On Thursday 26 April 2007, Andreas Widerøe Andersen said: > I'm getting a lot of unauthorized ssh login attempts. I have a > pretty basic FreeBSD 6.2 setup. I have compiled my own kernel. > Here's what I get from my daily security run output: > > myserver.domain.com login failures: > Apr 25 20:00:19 myserver sshd[57810]: Invalid user staff from > 65.171.74.26 Apr 25 20:00:22 myserver sshd[57812]: Invalid user > sales from 65.171.74.26 Apr 25 20:00:24 myserver sshd[57814]: > Invalid user recruit from 65.171.74.26 Apr 25 20:00:26 myserver > sshd[57816]: Invalid user alias from 65.171.74.26 Apr 25 20:00:28 > myserver sshd[57818]: Invalid user office from 65.171.74.26 Apr 25 > 20:00:30 myserver sshd[57820]: Invalid user samba from 65.171.74.26 > Apr 25 20:00:32 myserver sshd[57822]: Invalid user tomcat from > 65.171.74.26 Apr 25 20:00:34 myserver sshd[57824]: Invalid user > webadmin from 65.171.74.26 > Apr 25 20:00:36 myserver sshd[57826]: Invalid user spam from > 65.171.74.26 Apr 25 20:00:38 myserver sshd[57828]: Invalid user > virus from 65.171.74.26 Apr 25 20:00:41 myserver sshd[57830]: > Invalid user cyrus from 65.171.74.26 Apr 25 20:00:43 myserver > sshd[57832]: Invalid user oracle from 65.171.74.26 Apr 25 20:00:45 > myserver sshd[57834]: Invalid user michael from 65.171.74.26 Apr 25 > 20:00:47 myserver sshd[57836]: Invalid user ftp from 65.171.74.26 > Apr 25 20:00:49 myserver sshd[57838]: Invalid user test from > 65.171.74.26 Apr 25 20:00:51 myserver sshd[57840]: Invalid user > webmaster from 65.171.74.26 > Apr 25 20:00:53 myserver sshd[57842]: Invalid user postmaster from > 65.171.74.26 > Apr 25 20:00:56 myserver sshd[57844]: Invalid user postfix from > 65.171.74.26 Apr 25 20:00:57 myserver sshd[57846]: Invalid user > postgres from 65.171.74.26 > Apr 25 20:00:59 myserver sshd[57848]: Invalid user paul from > 65.171.74.26 Apr 25 20:01:04 myserver sshd[57852]: Invalid user > guest from 65.171.74.26 Apr 25 20:01:06 myserver sshd[57854]: > Invalid user admin from 65.171.74.26 Apr 25 20:01:08 myserver > sshd[57856]: Invalid user linux from 65.171.74.26 Apr 25 20:01:11 > myserver sshd[57858]: Invalid user user from 65.171.74.26 Apr 25 > 20:01:13 myserver sshd[57860]: Invalid user david from 65.171.74.26 > > How can I stop these attempts or block them - or even recognize > them? I do not have IPF installed. > > Thanks for your help. > > Best regards, > Andreas
Check out denyhosts, it's in the tree. It works well for me and is easy to set up. Beech -- --------------------------------------------------------------------------------------- Beech Rintoul - Port Maintainer - [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.freebsd.org/releases/6.2R/announce.html --------------------------------------------------------------------------------------- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"