attacks noticed /var/mail/root
Hey all, in my ultimate bordeum, i have been searching some log files for any irregular activity. I have found some, and looking for advice.
In the /var/mail/root file, which is very lengthy, i have found requests for ssh2 access using random ports, and random names. Such as:
Invalid user test from ::ffff:202.157.183.2
Failed password for invalid user test from ::ffff:202.157.183.2 port 56961 ssh2
Invalid user guest from ::ffff:202.157.183.2
Failed password for invalid user guest from ::ffff:202.157.183.2 port 57805 ssh2Invalid user admin from ::ffff:202.157.183.2
Failed password for invalid user admin from ::ffff:202.157.183.2 port 58239 ssh2Invalid user admin from ::ffff:202.157.183.2
Failed password for invalid user admin from ::ffff:202.157.183.2 port 58673 ssh2Invalid user user from ::ffff:202.157.183.2
Invalid user server from ::ffff:149.156.153.164
Failed password for invalid user server from ::ffff:149.156.153.164 port 33644 ssh2
Invalid user alan from ::ffff:149.156.153.164
Failed password for invalid user alan from ::ffff:149.156.153.164 port 34458 ssh2
Invalid user frank from ::ffff:149.156.153.164
Failed password for invalid user frank from ::ffff:149.156.153.164 port 34864 ssh2
Invalid user george from ::ffff:149.156.153.164
Failed password for invalid user george from ::ffff:149.156.153.164 port 34870 ssh2
many many lines of this exist. The part that really bugs, me, is the random user names, which leads me to believe this is definitly a hacker tryin to access my system.
My sshd_config file specifies ssh2 protocal, and only 3 usernames.
I have no definitions in my IP tables, as my machine is already behind a filewall.
Does anyone know what or where these requests may be coming from?
And is there anything i can do to prevent such attacks.
|