LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Possible Break-in?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-10-2010, 09:34 PM   #1
landysaccount
Member
 
Registered: Sep 2008
Location: Dominican Republic
Distribution: Debian
Posts: 188

Rep: Reputation: 18
Possible Break-in?

Hello Everyone.

I was looking at my server's /var/log/auth.log file and noticed someone is trying to access to my server. I have opened ports 143,25,80 and 22 on this server.

What you recommend me to do in my situation to prevent a hack?

Code:
Oct 10 22:27:24 owsmail sshd[28664]: pam_unix(sshd:auth): check pass; user unknown
Oct 10 22:27:24 owsmail sshd[28664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
174.122.98.98
Oct 10 22:27:26 owsmail sshd[28664]: Failed password for invalid user zai from 174.122.98.98 port 52555 ssh2
Oct 10 22:27:27 owsmail sshd[28666]: reverse mapping checking getaddrinfo for 62.62.7aae.static.theplanet.com [174.122.98.98]
 failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 10 22:27:27 owsmail sshd[28666]: Invalid user zaia from 174.122.98.98
Oct 10 22:27:27 owsmail sshd[28666]: pam_unix(sshd:auth): check pass; user unknown
Oct 10 22:27:27 owsmail sshd[28666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
174.122.98.98
Oct 10 22:27:29 owsmail sshd[28666]: Failed password for invalid user zaia from 174.122.98.98 port 53099 ssh2
Oct 10 22:27:30 owsmail sshd[28668]: reverse mapping checking getaddrinfo for 62.62.7aae.static.theplanet.com [174.122.98.98]
 failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 10 22:27:30 owsmail sshd[28668]: Invalid user zaid from 174.122.98.98
Oct 10 22:27:30 owsmail sshd[28668]: pam_unix(sshd:auth): check pass; user unknown
Oct 10 22:27:30 owsmail sshd[28668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
174.122.98.98
Oct 10 22:27:32 owsmail sshd[28668]: Failed password for invalid user zaid from 174.122.98.98 port 53755 ssh2
Oct 10 22:27:33 owsmail sshd[28671]: reverse mapping checking getaddrinfo for 62.62.7aae.static.theplanet.com [174.122.98.98]
 failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 10 22:27:33 owsmail sshd[28671]: Invalid user zaida from 174.122.98.98
Oct 10 22:27:33 owsmail sshd[28671]: pam_unix(sshd:auth): check pass; user unknown
Oct 10 22:27:33 owsmail sshd[28671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.122.98.98
Oct 10 22:27:36 owsmail sshd[28671]: Failed password for invalid user zaida from 174.122.98.98 port 54410 ssh2
Oct 10 22:27:37 owsmail sshd[28673]: reverse mapping checking getaddrinfo for 62.62.7aae.static.theplanet.com [174.122.98.98] failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 10 22:27:37 owsmail sshd[28673]: Invalid user zaidah from 174.122.98.98
Oct 10 22:27:37 owsmail sshd[28673]: pam_unix(sshd:auth): check pass; user unknown
Oct 10 22:27:37 owsmail sshd[28673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.122.98.98
Oct 10 22:27:39 owsmail sshd[28673]: Failed password for invalid user zaidah from 174.122.98.98 port 55103 ssh2
Oct 10 22:27:41 owsmail sshd[28675]: reverse mapping checking getaddrinfo for 62.62.7aae.static.theplanet.com [174.122.98.98] failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 10 22:27:41 owsmail sshd[28675]: Invalid user zaidi from 174.122.98.98
Oct 10 22:27:41 owsmail sshd[28675]: pam_unix(sshd:auth): check pass; user unknown
Oct 10 22:27:41 owsmail sshd[28675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.122.98.98
Oct 10 22:27:43 owsmail sshd[28675]: Failed password for invalid user zaidi from 174.122.98.98 port 55834 ssh2
Thanks in advanced for your time and help.
 
Old 10-10-2010, 09:36 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
http://www.linuxquestions.org/questi...tempts-340366/
 
1 members found this post helpful.
Old 10-10-2010, 09:44 PM   #3
landysaccount
Member
 
Registered: Sep 2008
Location: Dominican Republic
Distribution: Debian
Posts: 188

Original Poster
Rep: Reputation: 18
Thanks for your quick reply. Looks like theres a lot of important information on that thread.

Will read it now.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
break: cannot break karlochacon Linux - Newbie 1 05-06-2010 06:25 PM
Possible Break In??? stlyz3 Linux - Security 9 10-26-2005 02:43 PM
How does it all break down? Bu3Nix Slackware - Installation 5 09-15-2005 02:50 PM
could I break my pc? linuxhippy Slackware 9 04-02-2005 07:15 AM
Could someone please break it down for me...? Pwcca Slackware 6 01-23-2003 10:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:03 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration