 08:05:59 localhost sshd[11480]: Address 94.242.250.53 maps to mail.smtpdestek.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Aug 18 08:05:59 localhost sshd[11480]: Invalid user sniff from 94.242.250.53 Aug 18 08:05:59 localhost sshd[11480]: input_userauth_request: invalid user sniff [preauth] Aug 18 08:05:59 localhost sshd[11480]: pam_unix(sshd:auth): check pass; user unknown Aug 18 08:05:59 localhost sshd[11480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.242.250.53 Aug 18 08:06:01 localhost sshd[11480]: Failed password for invalid user sniff from 94.242.250.53 port 47551 ssh2 Aug 18 08:06:01 localhost sshd[11480]: Received disconnect from 94.242.250.53: 11: Bye Bye [preauth] Aug 18 08:06:01 localhost sshd[11482]: Address 94.242.250.53 maps to mail.smtpdestek.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Aug 18 08:06:01 localhost sshd[11482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.242.250.53 user=root Aug 18 08:06:03 localhost sshd[11482]: Failed password for root from 94.242.250.53 port 47767 ssh2 Aug 18 08:06:03 localhost sshd[11482]: Received disconnect from 94.242.250.53: 11: Bye Bye [preauth] Aug 18 08:06:03 localhost sshd[11484]: Address 94.242.250.53 maps to mail.smtpdestek.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Aug 18 08:06:03 localhost sshd[11484]: Invalid user ranger from 94.242.250.53 Aug 18 08:06:03 localhost sshd[11484]: input_userauth_request: invalid user ranger [preauth] Aug 18 08:06:03 localhost sshd[11484]: pam_unix(sshd:auth): check pass; user unknown Aug 18 08:06:03 localhost sshd[11484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.242.250.53 Aug 18 08:06:05 localhost sshd[11484]: Failed password for invalid user ranger from 94.242.250.53 port 47988 ssh2 Aug 18 08:06:05 localhost sshd[11484]: Received disconnect from 94.242.250.53: 11: Bye Bye [preauth] Aug 18 08:06:05 localhost sshd[11486]: Address 94.242.250.53 maps to mail.smtpdestek.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Any advice appreciated! Stu _______________________________________________ Peterboro mailing list Peterboro@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/peterboro
_______________________________________________ Peterboro mailing list Peterboro@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/peterboro
