Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
FyberOptic
 Post subject: A bit of a worry
PostPosted: Mon Jun 20, 2005 12:15 pm 
Offline
Junior Member

Joined: Thu Jun 16, 2005 12:28 pm
Posts: 33
So I get up this morning, and find this emailed to me from logcheck:

Code:
Security Events
=-=-=-=-=-=-=-=
Jun 20 05:58:11 li12-173 sshd[15537]: Failed password for root from ::ffff:134.96.33.228 port 60696 ssh2
Jun 20 05:58:12 li12-173 sshd[15539]: Illegal user admin from ::ffff:134.96.33.228
Jun 20 05:58:12 li12-173 sshd[15539]: Failed password for illegal user admin from ::ffff:134.96.33.228 port 60755 ssh2
Jun 20 05:58:13 li12-173 sshd[15541]: Failed password for illegal user test from ::ffff:134.96.33.228 port 60811 ssh2
Jun 20 05:58:15 li12-173 sshd[15543]: Failed password for illegal user guest from ::ffff:134.96.33.228 port 60867 ssh2
Jun 20 05:58:16 li12-173 sshd[15545]: Failed password for illegal user webmaster from ::ffff:134.96.33.228 port 60933 ssh2
Jun 20 05:58:17 li12-173 sshd[15547]: Failed password for mysql from ::ffff:134.96.33.228 port 60992 ssh2
Jun 20 05:58:18 li12-173 sshd[15549]: Failed password for illegal user oracle from ::ffff:134.96.33.228 port 32816 ssh2
Jun 20 05:58:19 li12-173 sshd[15551]: Failed password for illegal user library from ::ffff:134.96.33.228 port 32884 ssh2
Jun 20 05:58:20 li12-173 sshd[15553]: Failed password for illegal user info from ::ffff:134.96.33.228 port 32941 ssh2
Jun 20 05:58:22 li12-173 sshd[15555]: Failed password for illegal user shell from ::ffff:134.96.33.228 port 32997 ssh2
Jun 20 05:58:23 li12-173 sshd[15557]: Failed password for illegal user linux from ::ffff:134.96.33.228 port 33062 ssh2
Jun 20 05:58:24 li12-173 sshd[15559]: Failed password for illegal user unix from ::ffff:134.96.33.228 port 33123 ssh2
Jun 20 05:58:25 li12-173 sshd[15561]: Illegal user webadmin from ::ffff:134.96.33.228
Jun 20 05:58:25 li12-173 sshd[15561]: Failed password for illegal user webadmin from ::ffff:134.96.33.228 port 33181 ssh2
Jun 20 05:58:26 li12-173 sshd[15563]: Failed password for ftp from ::ffff:134.96.33.228 port 33242 ssh2
Jun 20 05:58:27 li12-173 sshd[15565]: Failed password for illegal user test from ::ffff:134.96.33.228 port 33304 ssh2
Jun 20 05:58:29 li12-173 sshd[15567]: Failed password for root from ::ffff:134.96.33.228 port 33361 ssh2
Jun 20 05:58:30 li12-173 sshd[15569]: Illegal user admin from ::ffff:134.96.33.228
Jun 20 05:58:30 li12-173 sshd[15569]: Failed password for illegal user admin from ::ffff:134.96.33.228 port 33426 ssh2
Jun 20 05:58:31 li12-173 sshd[15571]: Failed password for illegal user guest from ::ffff:134.96.33.228 port 33488 ssh2
Jun 20 05:58:32 li12-173 sshd[15573]: Failed password for illegal user master from ::ffff:134.96.33.228 port 33546 ssh2
Jun 20 05:58:33 li12-173 sshd[15575]: Failed password for illegal user apache from ::ffff:134.96.33.228 port 33612 ssh2
Jun 20 05:58:34 li12-173 sshd[15577]: Failed password for root from ::ffff:134.96.33.228 port 33670 ssh2
Jun 20 05:58:36 li12-173 sshd[15579]: Failed password for root from ::ffff:134.96.33.228 port 33723 ssh2
Jun 20 05:58:37 li12-173 sshd[15581]: Failed password for root from ::ffff:134.96.33.228 port 33790 ssh2
Jun 20 05:58:38 li12-173 sshd[15583]: Failed password for root from ::ffff:134.96.33.228 port 33855 ssh2
Jun 20 05:58:39 li12-173 sshd[15585]: Failed password for root from ::ffff:134.96.33.228 port 33912 ssh2
Jun 20 05:58:40 li12-173 sshd[15587]: Failed password for root from ::ffff:134.96.33.228 port 33974 ssh2
Jun 20 05:58:42 li12-173 sshd[15589]: Failed password for root from ::ffff:134.96.33.228 port 34036 ssh2
Jun 20 05:58:43 li12-173 sshd[15591]: Illegal user admin from ::ffff:134.96.33.228
Jun 20 05:58:43 li12-173 sshd[15591]: Failed password for illegal user admin from ::ffff:134.96.33.228 port 34092 ssh2
Jun 20 05:58:44 li12-173 sshd[15593]: Illegal user admin from ::ffff:134.96.33.228
Jun 20 05:58:44 li12-173 sshd[15593]: Failed password for illegal user admin from ::ffff:134.96.33.228 port 34162 ssh2
Jun 20 05:58:45 li12-173 sshd[15595]: Illegal user admin from ::ffff:134.96.33.228
Jun 20 05:58:45 li12-173 sshd[15595]: Failed password for illegal user admin from ::ffff:134.96.33.228 port 34222 ssh2
Jun 20 05:58:46 li12-173 sshd[15597]: Illegal user admin from ::ffff:134.96.33.228
Jun 20 05:58:46 li12-173 sshd[15597]: Failed password for illegal user admin from ::ffff:134.96.33.228 port 34273 ssh2
Jun 20 05:58:47 li12-173 sshd[15599]: Failed password for root from ::ffff:134.96.33.228 port 34341 ssh2
Jun 20 05:58:49 li12-173 sshd[15601]: Failed password for root from ::ffff:134.96.33.228 port 34405 ssh2
Jun 20 05:58:50 li12-173 sshd[15603]: Failed password for illegal user test from ::ffff:134.96.33.228 port 34458 ssh2
Jun 20 05:58:51 li12-173 sshd[15605]: Failed password for illegal user test from ::ffff:134.96.33.228 port 34524 ssh2
Jun 20 05:58:52 li12-173 sshd[15607]: Failed password for illegal user webmaster from ::ffff:134.96.33.228 port 34589 ssh2
Jun 20 05:58:53 li12-173 sshd[15609]: Failed password for illegal user user from ::ffff:134.96.33.228 port 34640 ssh2
Jun 20 05:58:55 li12-173 sshd[15611]: Failed password for illegal user username from ::ffff:134.96.33.228 port 34704 ssh2
Jun 20 05:58:56 li12-173 sshd[15613]: Failed password for illegal user username from ::ffff:134.96.33.228 port 34771 ssh2
Jun 20 05:58:57 li12-173 sshd[15615]: Failed password for illegal user user from ::ffff:134.96.33.228 port 34829 ssh2
Jun 20 05:58:58 li12-173 sshd[15617]: Failed password for root from ::ffff:134.96.33.228 port 34892 ssh2
Jun 20 05:58:59 li12-173 sshd[15619]: Illegal user admin from ::ffff:134.96.33.228
Jun 20 05:58:59 li12-173 sshd[15619]: Failed password for illegal user admin from ::ffff:134.96.33.228 port 34961 ssh2
Jun 20 05:59:01 li12-173 sshd[15621]: Failed password for illegal user test from ::ffff:134.96.33.228 port 35025 ssh2
Jun 20 05:59:02 li12-173 sshd[15623]: Failed password for root from ::ffff:134.96.33.228 port 35087 ssh2
Jun 20 05:59:03 li12-173 sshd[15625]: Failed password for root from ::ffff:134.96.33.228 port 35150 ssh2
Jun 20 05:59:04 li12-173 sshd[15627]: Failed password for root from ::ffff:134.96.33.228 port 35212 ssh2
Jun 20 05:59:05 li12-173 sshd[15629]: Failed password for root from ::ffff:134.96.33.228 port 35275 ssh2
Jun 20 05:59:07 li12-173 sshd[15631]: Failed password for illegal user danny from ::ffff:134.96.33.228 port 35338 ssh2
Jun 20 05:59:08 li12-173 sshd[15633]: Failed password for illegal user sharon from ::ffff:134.96.33.228 port 35402 ssh2
Jun 20 05:59:09 li12-173 sshd[15635]: Failed password for illegal user aron from ::ffff:134.96.33.228 port 35470 ssh2
Jun 20 05:59:10 li12-173 sshd[15637]: Failed password for illegal user alex from ::ffff:134.96.33.228 port 35530 ssh2
Jun 20 05:59:11 li12-173 sshd[15639]: Failed password for illegal user brett from ::ffff:134.96.33.228 port 35591 ssh2
Jun 20 05:59:12 li12-173 sshd[15641]: Failed password for illegal user mike from ::ffff:134.96.33.228 port 35660 ssh2
Jun 20 05:59:14 li12-173 sshd[15643]: Failed password for illegal user alan from ::ffff:134.96.33.228 port 35727 ssh2
Jun 20 05:59:15 li12-173 sshd[15645]: Failed password for illegal user data from ::ffff:134.96.33.228 port 35792 ssh2
Jun 20 05:59:16 li12-173 sshd[15647]: Failed password for www-data from ::ffff:134.96.33.228 port 35862 ssh2
Jun 20 05:59:17 li12-173 sshd[15649]: Failed password for illegal user http from ::ffff:134.96.33.228 port 35926 ssh2
Jun 20 05:59:18 li12-173 sshd[15651]: Failed password for illegal user httpd from ::ffff:134.96.33.228 port 35991 ssh2
Jun 20 05:59:20 li12-173 sshd[15653]: Failed password for nobody from ::ffff:134.96.33.228 port 36060 ssh2
Jun 20 05:59:21 li12-173 sshd[15655]: Failed password for root from ::ffff:134.96.33.228 port 36128 ssh2
Jun 20 05:59:22 li12-173 sshd[15657]: Failed password for backup from ::ffff:134.96.33.228 port 36194 ssh2
Jun 20 05:59:23 li12-173 sshd[15659]: Failed password for illegal user info from ::ffff:134.96.33.228 port 36259 ssh2
Jun 20 05:59:24 li12-173 sshd[15661]: Failed password for illegal user shop from ::ffff:134.96.33.228 port 36327 ssh2
Jun 20 05:59:26 li12-173 sshd[15663]: Failed password for illegal user sales from ::ffff:134.96.33.228 port 36396 ssh2
Jun 20 05:59:27 li12-173 sshd[15665]: Failed password for illegal user web from ::ffff:134.96.33.228 port 36464 ssh2
Jun 20 05:59:28 li12-173 sshd[15667]: Failed password for illegal user www from ::ffff:134.96.33.228 port 36531 ssh2
Jun 20 05:59:29 li12-173 sshd[15669]: Failed password for illegal user wwwrun from ::ffff:134.96.33.228 port 36599 ssh2
Jun 20 05:59:30 li12-173 sshd[15671]: Failed password for illegal user adam from ::ffff:134.96.33.228 port 36667 ssh2
Jun 20 05:59:32 li12-173 sshd[15673]: Failed password for illegal user stephen from ::ffff:134.96.33.228 port 36727 ssh2
Jun 20 05:59:33 li12-173 sshd[15675]: Failed password for illegal user richard from ::ffff:134.96.33.228 port 36796 ssh2
Jun 20 05:59:34 li12-173 sshd[15677]: Failed password for illegal user george from ::ffff:134.96.33.228 port 36860 ssh2
Jun 20 05:59:35 li12-173 sshd[15679]: Failed password for illegal user michael from ::ffff:134.96.33.228 port 36920 ssh2
Jun 20 05:59:36 li12-173 sshd[15681]: Failed password for illegal user john from ::ffff:134.96.33.228 port 36991 ssh2
Jun 20 05:59:37 li12-173 sshd[15683]: Failed password for illegal user david from ::ffff:134.96.33.228 port 37054 ssh2
Jun 20 05:59:39 li12-173 sshd[15685]: Failed password for illegal user paul from ::ffff:134.96.33.228 port 37112 ssh2
Jun 20 05:59:40 li12-173 sshd[15687]: Failed password for news from ::ffff:134.96.33.228 port 37188 ssh2
Jun 20 05:59:41 li12-173 sshd[15689]: Failed password for illegal user angel from ::ffff:134.96.33.228 port 37252 ssh2
Jun 20 05:59:42 li12-173 sshd[15691]: Failed password for games from ::ffff:134.96.33.228 port 37310 ssh2
Jun 20 05:59:43 li12-173 sshd[15693]: Failed password for illegal user pgsql from ::ffff:134.96.33.228 port 37383 ssh2
Jun 20 05:59:45 li12-173 sshd[15695]: Failed password for illegal user pgsql from ::ffff:134.96.33.228 port 37451 ssh2
Jun 20 05:59:46 li12-173 sshd[15697]: Failed password for mail from ::ffff:134.96.33.228 port 37516 ssh2
Jun 20 05:59:47 li12-173 sshd[15699]: Failed password for illegal user adm from ::ffff:134.96.33.228 port 37586 ssh2
Jun 20 05:59:48 li12-173 sshd[15701]: Failed password for illegal user ident from ::ffff:134.96.33.228 port 37657 ssh2
Jun 20 05:59:49 li12-173 sshd[15703]: Failed password for illegal user resin from ::ffff:134.96.33.228 port 37718 ssh2

System Events
=-=-=-=-=-=-=
Jun 20 05:04:20 li12-173 sshd[15503]: Did not receive identification string from ::ffff:134.96.33.228
Jun 20 05:07:30 li12-173 named[610]: NSTATS 1119258450 1119038850 A=94 NS=10 SOA=20 MX=14 TXT=8 AAAA=11
Jun 20 05:26:48 li12-173 proftpd[15525]: MYDOMAIN.COM (stream.youthradio.net2ez.net[69.89.76.34]) - USER anonymous: no such user found from stream.youthradio.net2ez.net [69.89.76.34] to MYIP:21
Jun 20 05:26:48 li12-173 proftpd[15525]: MYDOMAIN.COM (stream.youthradio.net2ez.net[69.89.76.34]) - no such user 'anonymous'
Jun 20 05:44:34 li12-173 sshd[15536]: Did not receive identification string from ::ffff:62.233.176.212
Jun 20 05:58:12 li12-173 sshd[15539]: error: Could not get shadow information for NOUSER
Jun 20 05:58:13 li12-173 sshd[15541]: Illegal user test from ::ffff:134.96.33.228
Jun 20 05:58:13 li12-173 sshd[15541]: error: Could not get shadow information for NOUSER
Jun 20 05:58:15 li12-173 sshd[15543]: Illegal user guest from ::ffff:134.96.33.228
Jun 20 05:58:15 li12-173 sshd[15543]: error: Could not get shadow information for NOUSER
Jun 20 05:58:16 li12-173 sshd[15545]: Illegal user webmaster from ::ffff:134.96.33.228
Jun 20 05:58:16 li12-173 sshd[15545]: error: Could not get shadow information for NOUSER
Jun 20 05:58:18 li12-173 sshd[15549]: Illegal user oracle from ::ffff:134.96.33.228
Jun 20 05:58:18 li12-173 sshd[15549]: error: Could not get shadow information for NOUSER
Jun 20 05:58:19 li12-173 sshd[15551]: Illegal user library from ::ffff:134.96.33.228
Jun 20 05:58:19 li12-173 sshd[15551]: error: Could not get shadow information for NOUSER
Jun 20 05:58:20 li12-173 sshd[15553]: Illegal user info from ::ffff:134.96.33.228
Jun 20 05:58:20 li12-173 sshd[15553]: error: Could not get shadow information for NOUSER
Jun 20 05:58:22 li12-173 sshd[15555]: Illegal user shell from ::ffff:134.96.33.228
Jun 20 05:58:22 li12-173 sshd[15555]: error: Could not get shadow information for NOUSER
Jun 20 05:58:23 li12-173 sshd[15557]: Illegal user linux from ::ffff:134.96.33.228
Jun 20 05:58:23 li12-173 sshd[15557]: error: Could not get shadow information for NOUSER
Jun 20 05:58:24 li12-173 sshd[15559]: Illegal user unix from ::ffff:134.96.33.228
Jun 20 05:58:24 li12-173 sshd[15559]: error: Could not get shadow information for NOUSER
Jun 20 05:58:25 li12-173 sshd[15561]: error: Could not get shadow information for NOUSER
Jun 20 05:58:27 li12-173 sshd[15565]: Illegal user test from ::ffff:134.96.33.228
Jun 20 05:58:27 li12-173 sshd[15565]: error: Could not get shadow information for NOUSER
Jun 20 05:58:30 li12-173 sshd[15569]: error: Could not get shadow information for NOUSER
Jun 20 05:58:31 li12-173 sshd[15571]: Illegal user guest from ::ffff:134.96.33.228
Jun 20 05:58:31 li12-173 sshd[15571]: error: Could not get shadow information for NOUSER
Jun 20 05:58:32 li12-173 sshd[15573]: Illegal user master from ::ffff:134.96.33.228
Jun 20 05:58:32 li12-173 sshd[15573]: error: Could not get shadow information for NOUSER
Jun 20 05:58:33 li12-173 sshd[15575]: Illegal user apache from ::ffff:134.96.33.228
Jun 20 05:58:33 li12-173 sshd[15575]: error: Could not get shadow information for NOUSER
Jun 20 05:58:43 li12-173 sshd[15591]: error: Could not get shadow information for NOUSER
Jun 20 05:58:44 li12-173 sshd[15593]: error: Could not get shadow information for NOUSER
Jun 20 05:58:45 li12-173 sshd[15595]: error: Could not get shadow information for NOUSER
Jun 20 05:58:46 li12-173 sshd[15597]: error: Could not get shadow information for NOUSER
Jun 20 05:58:50 li12-173 sshd[15603]: Illegal user test from ::ffff:134.96.33.228
Jun 20 05:58:50 li12-173 sshd[15603]: error: Could not get shadow information for NOUSER
Jun 20 05:58:51 li12-173 sshd[15605]: Illegal user test from ::ffff:134.96.33.228
Jun 20 05:58:51 li12-173 sshd[15605]: error: Could not get shadow information for NOUSER
Jun 20 05:58:52 li12-173 sshd[15607]: Illegal user webmaster from ::ffff:134.96.33.228
Jun 20 05:58:52 li12-173 sshd[15607]: error: Could not get shadow information for NOUSER
Jun 20 05:58:53 li12-173 sshd[15609]: Illegal user user from ::ffff:134.96.33.228
Jun 20 05:58:53 li12-173 sshd[15609]: error: Could not get shadow information for NOUSER
Jun 20 05:58:55 li12-173 sshd[15611]: Illegal user username from ::ffff:134.96.33.228
Jun 20 05:58:55 li12-173 sshd[15611]: error: Could not get shadow information for NOUSER
Jun 20 05:58:56 li12-173 sshd[15613]: Illegal user username from ::ffff:134.96.33.228
Jun 20 05:58:56 li12-173 sshd[15613]: error: Could not get shadow information for NOUSER
Jun 20 05:58:57 li12-173 sshd[15615]: Illegal user user from ::ffff:134.96.33.228
Jun 20 05:58:57 li12-173 sshd[15615]: error: Could not get shadow information for NOUSER
Jun 20 05:58:59 li12-173 sshd[15619]: error: Could not get shadow information for NOUSER
Jun 20 05:59:01 li12-173 sshd[15621]: Illegal user test from ::ffff:134.96.33.228
Jun 20 05:59:01 li12-173 sshd[15621]: error: Could not get shadow information for NOUSER
Jun 20 05:59:06 li12-173 sshd[15631]: Illegal user danny from ::ffff:134.96.33.228
Jun 20 05:59:07 li12-173 sshd[15631]: error: Could not get shadow information for NOUSER
Jun 20 05:59:08 li12-173 sshd[15633]: Illegal user sharon from ::ffff:134.96.33.228
Jun 20 05:59:08 li12-173 sshd[15633]: error: Could not get shadow information for NOUSER
Jun 20 05:59:09 li12-173 sshd[15635]: Illegal user aron from ::ffff:134.96.33.228
Jun 20 05:59:09 li12-173 sshd[15635]: error: Could not get shadow information for NOUSER
Jun 20 05:59:10 li12-173 sshd[15637]: Illegal user alex from ::ffff:134.96.33.228
Jun 20 05:59:10 li12-173 sshd[15637]: error: Could not get shadow information for NOUSER
Jun 20 05:59:11 li12-173 sshd[15639]: Illegal user brett from ::ffff:134.96.33.228
Jun 20 05:59:11 li12-173 sshd[15639]: error: Could not get shadow information for NOUSER
Jun 20 05:59:12 li12-173 sshd[15641]: Illegal user mike from ::ffff:134.96.33.228
Jun 20 05:59:12 li12-173 sshd[15641]: error: Could not get shadow information for NOUSER
Jun 20 05:59:14 li12-173 sshd[15643]: Illegal user alan from ::ffff:134.96.33.228
Jun 20 05:59:14 li12-173 sshd[15643]: error: Could not get shadow information for NOUSER
Jun 20 05:59:15 li12-173 sshd[15645]: Illegal user data from ::ffff:134.96.33.228
Jun 20 05:59:15 li12-173 sshd[15645]: error: Could not get shadow information for NOUSER
Jun 20 05:59:17 li12-173 sshd[15649]: Illegal user http from ::ffff:134.96.33.228
Jun 20 05:59:17 li12-173 sshd[15649]: error: Could not get shadow information for NOUSER
Jun 20 05:59:18 li12-173 sshd[15651]: Illegal user httpd from ::ffff:134.96.33.228
Jun 20 05:59:18 li12-173 sshd[15651]: error: Could not get shadow information for NOUSER
Jun 20 05:59:23 li12-173 sshd[15659]: Illegal user info from ::ffff:134.96.33.228
Jun 20 05:59:23 li12-173 sshd[15659]: error: Could not get shadow information for NOUSER
Jun 20 05:59:24 li12-173 sshd[15661]: Illegal user shop from ::ffff:134.96.33.228
Jun 20 05:59:24 li12-173 sshd[15661]: error: Could not get shadow information for NOUSER
Jun 20 05:59:26 li12-173 sshd[15663]: Illegal user sales from ::ffff:134.96.33.228
Jun 20 05:59:26 li12-173 sshd[15663]: error: Could not get shadow information for NOUSER
Jun 20 05:59:27 li12-173 sshd[15665]: Illegal user web from ::ffff:134.96.33.228
Jun 20 05:59:27 li12-173 sshd[15665]: error: Could not get shadow information for NOUSER
Jun 20 05:59:28 li12-173 sshd[15667]: Illegal user www from ::ffff:134.96.33.228
Jun 20 05:59:28 li12-173 sshd[15667]: error: Could not get shadow information for NOUSER
Jun 20 05:59:29 li12-173 sshd[15669]: Illegal user wwwrun from ::ffff:134.96.33.228
Jun 20 05:59:29 li12-173 sshd[15669]: error: Could not get shadow information for NOUSER
Jun 20 05:59:30 li12-173 sshd[15671]: Illegal user adam from ::ffff:134.96.33.228
Jun 20 05:59:30 li12-173 sshd[15671]: error: Could not get shadow information for NOUSER
Jun 20 05:59:31 li12-173 sshd[15673]: Illegal user stephen from ::ffff:134.96.33.228
Jun 20 05:59:31 li12-173 sshd[15673]: error: Could not get shadow information for NOUSER
Jun 20 05:59:33 li12-173 sshd[15675]: Illegal user richard from ::ffff:134.96.33.228
Jun 20 05:59:33 li12-173 sshd[15675]: error: Could not get shadow information for NOUSER
Jun 20 05:59:34 li12-173 sshd[15677]: Illegal user george from ::ffff:134.96.33.228
Jun 20 05:59:34 li12-173 sshd[15677]: error: Could not get shadow information for NOUSER
Jun 20 05:59:35 li12-173 sshd[15679]: Illegal user michael from ::ffff:134.96.33.228
Jun 20 05:59:35 li12-173 sshd[15679]: error: Could not get shadow information for NOUSER
Jun 20 05:59:36 li12-173 sshd[15681]: Illegal user john from ::ffff:134.96.33.228
Jun 20 05:59:36 li12-173 sshd[15681]: error: Could not get shadow information for NOUSER
Jun 20 05:59:37 li12-173 sshd[15683]: Illegal user david from ::ffff:134.96.33.228
Jun 20 05:59:37 li12-173 sshd[15683]: error: Could not get shadow information for NOUSER
Jun 20 05:59:39 li12-173 sshd[15685]: Illegal user paul from ::ffff:134.96.33.228
Jun 20 05:59:39 li12-173 sshd[15685]: error: Could not get shadow information for NOUSER
Jun 20 05:59:41 li12-173 sshd[15689]: Illegal user angel from ::ffff:134.96.33.228
Jun 20 05:59:41 li12-173 sshd[15689]: error: Could not get shadow information for NOUSER
Jun 20 05:59:43 li12-173 sshd[15693]: Illegal user pgsql from ::ffff:134.96.33.228
Jun 20 05:59:43 li12-173 sshd[15693]: error: Could not get shadow information for NOUSER
Jun 20 05:59:45 li12-173 sshd[15695]: Illegal user pgsql from ::ffff:134.96.33.228
Jun 20 05:59:45 li12-173 sshd[15695]: error: Could not get shadow information for NOUSER
Jun 20 05:59:47 li12-173 sshd[15699]: Illegal user adm from ::ffff:134.96.33.228
Jun 20 05:59:47 li12-173 sshd[15699]: error: Could not get shadow information for NOUSER
Jun 20 05:59:48 li12-173 sshd[15701]: Illegal user ident from ::ffff:134.96.33.228
Jun 20 05:59:48 li12-173 sshd[15701]: error: Could not get shadow information for NOUSER
Jun 20 05:59:49 li12-173 sshd[15703]: Illegal user resin from ::ffff:134.96.33.228
Jun 20 05:59:49 li12-173 sshd[15703]: error: Could not get shadow information for NOUSER


First of all, I'm pretty pleased at having installed logcheck yesterday to have even caught this. I saw it mentioned on the forums or the wiki here and thought it sounded like a good idea, since I'm still kind of new to running a whole server.

Second, I took a few measures already. I disabled root ssh access and changed it to a non-standard port. I'll change webmin and usermin's default ports next. I also disabled pings in my firehol config.

I'm not totally sure how to check if the guy actually WAS able to log into my system; I grep'd everything in /var/log with the above ip address, but all I seemed to find was all the invalid attempts. I guess that's somewhat of a relief, unless a.) not everything I should be logging is doing so, or b.) the logs were changed. I see no established connections in netstat at the moment aside from what I'm using for myself.

I guess the biggest question to ask is if there's anything I've missed in trying to secure my box. The other question would be how do I go about banning a particular address from my server via firehol?
Top
   
Reply with quote  
shaitan
 Post subject:
PostPosted: Mon Jun 20, 2005 12:25 pm 
Offline
Senior Newbie

Joined: Mon Sep 13, 2004 1:09 am
Posts: 7
If I run webmin, i like to block external access to it via a firewall, so it can only be accessed locally. Then access it via an ssh tunnel.
Top
   
Reply with quote  
mikegrb
 Post subject:
PostPosted: Mon Jun 20, 2005 12:37 pm 
Offline
Linode Staff
User avatar

Joined: Fri Oct 17, 2003 12:38 am
Posts: 287
Location: Dr Wierd's Lab, South Jersey Shore
These SSH scans are pretty much par for the course for any Internet connected box. Useful things are ensuring that no accounts use the username as the password and that no accounts use simple things like password or passw0rd as the password.

To more aggressively protect yourself, concider disabling password logins. My personal Linode only allows authentication via SSH keys and single use passwords.

To reduce the number of attempts you see in the logs, concider firewall rules using the recent module. For an example that blocks for 60 seconds after 3 new connection attempts from an IP see http://www.linode.com/forums/viewtopic.php?p=6935#6935 I use this script on my personal Linode so only see three connection attempts from a given IP.

Michael
Top
   
Reply with quote  
FyberOptic
 Post subject:
PostPosted: Mon Jun 20, 2005 2:21 pm 
Offline
Junior Member

Joined: Thu Jun 16, 2005 12:28 pm
Posts: 33
Thanks for the tips. I had heard mention of ssh tunneling before but never really knew anything about it, and didn't know anything about ssh keys until today. But now I have ssh password logins disabled, and can tunnel into webmin. Works great, and makes me feel a lot better about who can gain access.

Would it be of any benefit to run webmin/usermin through Apache2? I've noticed at times that they seem to run sluggish, and really have no idea how good they are in terms of security. I already have phpmyadmin and postfixadmin setup to only run through SSL, and they seem to run pretty well.
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: dobriain and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group