<div dir="ltr">Few suggestions:<br>1. after 3 unsuccesful logins knock the user out (no matter who is the user). <br>2. ban the ip in iptables. you can see it's the same ip all the time. this ip is from the <code>Philippines</code>
<br>
<a href="http://www.dnsstuff.com/tools/ipall/?tool_id=67&token=&toolhandler_redirect=0&ip=202.138.142.216">http://www.dnsstuff.com/tools/ipall/?tool_id=67&token=&toolhandler_redirect=0&ip=202.138.142.216</a><br>
3. check if you happen to have root login via ssh and disable it, in case this options appears. check in ssh.conf options<br>4. move to other port other than 22 is a good practice, but in this case, they scan your ports, so it won't help. <br>
<br><div class="gmail_quote">On Sun, Jan 3, 2010 at 4:34 PM, Gabor Szabo <span dir="ltr"><<a href="mailto:szabgab@gmail.com">szabgab@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I just noticed someone bombarding my machine trying to login via ssh.<br>
>From auth.log<br>
<br>
Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user<br>
amavisd from 202.138.142.216 port 35172 ssh2<br>
Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user<br>
clamav from 202.138.142.216 port 39941 ssh2<br>
Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216<br>
Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown<br>
Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication<br>
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216<br>
Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216<br>
Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown<br>
Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication<br>
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216<br>
Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user<br>
clamav from 202.138.142.216 port 35699 ssh2<br>
Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user<br>
appserver from 202.138.142.216 port 40470 ssh2<br>
<br>
<br>
So what is your suggestion. What to do with it?<br>
<br>
Gabor<br>
<br>
_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
</blockquote></div><br></div>