Hello guys,
Recently, (a month or two back) I have been seeing a bit of portscans
and dictionary based attacks on my server. Luckily i have only SSH in
there, but i find that as days pass by, the scans are becoming more and
more intensive.
Somebody can comment on the logs that i have ? Something i can do to
avoid these ? I know that moving the SSH port to an obscure will help,
but it would be only as long as finding the active port.
In such a case what i can do against the attacker ?
Thanks,
Manu
Feb 20 17:03:44 bh sshd[28569]: Invalid user ixess from
::ffff:202.26.148.130
Feb 20 17:03:47 bh sshd[28571]: Invalid user gnats from
::ffff:202.26.148.130
Feb 20 17:03:50 bh sshd[28573]: Invalid user gnats from
::ffff:202.26.148.130
Feb 20 17:03:54 bh sshd[28575]: Invalid user gnats from
::ffff:202.26.148.130
Feb 20 17:03:57 bh sshd[28577]: Invalid user gnats from
::ffff:202.26.148.130
Feb 20 17:04:00 bh sshd[28579]: Invalid user mdom from ::ffff:202.26.148.130
Feb 20 17:04:04 bh sshd[28581]: Invalid user mdom from ::ffff:202.26.148.130
Feb 20 17:04:07 bh sshd[28583]: Invalid user mdom from ::ffff:202.26.148.130
Feb 20 17:04:10 bh sshd[28585]: Invalid user mdom from ::ffff:202.26.148.130
Feb 20 17:04:14 bh sshd[28587]: Invalid user lnx from ::ffff:202.26.148.130
Feb 20 17:04:17 bh sshd[28589]: Invalid user lnx from ::ffff:202.26.148.130
Feb 20 17:04:20 bh sshd[28591]: Invalid user lnx from ::ffff:202.26.148.130
Feb 20 17:04:23 bh sshd[28593]: Invalid user lnx from ::ffff:202.26.148.130
Feb 20 17:04:27 bh sshd[28595]: Invalid user exam from ::ffff:202.26.148.130
<snip>
Feb 20 18:39:18 bh sshd[28744]: Invalid user theo from
::ffff:218.189.146.172
Feb 20 18:39:18 bh sshd[28744]: reverse mapping checking getaddrinfo for
bbs-172-146-189-218.on-nets.com failed - POSSIBLE BREAKIN ATTEMPT!
Feb 20 18:39:20 bh sshd[28746]: Invalid user theo from
::ffff:218.189.146.172
Feb 20 18:39:20 bh sshd[28746]: reverse mapping checking getaddrinfo for
bbs-172-146-189-218.on-nets.com failed - POSSIBLE BREAKIN ATTEMPT!
Feb 20 18:39:21 bh sshd[28748]: Invalid user theo from
::ffff:218.189.146.172
Feb 20 18:39:21 bh sshd[28748]: reverse mapping checking getaddrinfo for
bbs-172-146-189-218.on-nets.com failed - POSSIBLE BREAKIN ATTEMPT!
Feb 20 18:39:22 bh sshd[28742]: reverse mapping checking getaddrinfo for
bbs-172-146-189-218.on-nets.com failed - POSSIBLE BREAKIN ATTEMPT!
Feb 20 18:39:22 bh sshd[28750]: Invalid user philip from
::ffff:218.189.146.172
Feb 20 18:39:22 bh sshd[28750]: reverse mapping checking getaddrinfo for
bbs-172-146-189-218.on-nets.com failed - POSSIBLE BREAKIN ATTEMPT!
<snip>
Feb 25 15:50:47 bh sshd[19323]: Invalid user sloan from ::ffff:69.56.181.138
Feb 25 15:50:47 bh sshd[19323]: reverse mapping checking getaddrinfo for
69-56-181-138.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Feb 25 15:50:49 bh sshd[19325]: Invalid user sloane from
::ffff:69.56.181.138
Feb 25 15:50:49 bh sshd[19325]: reverse mapping checking getaddrinfo for
69-56-181-138.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Feb 25 15:50:52 bh sshd[19327]: Invalid user snoop from ::ffff:69.56.181.138
Feb 25 15:50:52 bh sshd[19327]: reverse mapping checking getaddrinfo for
69-56-181-138.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Feb 25 15:50:54 bh sshd[19329]: Invalid user snoopy from
::ffff:69.56.181.138
Feb 25 15:50:54 bh sshd[19329]: reverse mapping checking getaddrinfo for
69-56-181-138.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Feb 25 15:50:57 bh sshd[19331]: Invalid user sonia from ::ffff:69.56.181.138
Feb 25 15:50:57 bh sshd[19331]: reverse mapping checking getaddrinfo for
69-56-181-138.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Feb 25 15:50:59 bh sshd[19333]: Invalid user sonny from ::ffff:69.56.181.138
Feb 25 15:50:59 bh sshd[19333]: reverse mapping checking getaddrinfo for
69-56-181-138.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Feb 25 16:06:43 bh sshd[20113]: Invalid user catherine from
::ffff:69.56.181.138
Feb 25 16:06:43 bh sshd[20113]: reverse mapping checking getaddrinfo for
69-56-181-138.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/dubailug/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
