LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to stop things like these (https://www.linuxquestions.org/questions/linux-security-4/how-to-stop-things-like-these-737785/)

divyashree 07-04-2009 11:48 PM
How to stop things like these
 
I just got a mail from my system ,when I opened this I find something unusual that worried me,so can any one help me regarding this..

showing some part of the message..
today
Code:
--------------------- pam_unix Begin ------------------------

 sshd:
    Authentication Failures:
      root (211.75.183.115): 7 Time(s)
      unknown (59.49.14.12): 2 Time(s)
      root (office.meijob.com): 1 Time(s)
    Invalid Users:
      Unknown Account: 2 Time(s)
and yesterday

Code:
--------------------- SSHD Begin ------------------------


 Failed logins from:
    211.75.183.115 (211-75-183-115.HINET-IP.hinet.net): 7 times
    211.99.138.146 (office.meijob.com): 1 time

 Illegal users from:
    59.49.14.12: 2 times


 Received disconnect:
    11: Bye Bye : 7 Time(s)

 **Unmatched Entries**
 reverse mapping checking getaddrinfo for 211-75-183-115.hinet-ip.hinet.net failed - POSSIBLE BREAK-IN ATTEMPT! : 7 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user sales : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user staff : 1 time(s)

 ---------------------- SSHD End -------------------------
And how will I stop thing like these ,how to handle thos Illiegal users,Invalid accounts,Unknown accounts.. etc...

win32sux 07-05-2009 12:17 AM
You could start by reading the thread titled Failed SSH login attempts, which is stickied at the top of this forum. You could then proceed to install something like Fail2ban. BTW, if you're running an SSH daemon on port 22, getting tons of failed login attempts is actually a common occurrence (so common, that we've had that thread stickied up there for years).


All times are GMT -5. The time now is 09:28 AM.