[HanoiLUG] Server Login Attempts

Fri, 12 Nov 2010 21:06:49 -0800 

Hello there,
I am worrying about my server in Germany. October the 20th I reinstalled OpenSuSE (11.1) on it, and since it's been running non-stop. Once I was wondering about why it was so slow, so I logged in via ssh, launched top and was very surprised to see a load average of 12-13. Well, I didn't wory about it because it's a game server and they have huge loads sometimes, until I went through the server logs: /var/log/warn has 3535 (!) lines, with about 90% being like this: Nov 13 03:38:52 h1331727 sshd[20094]: error: PAM: Authentication failure for root from 190.2.3.85 Nov 13 03:53:47 h1331727 sshd[23743]: error: PAM: Authentication failure for root from 190.2.3.85 Nov 13 04:08:45 h1331727 sshd[28120]: error: PAM: Authentication failure for root from 93.157.210.254 Nov 13 04:22:31 h1331727 sshd[30560]: error: PAM: Authentication failure for root from ip-62-129-164-36.evc.net Nov 13 04:37:13 h1331727 sshd[2025]: error: PAM: Authentication failure for root from 190.2.3.85 Nov 13 04:52:40 h1331727 sshd[7289]: error: PAM: Authentication failure for root from ip-62-129-164-36.evc.net Nov 13 05:05:55 h1331727 sshd[9986]: error: PAM: Authentication failure for root from 180.168.5.184 Nov 13 05:20:58 h1331727 sshd[13811]: error: PAM: Authentication failure for root from 95.155.122.12 Nov 13 05:36:50 h1331727 sshd[17993]: error: PAM: Authentication failure for root from ip-62-129-164-36.evc.net Nov 13 05:49:47 h1331727 sshd[21508]: error: PAM: Authentication failure for root from 190.144.81.234 


So, you can see the pattern: random IPs trying to log in as root... This 
might be usual for servers, but still, what do you suggest me to do to 
prevent people from gaining access? I do have a secure password, and I 
have been suggested to move the ssh port and stuf, does anyone have any 
more suggestions?



Btw: I have CCd this to the main hanoilug also, because there seems to 
be little activity on the hanoilug-english.


Cheers, Patrick
_______________________________________________
POST RULES : http://wiki.hanoilug.org/hanoilug:mailing_list_guidelines
_______________________________________________
HanoiLUG mailing lists: http://lists.hanoilug.org/
HanoiLUG wiki: http://wiki.hanoilug.org/
HanoiLUG blog: http://blog.hanoilug.org/






















					Trả lời cho