LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page How to stop things like these
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-04-2009, 11:48 PM   #1
divyashree
Senior Member
 
Registered: Apr 2007
Location: Bangalore, India
Distribution: RHEL,SuSE,CentOS,Fedora,Ubuntu
Posts: 1,386

Rep: Reputation: 135Reputation: 135
How to stop things like these

I just got a mail from my system ,when I opened this I find something unusual that worried me,so can any one help me regarding this..

showing some part of the message..
today
Code:
--------------------- pam_unix Begin ------------------------

 sshd:
    Authentication Failures:
       root (211.75.183.115): 7 Time(s)
       unknown (59.49.14.12): 2 Time(s)
       root (office.meijob.com): 1 Time(s)
    Invalid Users:
       Unknown Account: 2 Time(s)
and yesterday

Code:
--------------------- SSHD Begin ------------------------


 Failed logins from:
    211.75.183.115 (211-75-183-115.HINET-IP.hinet.net): 7 times
    211.99.138.146 (office.meijob.com): 1 time

 Illegal users from:
    59.49.14.12: 2 times


 Received disconnect:
    11: Bye Bye : 7 Time(s)

 **Unmatched Entries**
 reverse mapping checking getaddrinfo for 211-75-183-115.hinet-ip.hinet.net failed - POSSIBLE BREAK-IN ATTEMPT! : 7 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user sales : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user staff : 1 time(s)

 ---------------------- SSHD End -------------------------
And how will I stop thing like these ,how to handle thos Illiegal users,Invalid accounts,Unknown accounts.. etc...
 
Old 07-05-2009, 12:17 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
You could start by reading the thread titled Failed SSH login attempts, which is stickied at the top of this forum. You could then proceed to install something like Fail2ban. BTW, if you're running an SSH daemon on port 22, getting tons of failed login attempts is actually a common occurrence (so common, that we've had that thread stickied up there for years).
Last edited by win32sux; 07-05-2009 at 12:19 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
All things networking stop working remyforbes777 Linux - General 2 04-09-2009 02:02 PM
LXer: Stop Googling things, says Google LXer Syndicated Linux News 0 08-15-2006 06:21 PM
stop things from starting with system? alyks SUSE / openSUSE 2 10-18-2004 01:52 AM
will old monitor stop graphics from working, slow it down, make things blurrie? toastermaker Linux - Hardware 1 03-08-2004 10:43 PM
stop hotplug from detecting things connected to usb (but still noticing usb itself) TheOneAndOnlySM Linux - Hardware 5 10-18-2003 10:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:34 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration