Re: [ilugd] Someone trying to break pass mine server pl. help

Sun, 09 Apr 2006 22:46:56 -0700 

run #tail -f /var/log/message and #tail -f /var/log/secure  and see the out
put...

Thanks
-Manish Popli




On 4/10/06, abhishek jain <[EMAIL PROTECTED]> wrote:
>
> Dear Frirends,
> Pl. help , I am receving the cron email from mine server with the
> following
> result from the last few days.
>
> Day 1:
> crond:
> Unknown Entries:
>     session closed for user root: 103 Time(s)
>     session opened for user root by (uid=0): 102 Time(s)
>     session closed for user drweb: 40 Time(s)
>     session opened for user drweb by (uid=0): 40 Time(s)
>
> sshd:
> Authentication Failures:
>     unknown (210.77.121.246): 1215 Time(s)
>     root (210.77.121.246): 229 Time(s)
>     postgres (210.77.121.246): 37 Time(s)
>     news (210.77.121.246): 20 Time(s)
>     mysql (210.77.121.246): 13 Time(s)
>     bin (210.77.121.246): 11 Time(s)
>     ftp ( 210.77.121.246): 11 Time(s)
>     mail (210.77.121.246): 11 Time(s)
>     rpm (210.77.121.246): 11 Time(s)
>     games (210.77.121.246): 10 Time(s)
> ...................
> ...............
> Invalid Users:
>     Unknown Account: 1218 Time(s)
>
>
> --------------------- Connections (secure-log) Begin
> ------------------------
>
>
> Connections:
> Service ftp:
>    <mine IP>: 1 Time(s)
> Service poppassd:
>     82.82.100.96: 5 Time(s)
>
> ---------------------- Connections (secure-log) End
> -------------------------
>
>
> --------------------- SSHD Begin ------------------------
>
>
> Failed logins from these:
> adm/password from ::ffff: 210.77.121.246: 7 Time(s)
> apache/password from ::ffff:210.77.121.246: 8 Time(s)
> bin/password from ::ffff:210.77.121.246: 11 Time(s)
> daemon/password from ::ffff:210.77.121.246: 3 Time(s)
> ftp/password from ::ffff:210.77.121.246: 11 Time(s)
> games/password from ::ffff:210.77.121.246: 10 Time(s)
> ..............................
> ..............................
>
> **Unmatched Entries**
> Invalid user fluffy from ::ffff:210.77.121.246
> Invalid user fluffy from ::ffff:210.77.121.246
> Invalid user fluffy from ::ffff: 210.77.121.246
> Failed password for invalid user fluffy from ::ffff:210.77.121.246 port
> 48294 ssh2
> Failed password for invalid user fluffy from ::ffff:210.77.121.246 port
> 48314 ssh2
> Failed password for invalid user fluffy from ::ffff:210.77.121.246 port
> 48333 ssh2
> Invalid user admin from ::ffff:210.77.121.246
> Invalid user admin from ::ffff:210.77.121.246
> Invalid user admin from ::ffff:210.77.121.246
> Failed password for invalid user admin from ::ffff:210.77.121.246 port
> 48406
> ssh2
> Failed password for invalid user admin from ::ffff:210.77.121.246 port
> 48423
> ssh2
> Failed password for invalid user admin from ::ffff:210.77.121.246 port
> 48445
> ssh2
> Invalid user test from ::ffff:210.77.121.246
> Invalid user test from ::ffff:210.77.121.246
> Invalid user test from ::ffff: 210.77.121.246
> Failed password for invalid user test from ::ffff:210.77.121.246 port
> 48513
> ssh2
> ..........................
> ...........................
> ............................
>
>
>
> Similar was for other days but the IPs were different. Other day that were
> 209.137.192.40
>
>
> I do not know how to protect mine Server. Pl. help me. I have Plesk+RHEL .
> Thanks for your time and effort.
> --
> Regards
> Abhishek Jain
> _______________________________________________
> ilugd mailinglist -- [email protected]
> http://frodo.hserus.net/mailman/listinfo/ilugd
> Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
> http://www.mail-archive.com/[email protected]/
>
>


--
Manish Popli
_______________________________________________
ilugd mailinglist -- [email protected]
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/[email protected]/

Reply via email to