New to Linux, Getting a logwatch email about Possible Break In Attempt
Hi everyone,
I am new to Linux and I have a dedicated server running centOS, Pleask 9.2 and I have a received a logwatch email talking about a Possible Break In Attempt. Can anyone help me out and let me know what I can do to increase security? I saw a post about changing the sshd port, but I don't know if this is a good idea or not. Any tips or suggestions would be great. Here is the logwatch --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (186.83.37.19): 219 Time(s) root (186.36.144.229): 216 Time(s) root (190.218.187.184): 156 Time(s) root (89.175.254.190): 22 Time(s) root (gate.fly-net.ru): 2 Time(s) unknown (gate.fly-net.ru): 2 Time(s) unknown (89.175.254.190): 1 Time(s) Invalid Users: Unknown Account: 3 Time(s) ---------------------- pam_unix End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 89.175.254.190: 22 times 91.203.224.20 (gate.fly-net.ru): 2 times 186.36.144.229: 216 times 186.83.37.19 (Dynamic-IP-186833719.cable.net.co): 219 times 190.218.187.184 (cpe-001e3348a527.cpe.cableonda.net): 156 times Illegal users from: 89.175.254.190: 1 time 91.203.224.20 (gate.fly-net.ru): 2 times Received disconnect: 11: Bye Bye : 26 Time(s) 11: Goodbye : 591 Time(s) **Unmatched Entries** pam_succeed_if(sshd:auth): error retrieving information about user asis : 1 time(s) reverse mapping checking getaddrinfo for dynamic-ip-186833719.cable.net.co failed - POSSIBLE BREAK-IN ATTEMPT! : 219 time(s) pam_succeed_if(sshd:auth): error retrieving information about user shit : 1 time(s) Address 190.218.187.184 maps to cpe-001e3348a527.cpe.cableonda.net, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 156 time(s) pam_succeed_if(sshd:auth): error retrieving information about user administrador : 1 time(s) ---------------------- SSHD End ------------------------- Thank you for your help |
Quote:
Quote:
Quote:
|
Thank you,
I am looking at the following from the Failed SSH link you posted. Quote:
|
Quote:
|
All times are GMT -5. The time now is 10:22 AM. |