Hi, here's another logs from another site:
Jun 8 08:39:01 pfsense sshd[32290]: Invalid user emma from 125.208.2.125 Jun 8 08:39:01 pfsense sshd[32290]: Failed password for invalid user emma from 125.208.2.125 port 56664 ssh2 Jun 8 08:39:05 pfsense sshd[32293]: Invalid user emma from 125.208.2.125 Jun 8 08:39:05 pfsense sshd[32293]: Failed password for invalid user emma from 125.208.2.125 port 57649 ssh2 Jun 8 08:39:08 pfsense sshd[32295]: Invalid user emma from 125.208.2.125 Jun 8 08:39:08 pfsense sshd[32295]: Failed password for invalid user emma from 125.208.2.125 port 58690 ssh2 Jun 8 08:39:12 pfsense sshd[32298]: Invalid user olivia from 125.208.2.125 Jun 8 08:39:12 pfsense sshd[32298]: Failed password for invalid user olivia fro m 125.208.2.125 port 59678 ssh2 Jun 8 08:39:15 pfsense sshd[32370]: Invalid user olivia from 125.208.2.125 Jun 8 08:39:15 pfsense sshd[32370]: Failed password for invalid user olivia fro m 125.208.2.125 port 60673 ssh2 Jun 8 08:39:19 pfsense sshd[32382]: Invalid user olivia from 125.208.2.125 Jun 8 08:39:19 pfsense sshd[32382]: Failed password for invalid user olivia fro m 125.208.2.125 port 61798 ssh2 Jun 8 08:39:23 pfsense sshd[32384]: Invalid user madison from 125.208.2.125 Jun 8 08:39:23 pfsense sshd[32384]: Failed password for invalid user madison fr om 125.208.2.125 port 62755 ssh2 Jun 8 08:39:26 pfsense sshd[32387]: Invalid user madison from 125.208.2.125 Jun 8 08:39:26 pfsense sshd[32387]: Failed password for invalid user madison fr om 125.208.2.125 port 63789 ssh2 Jun 8 08:39:31 pfsense sshd[32390]: Invalid user madison from 125.208.2.125 Jun 8 08:39:31 pfsense sshd[32390]: Failed password for invalid user madison fr om 125.208.2.125 port 64785 ssh2 How can i block all this invalid users from attempting to access my pfsense through SSH. Thanks, Joseph. On Mon, Jun 7, 2010 at 11:53 PM, Yehuda Katz <[email protected]> wrote: > On Mon, Jun 7, 2010 at 7:27 AM, Joseph Rotan <[email protected]>wrote: > >> Bula Aarno, >> >> thanks for the tip, but i'm a bit confused on the logs displayed below: >> >> Jun 7 23:13:29 pfSense sshd[7808]: Failed password for root from >> 220.189.230.151 port 48088 ssh2 >> Jun 7 23:13:31 pfSense sshd[7810]: Failed password for root from >> 220.189.230.151 port 48910 ssh2 >> Jun 7 23:13:34 pfSense sshd[7813]: Failed password for root from >> 220.189.230.151 port 49352 ssh2 >> Jun 7 23:13:36 pfSense sshd[7827]: Failed password for root from >> 220.189.230.151 port 50339 ssh2 >> Jun 7 23:13:42 pfSense sshd[7831]: Failed password for root from >> 220.189.230.151 port 50994 ssh2 >> # Jun 7 23:13:29 pfSense sshd[7808]: Failed password for root from >> 220.189.230.151 port 48088 ssh2 >> I can't understand what the above logs are, can you please advise how can >> i view the captive portal logins or what will be the command on the shell to >> view it. >> >> > I don't know anything about logs for the captive portal, but those lines > from the log indicate that someone tried to log in to your pfSense using SSH > (Putty or similar program) and got the password wrong. If that person was > not you (and you can find your IP address by going to > http://checkip.dyndns.org), then you may want to block that IP address > from accessing SSH. I always recommend when I set up pfSense that the port > for SSH be changed to prevent automated password guessing; I use port 2292. > That setting is under System->Advanced (don't forget to adjust your firewall > rule). > > - YK >
