LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   /var/log/auth.log entries (https://www.linuxquestions.org/questions/linux-security-4/var-log-auth-log-entries-316481/)

buehler 04-23-2005 04:28 PM
/var/log/auth.log entries
 
somebody is obviously trying to hack into my machine,
which has out-of-the box Mandrake 10.0 installed.
these are some of the entries from /var/log/auth.log:

sshd[11714]: Failed password for nobody from ::ffff:12.155.199.50 port 57729
sshd[11716]: Illegal user patrick from ::ffff:12.155.199.50
sshd(pam_unix)[11716]: check pass; user unknown
sshd(pam_unix)[11716]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=webhost2.ocsonline.com
Failed password for root from ::ffff:12.155.199.50 port 58055 ssh2
sshd(pam_unix)[11723]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=webhost2.ocsonline.com user=root

and a lot of similar messages for other usernames that don't exist
on my machine.

as far as i can tell, so far they haven't been able to get in (i checked
with 'last', and also ran chkrootkit and rkhunter).

what measures should i take to tighten security?

buehler 04-23-2005 04:45 PM
ok. i just saw Capt_Caveman's post at the top of the forum.
looks like it's the same malware attack ...


All times are GMT -5. The time now is 09:36 AM.