| zdenisl |
05-13-2006 06:53 PM |
A lot of authentication failure messages
I just noticed in /var/log/messages I have a lot of authentication failure messages from foreign IP addresses.
I guess this is a hacker. How can I prevent this?
Today I've had 50 so far.
Here's a snipit:
Code:
May 7 09:38:45 ramair sshd(pam_unix)[24218]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=217.160.250.152 user=root
May 7 11:11:48 ramair sshd(pam_unix)[26330]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.89.164.18 user=root
May 7 11:11:56 ramair sshd(pam_unix)[26332]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.89.164.18 user=root
May 7 11:12:03 ramair sshd(pam_unix)[26334]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.89.164.18 user=root
May 7 11:12:13 ramair sshd(pam_unix)[26336]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.89.164.18 user=root
May 7 11:12:25 ramair sshd(pam_unix)[26338]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.89.164.18 user=root
May 13 12:00:43 ramair sshd(pam_unix)[5796]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.28.168.85 user=ftp
May 13 12:01:07 ramair sshd(pam_unix)[5806]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.28.168.85 user=postfix
May 13 12:01:15 ramair sshd(pam_unix)[5808]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.28.168.85 user=postgres
May 13 12:01:28 ramair sshd(pam_unix)[5812]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=218.28.168.85 user=root
|
