What to do with a constant flow of attempts to login to my compuet?
Gabor Szabo
szabgab at gmail.com
Sun Jan 3 16:34:29 IST 2010
I just noticed someone bombarding my machine trying to login via ssh.
>From auth.log
Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user
amavisd from 202.138.142.216 port 35172 ssh2
Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user
clamav from 202.138.142.216 port 39941 ssh2
Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216
Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown
Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216
Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216
Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown
Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216
Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user
clamav from 202.138.142.216 port 35699 ssh2
Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user
appserver from 202.138.142.216 port 40470 ssh2
So what is your suggestion. What to do with it?
Gabor
More information about the Linux-il
mailing list