You could also change the port that ssh listens on away from 22. This is set in/etc/ssh/sshd_config. On Aug 18, 2012 7:05 PM, "Martin Nix" <mar...@nixes.net> wrote:
> You might want to look at disabling root ssh login as a precaution (should > be disabled always on any exposed system), look in /etc/ssh/sshd_config > (typically) for : > > PermitRootLogin no > > Also you might want to consider using a targetted firewall approach with > something like Fail2Ban which I have found very effective > > Martin > > On 18 August 2012 18:32, Stuart Bird <e_tect...@yahoo.co.uk> wrote: > >> Hi All >> >> Could anyone cast an eye over the following log entries and tell me if >> this is just script kiddie stuff, or whether I should be more concerned? >> >> The entries are from my "auth.log" file on an Ubuntu 12.04 server (vps). >> The server hosts one web site at the moment. It's been up for about three >> months now, but these entries have only started over the last couple of >> days. >> >> Aug 18 08:05:56 localhost sshd[11478]: Address 94.242.250.53 maps to >> mail.smtpdestek.com, but this does not map back to the address - >> POSSIBLE BREAK-IN ATTEMPT! >> Aug 18 08:05:56 localhost sshd[11478]: pam_unix(sshd:auth): >> authentication failure; logname= uid=0 euid=0 tty=ssh ruser= >> rhost=94.242.250.53 user=root >> Aug 18 08:05:58 localhost sshd[11478]: Failed password for root from >> 94.242.250.53 port 47297 ssh2 >> Aug 18 08:05:58 localhost sshd[11478]: Received disconnect from >> 94.242.250.53: 11: Bye Bye [preauth] >> Aug 18 08:05:59 localhost sshd[11480]: Address 94.242.250.53 maps to >> mail.smtpdestek.com, but this does not map back to the address - >> POSSIBLE BREAK-IN ATTEMPT! >> Aug 18 08:05:59 localhost sshd[11480]: Invalid user sniff from >> 94.242.250.53 >> Aug 18 08:05:59 localhost sshd[11480]: input_userauth_request: invalid >> user sniff [preauth] >> Aug 18 08:05:59 localhost sshd[11480]: pam_unix(sshd:auth): check pass; >> user unknown >> Aug 18 08:05:59 localhost sshd[11480]: pam_unix(sshd:auth): >> authentication failure; logname= uid=0 euid=0 tty=ssh ruser= >> rhost=94.242.250.53 >> Aug 18 08:06:01 localhost sshd[11480]: Failed password for invalid user >> sniff from 94.242.250.53 port 47551 ssh2 >> Aug 18 08:06:01 localhost sshd[11480]: Received disconnect from >> 94.242.250.53: 11: Bye Bye [preauth] >> Aug 18 08:06:01 localhost sshd[11482]: Address 94.242.250.53 maps to >> mail.smtpdestek.com, but this does not map back to the address - >> POSSIBLE BREAK-IN ATTEMPT! >> Aug 18 08:06:01 localhost sshd[11482]: pam_unix(sshd:auth): >> authentication failure; logname= uid=0 euid=0 tty=ssh ruser= >> rhost=94.242.250.53 user=root >> Aug 18 08:06:03 localhost sshd[11482]: Failed password for root from >> 94.242.250.53 port 47767 ssh2 >> Aug 18 08:06:03 localhost sshd[11482]: Received disconnect from >> 94.242.250.53: 11: Bye Bye [preauth] >> Aug 18 08:06:03 localhost sshd[11484]: Address 94.242.250.53 maps to >> mail.smtpdestek.com, but this does not map back to the address - >> POSSIBLE BREAK-IN ATTEMPT! >> Aug 18 08:06:03 localhost sshd[11484]: Invalid user ranger from >> 94.242.250.53 >> Aug 18 08:06:03 localhost sshd[11484]: input_userauth_request: invalid >> user ranger [preauth] >> Aug 18 08:06:03 localhost sshd[11484]: pam_unix(sshd:auth): check pass; >> user unknown >> Aug 18 08:06:03 localhost sshd[11484]: pam_unix(sshd:auth): >> authentication failure; logname= uid=0 euid=0 tty=ssh ruser= >> rhost=94.242.250.53 >> Aug 18 08:06:05 localhost sshd[11484]: Failed password for invalid user >> ranger from 94.242.250.53 port 47988 ssh2 >> Aug 18 08:06:05 localhost sshd[11484]: Received disconnect from >> 94.242.250.53: 11: Bye Bye [preauth] >> Aug 18 08:06:05 localhost sshd[11486]: Address 94.242.250.53 maps to >> mail.smtpdestek.com, but this does not map back to the address - >> POSSIBLE BREAK-IN ATTEMPT! >> >> Any advice appreciated! >> >> Stu >> >> >> _______________________________________________ >> Peterboro mailing list >> Peterboro@mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/peterboro >> > > > _______________________________________________ > Peterboro mailing list > Peterboro@mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/peterboro >
_______________________________________________ Peterboro mailing list Peterboro@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/peterboro
