> In my ssh logs this morning I noticed a couple login attempts with > usenames on them... I've never seen that before. It is usually just an > IP address. > > Mar 18 20:19:48 [sshd] refused connect from > [email protected] > Mar 18 23:42:44 [sshd] refused connect from 211.116.136.107 > Mar 18 23:44:44 [sshd] refused connect from > [[email protected] > Mar 19 02:41:09 [sshd] refused connect from 221.194.128.66 > > weird... maybe the bad guys are up to something new.
I'd say they've just made a mistake in their DNS config (or maybe used a wildcard record), and set the PTR record to be [email protected] instead of a hostname. I'm assuming the reason you usually see IP addresses is that there is no PTR record set for that IP.... Are you running Fail2ban or similar? Rgs, Adam
