/var/log/auth.log entries
somebody is obviously trying to hack into my machine,
which has out-of-the box Mandrake 10.0 installed.
these are some of the entries from /var/log/auth.log:
sshd[11714]: Failed password for nobody from ::ffff:12.155.199.50 port 57729
sshd[11716]: Illegal user patrick from ::ffff:12.155.199.50
sshd(pam_unix)[11716]: check pass; user unknown
sshd(pam_unix)[11716]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=webhost2.ocsonline.com
Failed password for root from ::ffff:12.155.199.50 port 58055 ssh2
sshd(pam_unix)[11723]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=webhost2.ocsonline.com user=root
and a lot of similar messages for other usernames that don't exist
on my machine.
as far as i can tell, so far they haven't been able to get in (i checked
with 'last', and also ran chkrootkit and rkhunter).
what measures should i take to tighten security?
|