weird stuff in /var/log/auth.log

bschiett · 03-12-2005, 06:16 AM

Hi all,

I'm new to linux and I've just set up an arch linux box. i was looking in /var/log/auth.log this morning to debug something when I found this:

Mar 11 19:54:52 sponge sshd[3653]: Invalid user horde from 61.218.16.227
Mar 11 19:54:52 sponge sshd[3653]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:54:52 sponge sshd[3653]: error: Could not get shadow information for NOUSER
Mar 11 19:54:52 sponge sshd[3653]: Failed password for invalid user horde from 61.218.16.227 port 46646 ssh2
Mar 11 19:54:52 sponge sshd[3653]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:54:55 sponge sshd[3656]: Invalid user cyrus from 61.218.16.227
Mar 11 19:54:55 sponge sshd[3656]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:54:55 sponge sshd[3656]: error: Could not get shadow information for NOUSER
Mar 11 19:54:55 sponge sshd[3656]: Failed password for invalid user cyrus from 61.218.16.227 port 46690 ssh2
Mar 11 19:54:55 sponge sshd[3656]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:54:58 sponge sshd[3659]: Invalid user www from 61.218.16.227
Mar 11 19:54:58 sponge sshd[3659]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:54:58 sponge sshd[3659]: error: Could not get shadow information for NOUSER
Mar 11 19:54:58 sponge sshd[3659]: Failed password for invalid user www from 61.218.16.227 port 46730 ssh2
Mar 11 19:54:58 sponge sshd[3659]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:01 sponge sshd[3662]: Invalid user wwwrun from 61.218.16.227
Mar 11 19:55:01 sponge sshd[3662]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:01 sponge sshd[3662]: error: Could not get shadow information for NOUSER
Mar 11 19:55:01 sponge sshd[3662]: Failed password for invalid user wwwrun from 61.218.16.227 port 46775 ssh2
Mar 11 19:55:01 sponge sshd[3662]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:04 sponge sshd[3665]: Invalid user matt from 61.218.16.227
Mar 11 19:55:04 sponge sshd[3665]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:04 sponge sshd[3665]: error: Could not get shadow information for NOUSER
Mar 11 19:55:04 sponge sshd[3665]: Failed password for invalid user matt from 61.218.16.227 port 46818 ssh2
Mar 11 19:55:04 sponge sshd[3665]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:07 sponge sshd[3668]: Invalid user test from 61.218.16.227
Mar 11 19:55:07 sponge sshd[3668]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:07 sponge sshd[3668]: error: Could not get shadow information for NOUSER
Mar 11 19:55:07 sponge sshd[3668]: Failed password for invalid user test from 61.218.16.227 port 46864 ssh2
Mar 11 19:55:07 sponge sshd[3668]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:12 sponge sshd[3671]: Invalid user test from 61.218.16.227
Mar 11 19:55:12 sponge sshd[3671]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:12 sponge sshd[3671]: error: Could not get shadow information for NOUSER
Mar 11 19:55:12 sponge sshd[3671]: Failed password for invalid user test from 61.218.16.227 port 46910 ssh2
Mar 11 19:55:12 sponge sshd[3671]: Excess permission or bad ownership on file /var/log/btmp

is this somebody trying to login to my machine using SSH by picking random accounts?

thanks!

Emerson · 03-12-2005, 06:38 AM

Someone from Taiwan is trying to break in. The address 61... is blacklisted BTW.

2005-03-12 LIST.DSBL.ORG
2005-03-12 DNSBL.SORBS.NET

Habit to use strong passwords seems to be a good idea ...

bschiett · 03-12-2005, 07:23 AM

Quote:

Originally posted by Emerson
Someone from Taiwan is trying to break in. The address 61... is blacklisted BTW.

2005-03-12 LIST.DSBL.ORG
2005-03-12 DNSBL.SORBS.NET

Habit to use strong passwords seems to be a good idea ...

thanks for the info!

is there a limit on the ssh password i can use? e.g. can I use a longer password than 8 letters/digits/symbols?

Emerson · 03-12-2005, 08:29 AM

Security is a very comprehensive field. Unfortunately, I'm not a security expert. I think it's time to learn more about it, thank you, you triggered my interest. Right now I can say:
You can have longer system wide passwords.
However, meaningless combination of 8 upper- and lowercase symbols and digits is strong enough.
Network root access should be denied and limited su (sudo) used instead.
You can limit ssh access to certain users.