Kristian Kielhofner a écrit : > On Mon, Oct 13, 2008 at 11:14 AM, Daniel Aeberli <[EMAIL PROTECTED]> wrote: > >> Oops that first phrase should say can not dial extension or can not >> receive calls. >> >> Daniel Aeberli a écrit : >> >>> Hi >>> >>> My pbx has been locking up (can dial extentions or can receive calls) >>> In the log on the status screen I see this: >>> >>> Oct 13 13:46:16 pbx auth.info /usr/sbin/sshd[10193]: Invalid user backup >>> from 206.82.216.131 >>> Oct 13 13:46:16 pbx auth.err /usr/sbin/sshd[10193]: error: Could not get >>> shadow information for NOUSER >>> Oct 13 13:46:16 pbx auth.info /usr/sbin/sshd[10193]: Failed password for >>> invalid user backup from 206.82.216.131 port 59236 ssh2 >>> Oct 13 13:46:18 pbx auth.info /usr/sbin/sshd[10195]: Invalid user info >>> from 206.82.216.131 >>> Oct 13 13:46:18 pbx auth.err /usr/sbin/sshd[10195]: error: Could not get >>> shadow information for NOUSER >>> Oct 13 13:46:18 pbx auth.info /usr/sbin/sshd[10195]: Failed password for >>> invalid user info from 206.82.216.131 port 59320 ssh2 >>> Oct 13 13:46:20 pbx auth.info /usr/sbin/sshd[10197]: Invalid user shop >>> from 206.82.216.131 >>> Oct 13 13:46:20 pbx auth.err /usr/sbin/sshd[10197]: error: Could not get >>> shadow information for NOUSER >>> Oct 13 13:46:20 pbx auth.info /usr/sbin/sshd[10197]: Failed password for >>> invalid user shop from 206.82.216.131 port 59685 ssh2 >>> Oct 13 13:46:22 pbx auth.info /usr/sbin/sshd[10199]: Invalid user sales >>> from 206.82.216.131 >>> Oct 13 13:46:22 pbx auth.err /usr/sbin/sshd[10199]: error: Could not get >>> shadow information for NOUSER >>> Oct 13 13:46:22 pbx auth.info /usr/sbin/sshd[10199]: Failed password for >>> invalid user sales from 206.82.216.131 port 59751 ssh2 >>> Oct 13 13:46:24 pbx auth.info /usr/sbin/sshd[10201]: Invalid user web >>> from 206.82.216.131 >>> Oct 13 13:46:24 pbx auth.err /usr/sbin/sshd[10201]: error: Could not get >>> shadow information for NOUSER >>> Oct 13 13:46:24 pbx auth.info /usr/sbin/sshd[10201]: Failed password for >>> invalid user web from 206.82.216.131 port 59817 ssh2 >>> Oct 13 13:46:27 pbx auth.info /usr/sbin/sshd[10203]: Invalid user www >>> from 206.82.216.131 >>> Oct 13 13:46:27 pbx auth.err /usr/sbin/sshd[10203]: error: Could not get >>> shadow information for NOUSER >>> Oct 13 13:46:27 pbx auth.info /usr/sbin/sshd[10203]: Failed password for >>> invalid user www from 206.82.216.131 port 60224 ssh2 >>> Oct 13 13:46:29 pbx auth.info /usr/sbin/sshd[10205]: Invalid user wwwrun >>> from 206.82.216.131 >>> Oct 13 13:46:29 pbx auth.err /usr/sbin/sshd[10205]: error: Could not get >>> shadow information for NOUSER >>> Oct 13 13:46:29 pbx auth.info /usr/sbin/sshd[10205]: Failed password for >>> invalid user wwwrun from 206.82.216.131 port 60317 ssh2 >>> Oct 13 13:46:41 pbx auth.info /usr/sbin/sshd[10207]: Invalid user adam >>> from 206.82.216.131 >>> Oct 13 13:46:41 pbx auth.err /usr/sbin/sshd[10207]: error: Could not get >>> shadow information for NOUSER >>> Oct 13 13:46:41 pbx auth.info /usr/sbin/sshd[10207]: Failed password for >>> invalid user adam from 206.82.216.131 port 60709 ssh2 >>> >>> >>> The IP is from windnet.it a web-hosting company. >>> Is there a setting I can set-up to lock him out (black list his IP). >>> >>> In the mean I've gone back to 1.4.8 but I'm not sure this is not >>> happening and I am just not seeing it. >>> >>> Tanks for the help >>> >>> Daniel >>> > > Daniel, > > These are just common SSH brute force attacks. They shouldn't cause > your PBX to lock up or otherwise misbehave but you should do something > about them. Either filter TCP port 22 to the AstLinux machine or move > your SSH port to something other than 22. That will cause most of > them to go away. > > > Thanks Kristian,
Once I block the attacks, maybe I'll see the real problem in the status screen. Cheers ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
