On Mon, Jun 7, 2010 at 7:27 AM, Joseph Rotan <[email protected]> wrote:
> Bula Aarno, > > thanks for the tip, but i'm a bit confused on the logs displayed below: > > Jun 7 23:13:29 pfSense sshd[7808]: Failed password for root from > 220.189.230.151 port 48088 ssh2 > Jun 7 23:13:31 pfSense sshd[7810]: Failed password for root from > 220.189.230.151 port 48910 ssh2 > Jun 7 23:13:34 pfSense sshd[7813]: Failed password for root from > 220.189.230.151 port 49352 ssh2 > Jun 7 23:13:36 pfSense sshd[7827]: Failed password for root from > 220.189.230.151 port 50339 ssh2 > Jun 7 23:13:42 pfSense sshd[7831]: Failed password for root from > 220.189.230.151 port 50994 ssh2 > # Jun 7 23:13:29 pfSense sshd[7808]: Failed password for root from > 220.189.230.151 port 48088 ssh2 > I can't understand what the above logs are, can you please advise how can > i view the captive portal logins or what will be the command on the shell to > view it. > > I don't know anything about logs for the captive portal, but those lines from the log indicate that someone tried to log in to your pfSense using SSH (Putty or similar program) and got the password wrong. If that person was not you (and you can find your IP address by going to http://checkip.dyndns.org), then you may want to block that IP address from accessing SSH. I always recommend when I set up pfSense that the port for SSH be changed to prevent automated password guessing; I use port 2292. That setting is under System->Advanced (don't forget to adjust your firewall rule). - YK
