What to do with a constant flow of attempts to login to my compuet?

What to do with a constant flow of attempts to login to my compuet?

Hetz Ben Hamo hetzbh at gmail.com
Sun Jan 3 17:30:51 IST 2010 

Hi,

simple answer: apt-get install denyhosts
Then setup the config file according to your needs and run this daemon. When
someone will pass the threshold, it will be added to  /etc/hosts.deny and
will be blocked.

You might want to complain about the abuser to this IP holder (Digitel
Philippines), by sending an email to netad at digitelone.com - They are in
charge of the IP you're mentioning.

Hetz

On Sun, Jan 3, 2010 at 4:34 PM, Gabor Szabo <szabgab at gmail.com> wrote:

> I just noticed someone bombarding my machine trying to login via ssh.
> >From auth.log
>
> Jan  3 06:31:48 s6 sshd[22774]: Failed password for invalid user
> amavisd from 202.138.142.216 port 35172 ssh2
> Jan  3 06:31:48 s6 sshd[22773]: Failed password for invalid user
> clamav from 202.138.142.216 port 39941 ssh2
> Jan  3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216
> Jan  3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user
> unknown
> Jan  3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216
> Jan  3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216
> Jan  3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user
> unknown
> Jan  3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216
> Jan  3 06:31:52 s6 sshd[22780]: Failed password for invalid user
> clamav from 202.138.142.216 port 35699 ssh2
> Jan  3 06:31:52 s6 sshd[22781]: Failed password for invalid user
> appserver from 202.138.142.216 port 40470 ssh2
>
>
> So what is your suggestion. What to do with it?
>
> Gabor
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 
my blog (hebrew): http://benhamo.org
Skype: heunique
MSN: hetz-blog at benhamo.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20100103/0be3cb0f/attachment-0002.html>

More information about the Linux-il mailing list