On Mon, Oct 13, 2008 at 11:14 AM, Daniel Aeberli <[EMAIL PROTECTED]> wrote: > Oops that first phrase should say can not dial extension or can not > receive calls. > > Daniel Aeberli a écrit : >> Hi >> >> My pbx has been locking up (can dial extentions or can receive calls) >> In the log on the status screen I see this: >> >> Oct 13 13:46:16 pbx auth.info /usr/sbin/sshd[10193]: Invalid user backup >> from 206.82.216.131 >> Oct 13 13:46:16 pbx auth.err /usr/sbin/sshd[10193]: error: Could not get >> shadow information for NOUSER >> Oct 13 13:46:16 pbx auth.info /usr/sbin/sshd[10193]: Failed password for >> invalid user backup from 206.82.216.131 port 59236 ssh2 >> Oct 13 13:46:18 pbx auth.info /usr/sbin/sshd[10195]: Invalid user info >> from 206.82.216.131 >> Oct 13 13:46:18 pbx auth.err /usr/sbin/sshd[10195]: error: Could not get >> shadow information for NOUSER >> Oct 13 13:46:18 pbx auth.info /usr/sbin/sshd[10195]: Failed password for >> invalid user info from 206.82.216.131 port 59320 ssh2 >> Oct 13 13:46:20 pbx auth.info /usr/sbin/sshd[10197]: Invalid user shop >> from 206.82.216.131 >> Oct 13 13:46:20 pbx auth.err /usr/sbin/sshd[10197]: error: Could not get >> shadow information for NOUSER >> Oct 13 13:46:20 pbx auth.info /usr/sbin/sshd[10197]: Failed password for >> invalid user shop from 206.82.216.131 port 59685 ssh2 >> Oct 13 13:46:22 pbx auth.info /usr/sbin/sshd[10199]: Invalid user sales >> from 206.82.216.131 >> Oct 13 13:46:22 pbx auth.err /usr/sbin/sshd[10199]: error: Could not get >> shadow information for NOUSER >> Oct 13 13:46:22 pbx auth.info /usr/sbin/sshd[10199]: Failed password for >> invalid user sales from 206.82.216.131 port 59751 ssh2 >> Oct 13 13:46:24 pbx auth.info /usr/sbin/sshd[10201]: Invalid user web >> from 206.82.216.131 >> Oct 13 13:46:24 pbx auth.err /usr/sbin/sshd[10201]: error: Could not get >> shadow information for NOUSER >> Oct 13 13:46:24 pbx auth.info /usr/sbin/sshd[10201]: Failed password for >> invalid user web from 206.82.216.131 port 59817 ssh2 >> Oct 13 13:46:27 pbx auth.info /usr/sbin/sshd[10203]: Invalid user www >> from 206.82.216.131 >> Oct 13 13:46:27 pbx auth.err /usr/sbin/sshd[10203]: error: Could not get >> shadow information for NOUSER >> Oct 13 13:46:27 pbx auth.info /usr/sbin/sshd[10203]: Failed password for >> invalid user www from 206.82.216.131 port 60224 ssh2 >> Oct 13 13:46:29 pbx auth.info /usr/sbin/sshd[10205]: Invalid user wwwrun >> from 206.82.216.131 >> Oct 13 13:46:29 pbx auth.err /usr/sbin/sshd[10205]: error: Could not get >> shadow information for NOUSER >> Oct 13 13:46:29 pbx auth.info /usr/sbin/sshd[10205]: Failed password for >> invalid user wwwrun from 206.82.216.131 port 60317 ssh2 >> Oct 13 13:46:41 pbx auth.info /usr/sbin/sshd[10207]: Invalid user adam >> from 206.82.216.131 >> Oct 13 13:46:41 pbx auth.err /usr/sbin/sshd[10207]: error: Could not get >> shadow information for NOUSER >> Oct 13 13:46:41 pbx auth.info /usr/sbin/sshd[10207]: Failed password for >> invalid user adam from 206.82.216.131 port 60709 ssh2 >> >> >> The IP is from windnet.it a web-hosting company. >> Is there a setting I can set-up to lock him out (black list his IP). >> >> In the mean I've gone back to 1.4.8 but I'm not sure this is not >> happening and I am just not seeing it. >> >> Tanks for the help >> >> Daniel
Daniel, These are just common SSH brute force attacks. They shouldn't cause your PBX to lock up or otherwise misbehave but you should do something about them. Either filter TCP port 22 to the AstLinux machine or move your SSH port to something other than 22. That will cause most of them to go away. -- Kristian Kielhofner http://blog.krisk.org http://www.submityoursip.com http://www.astlinux.org http://www.star2star.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
