I think someone is trying to get into my pc but i dont know can i get some help

blufire · 10-05-2004, 06:37 AM

Here is an part of my security log and it keeps going. Is this some kind of attack. How do I stop this from happening

illegal user account from 61.66.193.155 port 54343 ssh2
Oct 3 16:36:02 yahoobb220004224140 sshd[16464]: Failed password for illegal user backup from 61.66.193.155 port 54438 ssh2
Oct 3 16:36:06 yahoobb220004224140 sshd[16466]: Failed password for illegal user server from 61.66.193.155 port 54510 ssh2
Oct 3 16:36:09 yahoobb220004224140 sshd[16468]: Failed password for illegal user adam from 61.66.193.155 port 54583 ssh2
Oct 3 16:36:12 yahoobb220004224140 sshd[16470]: Failed password for illegal user alan from 61.66.193.155 port 54647 ssh2
Oct 3 16:36:15 yahoobb220004224140 sshd[16472]: Failed password for illegal user frank from 61.66.193.155 port 54715 ssh2
Oct 3 16:36:19 yahoobb220004224140 sshd[16474]: Failed password for illegal user george from 61.66.193.155 port 54785 ssh2
Oct 3 16:36:22 yahoobb220004224140 sshd[16476]: Failed password for illegal user henry from 61.66.193.155 port 54847 ssh2
Oct 3 16:36:25 yahoobb220004224140 sshd[16479]: Failed password for illegal user john from 61.66.193.155 port 54918 ssh2
Oct 3 16:36:45 yahoobb220004224140 sshd[16491]: Failed password for illegal user test from 61.66.193.155 port 55308 ssh2

masand · 10-05-2004, 06:48 AM

hi there

are u allowuing ssh,ssh2 for internet access
if not then u shpuld perhaps close the posrts and also if u are allowing then u should define a policy or rules in a firewall

shorewall is a good and easy firewall

or u can write ur own iptables scripts if u r comfortable with that

regards

320mb · 10-05-2004, 06:57 AM

61.66.193.155
Block this address...........if this guy persists
block the ISP for a week or so, he will give up and go
somewhere else...........then just un block the ISP, so others can get thru.......
IF the guy comes back......send an Email to the ISP, and they will just Dump this guy from their service!

masand · 10-05-2004, 07:06 AM

hi there
if uwant to go the other way then try jwhois address
like i tried this

[root@gaurav root]# jwhois 61.66.193.155
[Querying whois.apnic.net]
[Redirected to whois.twnic.net]
[Querying whois.twnic.net]
[whois.twnic.net]
.
.
.
.

u can see the full O/P by running the above command

so u can get to the administartor and complaint him about the same
but u should secure ur network also

regards

blufire · 10-05-2004, 10:37 AM

I dont know if I am using ssh how do I check. I am just a beginner. If I am not how do I close the ports? I am trying to learn about iptables right now in the book that came with the distro. I will re-read and block the isp. Showall its a Firewall? I am using the firewall that came with the distro. Fedora Core 1. By the looks of it I see many different users so I think someone is trying brute force or has infected other computers. How do I send a message to the ISP server so I can inform them on their side I dont want this to happen to others is why. Thankyou. If you know any good sites about making my pc more secure I would like to know. I am asking because I will eventually try to set up a server on my box. Thankyou.

blufire · 10-05-2004, 10:40 AM

I got the Admin info. Thankyou. I will work on securing my box more. Any help to places I can learn to secure my box would be great. I am just learning but I will put in the work. Thankyou all for confirming I am being hit. I will be more alert.

Cerbere · 10-05-2004, 08:44 PM

Check out this thread from unSpawn (one of the moderators). It has lots of great security reference sites.

http://www.linuxquestions.org/questi...threadid=45261

Enjoy!
--- Cerbere