Dear Frirends,
Pl. help , I am receving the cron email from mine server with the following
result from the last few days.
Day 1:
crond:
Unknown Entries:
session closed for user root: 103 Time(s)
session opened for user root by (uid=0): 102 Time(s)
session closed for user drweb: 40 Time(s)
session opened for user drweb by (uid=0): 40 Time(s)
sshd:
Authentication Failures:
unknown (210.77.121.246): 1215 Time(s)
root (210.77.121.246): 229 Time(s)
postgres (210.77.121.246): 37 Time(s)
news (210.77.121.246): 20 Time(s)
mysql (210.77.121.246): 13 Time(s)
bin (210.77.121.246): 11 Time(s)
ftp ( 210.77.121.246): 11 Time(s)
mail (210.77.121.246): 11 Time(s)
rpm (210.77.121.246): 11 Time(s)
games (210.77.121.246): 10 Time(s)
...................
...............
Invalid Users:
Unknown Account: 1218 Time(s)
--------------------- Connections (secure-log) Begin
------------------------
Connections:
Service ftp:
<mine IP>: 1 Time(s)
Service poppassd:
82.82.100.96: 5 Time(s)
---------------------- Connections (secure-log) End
-------------------------
--------------------- SSHD Begin ------------------------
Failed logins from these:
adm/password from ::ffff: 210.77.121.246: 7 Time(s)
apache/password from ::ffff:210.77.121.246: 8 Time(s)
bin/password from ::ffff:210.77.121.246: 11 Time(s)
daemon/password from ::ffff:210.77.121.246: 3 Time(s)
ftp/password from ::ffff:210.77.121.246: 11 Time(s)
games/password from ::ffff:210.77.121.246: 10 Time(s)
..............................
..............................
**Unmatched Entries**
Invalid user fluffy from ::ffff:210.77.121.246
Invalid user fluffy from ::ffff:210.77.121.246
Invalid user fluffy from ::ffff: 210.77.121.246
Failed password for invalid user fluffy from ::ffff:210.77.121.246 port
48294 ssh2
Failed password for invalid user fluffy from ::ffff:210.77.121.246 port
48314 ssh2
Failed password for invalid user fluffy from ::ffff:210.77.121.246 port
48333 ssh2
Invalid user admin from ::ffff:210.77.121.246
Invalid user admin from ::ffff:210.77.121.246
Invalid user admin from ::ffff:210.77.121.246
Failed password for invalid user admin from ::ffff:210.77.121.246 port 48406
ssh2
Failed password for invalid user admin from ::ffff:210.77.121.246 port 48423
ssh2
Failed password for invalid user admin from ::ffff:210.77.121.246 port 48445
ssh2
Invalid user test from ::ffff:210.77.121.246
Invalid user test from ::ffff:210.77.121.246
Invalid user test from ::ffff: 210.77.121.246
Failed password for invalid user test from ::ffff:210.77.121.246 port 48513
ssh2
..........................
...........................
............................
Similar was for other days but the IPs were different. Other day that were
209.137.192.40
I do not know how to protect mine Server. Pl. help me. I have Plesk+RHEL .
Thanks for your time and effort.
--
Regards
Abhishek Jain
_______________________________________________
ilugd mailinglist -- [email protected]
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
http://www.mail-archive.com/[email protected]/
