Quoting Jon Moss jon.moss@cnonline.net:
I saw your modification in my research. Thanks for confirming it. I'll add it to my hosts.allow file.
Thanks for the quick responses.
You can also use iptables to restrict access to port 22, btw. You could combine this with tcpwrappers and have "security in layers." Hell, modify your sshd config file and further restrict access there too.
As for the attempted logins you're seeing in your secure.log file, I have 11 Linux servers that are hit daily by these attempts. It's a scripted attack that seems to wax and wain periodically. I wouldn't be too concerned about it. Sure keep an eye on your log files, check them every day. And be sure you've got good complex passwords on your accounts.
What you've seen is pretty mundane. It's not a hack... yet. It is an attempt to hack using common account names and passwords.
-- Dave Hull http://insipid.com