21 Oct
2004
21 Oct
'04
12:14 p.m.
My secure log (below) seems to indicate that someone is trying to hack into one of my Linux servers.
I only have my Linux workstation's SSH port forwarded through my hardware firewall router. The other server (the church one) does not have anything except the HTTP port (and a non-standard one at that) forwarded.
I will probably change my root password. I only have five user accounts on the Linux workstation (non of which are root equivalents).
What else should I do? Can I change the configuration of SSH to prevent repeated attempts from the same IP address?
--
Thanks very much,
Jon Moss
jon.moss@cnonline.net
secure.1
Oct 12 06:44:20 mosslinux sshd[25677]: Failed password for nobody from
69.90.173.254 port 47210 ssh2
Oct 12 06:44:20 mosslinux sshd[25679]: Illegal user patrick from
69.90.173.254
Oct 12 06:44:23 mosslinux sshd[25679]: Failed password for illegal user
patrick from 69.90.173.254 port 47225 ssh2
Oct 12 06:44:23 mosslinux sshd[25681]: Illegal user patrick from
69.90.173.254
Oct 12 06:44:25 mosslinux sshd[25681]: Failed password for illegal user
patrick from 69.90.173.254 port 47242 ssh2
Oct 12 06:44:28 mosslinux sshd[25685]: Failed password for root from
69.90.173.254 port 47257 ssh2
Oct 12 06:44:29 mosslinux sshd[25683]: Failed password for root from
211.251.71.2 port 46109 ssh2
Oct 12 06:44:31 mosslinux sshd[25687]: Failed password for root from
69.90.173.254 port 47273 ssh2
Oct 12 06:44:34 mosslinux sshd[25689]: Failed password for root from
69.90.173.254 port 47288 ssh2
Oct 12 06:44:37 mosslinux sshd[25691]: Failed password for root from
69.90.173.254 port 47303 ssh2
Oct 12 06:44:40 mosslinux sshd[25695]: Illegal user guest from 211.251.71.2
Oct 12 06:44:40 mosslinux sshd[25693]: Failed password for root from
69.90.173.254 port 47316 ssh2
Oct 12 06:44:40 mosslinux sshd[25698]: Illegal user rolo from 69.90.173.254
Oct 12 06:44:42 mosslinux sshd[25697]: Illegal user oracle from 211.251.71.2
Oct 12 06:44:42 mosslinux sshd[25695]: Failed password for illegal user
guest from 211.251.71.2 port 46435 ssh2
Oct 12 06:44:43 mosslinux sshd[25698]: Failed password for illegal user
rolo from 69.90.173.254 port 47330 ssh2
Oct 12 06:44:43 mosslinux sshd[25701]: Illegal user iceuser from
69.90.173.254
Oct 12 06:44:45 mosslinux sshd[25697]: Failed password for illegal user
oracle from 211.251.71.2 port 46486 ssh2
Oct 12 06:44:46 mosslinux sshd[25701]: Failed password for illegal user
iceuser from 69.90.173.254 port 47344 ssh2
Oct 12 06:44:46 mosslinux sshd[25703]: Illegal user horde from 69.90.173.254
Oct 12 06:44:49 mosslinux sshd[25703]: Failed password for illegal user
horde from 69.90.173.254 port 47359 ssh2
Oct 12 06:44:49 mosslinux sshd[25705]: Illegal user cyrus from 69.90.173.254
Oct 12 06:44:51 mosslinux sshd[25707]: Illegal user oracle from 211.251.71.2
Oct 12 06:44:52 mosslinux sshd[25705]: Failed password for illegal user
cyrus from 69.90.173.254 port 47372 ssh2
Oct 12 06:44:52 mosslinux sshd[25711]: Illegal user www from 69.90.173.254
Oct 12 06:44:53 mosslinux sshd[25709]: Illegal user informix from
211.251.71.2
Oct 12 06:44:53 mosslinux sshd[25707]: Failed password for illegal user
oracle from 211.251.71.2 port 46727 ssh2
Oct 12 06:44:54 mosslinux sshd[25711]: Failed password for illegal user
www from 69.90.173.254 port 47387 ssh2
Oct 12 06:44:55 mosslinux sshd[25713]: Illegal user oracle from 211.251.71.2
Oct 12 06:44:55 mosslinux sshd[25721]: Illegal user wwwrun from 69.90.173.254
Oct 12 06:44:56 mosslinux sshd[25709]: Failed password for illegal user
informix from 211.251.71.2 port 46763 ssh2
Oct 12 06:44:56 mosslinux sshd[25715]: Illegal user oracle from 211.251.71.2
Oct 12 06:44:56 mosslinux sshd[25717]: Illegal user oracle9 from 211.251.71.2
Oct 12 06:44:57 mosslinux sshd[25721]: Failed password for illegal user
wwwrun from 69.90.173.254 port 47403 ssh2
Oct 12 06:44:57 mosslinux sshd[25713]: Failed password for illegal user
oracle from 211.251.71.2 port 46813 ssh2
Oct 12 06:44:58 mosslinux sshd[25725]: Illegal user matt from 69.90.173.254
Oct 12 06:44:58 mosslinux sshd[25723]: Illegal user gateway from 211.251.71.2
Oct 12 06:44:58 mosslinux sshd[25715]: Failed password for illegal user
oracle from 211.251.71.2 port 46835 ssh2
Oct 12 06:44:58 mosslinux sshd[25717]: Failed password for illegal user
oracle9 from 211.251.71.2 port 46841 ssh2
Oct 12 06:45:00 mosslinux sshd[25725]: Failed password for illegal user
matt from 69.90.173.254 port 47424 ssh2
Oct 12 06:45:01 mosslinux sshd[25723]: Failed password for illegal user
gateway from 211.251.71.2 port 46895 ssh2
Oct 12 06:45:01 mosslinux sshd[25727]: Illegal user test from 69.90.173.254
Oct 12 06:45:04 mosslinux sshd[25727]: Failed password for illegal user
test from 69.90.173.254 port 47443 ssh2
Oct 12 06:45:04 mosslinux sshd[25738]: Illegal user test from 69.90.173.254
Oct 12 06:45:07 mosslinux sshd[25738]: Failed password for illegal user
test from 69.90.173.254 port 47465 ssh2
Oct 12 06:45:07 mosslinux sshd[25741]: Illegal user test from 69.90.173.254
Oct 12 06:45:08 mosslinux sshd[25737]: Failed password for root from
211.251.71.2 port 47065 ssh2
Oct 12 06:45:10 mosslinux sshd[25741]: Failed password for illegal user
test from 69.90.173.254 port 47482 ssh2
Oct 12 06:45:10 mosslinux sshd[25744]: Illegal user test from 69.90.173.254
Oct 12 06:45:12 mosslinux sshd[25744]: Failed password for illegal user
test from 69.90.173.254 port 47499 ssh2
Oct 12 06:45:13 mosslinux sshd[25751]: Illegal user www-data from
69.90.173.254
Oct 12 06:45:14 mosslinux sshd[25743]: Failed password for root from
211.251.71.2 port 47217 ssh2
Oct 12 06:45:15 mosslinux sshd[25747]: Failed password for root from
211.251.71.2 port 47235 ssh2
Oct 12 06:45:15 mosslinux sshd[25751]: Failed password for illegal user
www-data from 69.90.173.254 port 47516 ssh2
Oct 12 06:45:16 mosslinux sshd[25748]: Failed password for root from
211.251.71.2 port 47237 ssh2
Oct 12 06:45:18 mosslinux sshd[25754]: Failed password for root from
211.251.71.2 port 47312 ssh2
Oct 12 06:45:18 mosslinux sshd[25753]: Failed password for root from
211.251.71.2 port 47298 ssh2
Oct 12 06:45:18 mosslinux sshd[25758]: Failed password for mysql from
69.90.173.254 port 47533 ssh2
Oct 12 06:45:21 mosslinux sshd[25760]: Failed password for operator from
69.90.173.254 port 47551 ssh2
Oct 12 06:45:24 mosslinux sshd[25762]: Failed password for adm from
69.90.173.254 port 47566 ssh2
Oct 12 06:45:27 mosslinux sshd[25764]: Failed password for apache from
69.90.173.254 port 47581 ssh2
Oct 12 06:45:28 mosslinux sshd[25766]: Illegal user irc from 69.90.173.254
Oct 12 06:45:30 mosslinux sshd[25766]: Failed password for illegal user
irc from 69.90.173.254 port 47598 ssh2
Oct 12 06:45:30 mosslinux sshd[25768]: Illegal user irc from 69.90.173.254
Oct 12 06:45:33 mosslinux sshd[25768]: Failed password for illegal user
irc from 69.90.173.254 port 47618 ssh2
Oct 12 06:45:36 mosslinux sshd[25770]: Failed password for adm from
69.90.173.254 port 47639 ssh2
Oct 12 06:45:39 mosslinux sshd[25772]: Failed password for root from
69.90.173.254 port 47658 ssh2
Oct 12 06:45:42 mosslinux sshd[25774]: Failed password for root from
69.90.173.254 port 47677 ssh2
Oct 12 06:45:44 mosslinux sshd[25776]: Failed password for root from
69.90.173.254 port 47694 ssh2
Oct 12 06:45:45 mosslinux sshd[25778]: Illegal user jane from 69.90.173.254
Oct 12 06:45:47 mosslinux sshd[25778]: Failed password for illegal user
jane from 69.90.173.254 port 47708 ssh2
Oct 12 06:45:48 mosslinux sshd[25780]: Illegal user pamela from 69.90.173.254
Oct 12 06:45:50 mosslinux sshd[25780]: Failed password for illegal user
pamela from 69.90.173.254 port 47725 ssh2
Oct 12 06:45:53 mosslinux sshd[25782]: Failed password for root from
69.90.173.254 port 47737 ssh2
Oct 12 06:45:56 mosslinux sshd[25786]: Illegal user webadmin from
211.251.71.2
Oct 12 06:45:56 mosslinux sshd[25784]: Failed password for root from
69.90.173.254 port 47750 ssh2
Oct 12 06:45:58 mosslinux sshd[25786]: Failed password for illegal user
webadmin from 211.251.71.2 port 48305 ssh2
Oct 12 06:45:59 mosslinux sshd[25788]: Failed password for root from
69.90.173.254 port 47765 ssh2
Oct 12 06:46:02 mosslinux sshd[25792]: Failed password for root from
69.90.173.254 port 47782 ssh2
Oct 12 06:46:03 mosslinux sshd[25790]: Failed password for root from
211.251.71.2 port 48425 ssh2
Oct 12 06:46:05 mosslinux sshd[25794]: Failed password for root from
69.90.173.254 port 47798 ssh2
Oct 12 06:46:05 mosslinux sshd[25796]: Illegal user cosmin from 69.90.173.254
Oct 12 06:46:08 mosslinux sshd[25796]: Failed password for illegal user
cosmin from 69.90.173.254 port 47812 ssh2
Oct 12 06:46:11 mosslinux sshd[25798]: Failed password for root from
69.90.173.254 port 47829 ssh2
Oct 12 06:46:13 mosslinux sshd[25800]: Failed password for root from
69.90.173.254 port 47848 ssh2
Oct 12 06:46:16 mosslinux sshd[25802]: Failed password for root from
69.90.173.254 port 47867 ssh2
Oct 12 06:46:19 mosslinux sshd[25804]: Failed password for root from
69.90.173.254 port 47886 ssh2
Oct 12 06:46:22 mosslinux sshd[25806]: Failed password for root from
69.90.173.254 port 47904 ssh2
Oct 12 06:46:25 mosslinux sshd[25808]: Failed password for root from
69.90.173.254 port 47922 ssh2
Oct 12 06:46:28 mosslinux sshd[25810]: Failed password for root from
69.90.173.254 port 47942 ssh2
Oct 12 06:46:31 mosslinux sshd[25812]: Failed password for root from
69.90.173.254 port 47960 ssh2
Oct 12 06:46:34 mosslinux sshd[25814]: Failed password for root from
69.90.173.254 port 47979 ssh2
Oct 12 06:46:37 mosslinux sshd[25816]: Failed password for root from
69.90.173.254 port 47997 ssh2
Oct 12 06:46:40 mosslinux sshd[25818]: Failed password for root from
69.90.173.254 port 48017 ssh2
Oct 12 06:46:42 mosslinux sshd[25820]: Failed password for root from
69.90.173.254 port 48035 ssh2
Oct 12 06:46:45 mosslinux sshd[25822]: Failed password for root from
69.90.173.254 port 48056 ssh2
Oct 12 06:46:48 mosslinux sshd[25824]: Failed password for root from
69.90.173.254 port 48074 ssh2
Oct 12 06:46:51 mosslinux sshd[25826]: Failed password for root from
69.90.173.254 port 48093 ssh2
Oct 12 06:46:54 mosslinux sshd[25828]: Failed password for root from
69.90.173.254 port 48116 ssh2
Oct 12 06:46:57 mosslinux sshd[25830]: Failed password for root from
69.90.173.254 port 48134 ssh2
Oct 12 06:47:00 mosslinux sshd[25832]: Failed password for root from
69.90.173.254 port 48146 ssh2
Oct 12 06:47:03 mosslinux sshd[25834]: Failed password for root from
69.90.173.254 port 48158 ssh2
Oct 12 06:47:06 mosslinux sshd[25836]: Failed password for root from
69.90.173.254 port 48170 ssh2
Oct 12 06:47:09 mosslinux sshd[25838]: Failed password for root from
69.90.173.254 port 48181 ssh2
Oct 12 06:47:12 mosslinux sshd[25840]: Failed password for root from
69.90.173.254 port 48193 ssh2
Oct 12 06:47:14 mosslinux sshd[25842]: Failed password for root from
69.90.173.254 port 48206 ssh2
Oct 12 06:47:17 mosslinux sshd[25844]: Failed password for root from
69.90.173.254 port 48218 ssh2
Oct 12 06:47:20 mosslinux sshd[25846]: Failed password for root from
69.90.173.254 port 48229 ssh2
Oct 12 06:47:23 mosslinux sshd[25848]: Failed password for root from
69.90.173.254 port 48238 ssh2
Oct 12 06:47:25 mosslinux sshd[25850]: Failed password for nobody from
211.251.71.2 port 50462 ssh2
Oct 12 06:47:26 mosslinux sshd[25852]: Failed password for root from
69.90.173.254 port 48247 ssh2
Oct 12 06:47:27 mosslinux sshd[25854]: Illegal user webadmin from
211.251.71.2
Oct 12 06:47:29 mosslinux sshd[25856]: Failed password for root from
69.90.173.254 port 48257 ssh2
Oct 12 06:47:30 mosslinux sshd[25854]: Failed password for illegal user
webadmin from 211.251.71.2 port 50582 ssh2
Oct 12 06:47:32 mosslinux sshd[25858]: Failed password for root from
69.90.173.254 port 48268 ssh2
Oct 12 06:47:35 mosslinux sshd[25860]: Failed password for root from
211.251.71.2 port 50704 ssh2
Oct 12 06:47:35 mosslinux sshd[25862]: Failed password for root from
69.90.173.254 port 48278 ssh2
Oct 12 06:47:38 mosslinux sshd[25864]: Failed password for root from
69.90.173.254 port 48289 ssh2
Oct 12 06:47:41 mosslinux sshd[25866]: Failed password for root from
69.90.173.254 port 48299 ssh2
Oct 12 06:47:44 mosslinux sshd[25868]: Failed password for root from
69.90.173.254 port 48312 ssh2
Oct 12 06:47:46 mosslinux sshd[25870]: Failed password for root from
69.90.173.254 port 48321 ssh2
Oct 12 06:47:49 mosslinux sshd[25872]: Failed password for root from
69.90.173.254 port 48333 ssh2
Oct 12 06:47:52 mosslinux sshd[25874]: Failed password for root from
69.90.173.254 port 48342 ssh2
Oct 12 06:47:53 mosslinux sshd[25876]: Illegal user cip52 from 69.90.173.254
Oct 12 06:47:55 mosslinux sshd[25876]: Failed password for illegal user
cip52 from 69.90.173.254 port 48353 ssh2
Oct 12 06:47:56 mosslinux sshd[25878]: Illegal user cip51 from 69.90.173.254
Oct 12 06:47:58 mosslinux sshd[25878]: Failed password for illegal user
cip51 from 69.90.173.254 port 48364 ssh2
Oct 12 06:48:01 mosslinux sshd[25880]: Failed password for root from
69.90.173.254 port 48375 ssh2
Oct 12 06:48:01 mosslinux sshd[25882]: Illegal user noc from 69.90.173.254
Oct 12 06:48:04 mosslinux sshd[25882]: Failed password for illegal user
noc from 69.90.173.254 port 48390 ssh2
Oct 12 06:48:07 mosslinux sshd[25884]: Failed password for root from
69.90.173.254 port 48405 ssh2
Oct 12 06:48:10 mosslinux sshd[25886]: Failed password for root from
69.90.173.254 port 48420 ssh2
Oct 12 06:48:13 mosslinux sshd[25888]: Failed password for root from
69.90.173.254 port 48433 ssh2
Oct 12 06:48:15 mosslinux sshd[25890]: Failed password for root from
69.90.173.254 port 48442 ssh2
Oct 12 06:48:16 mosslinux sshd[25892]: Illegal user webmaster from
69.90.173.254
Oct 12 06:48:18 mosslinux sshd[25892]: Failed password for illegal user
webmaster from 69.90.173.254 port 48453 ssh2
Oct 12 06:48:19 mosslinux sshd[25894]: Illegal user data from 69.90.173.254
Oct 12 06:48:21 mosslinux sshd[25894]: Failed password for illegal user
data from 69.90.173.254 port 48465 ssh2
Oct 12 06:48:22 mosslinux sshd[25898]: Illegal user user from 69.90.173.254
Oct 12 06:48:23 mosslinux sshd[25896]: Failed password for postgres from
211.251.71.2 port 51922 ssh2
Oct 12 06:48:24 mosslinux sshd[25898]: Failed password for illegal user
user from 69.90.173.254 port 48476 ssh2
Oct 12 06:48:25 mosslinux sshd[25902]: Illegal user user from 69.90.173.254
Oct 12 06:48:27 mosslinux sshd[25902]: Failed password for illegal user
user from 69.90.173.254 port 48489 ssh2
Oct 12 06:48:28 mosslinux sshd[25904]: Illegal user user from 69.90.173.254
Oct 12 06:48:28 mosslinux sshd[25900]: Failed password for nobody from
211.251.71.2 port 52030 ssh2
Oct 12 06:48:30 mosslinux sshd[25904]: Failed password for illegal user
user from 69.90.173.254 port 48502 ssh2
Oct 12 06:48:30 mosslinux sshd[25906]: Illegal user webadmin from
211.251.71.2
Oct 12 06:48:31 mosslinux sshd[25908]: Illegal user web from 69.90.173.254
Oct 12 06:48:33 mosslinux sshd[25908]: Failed password for illegal user
web from 69.90.173.254 port 48514 ssh2
Oct 12 06:48:33 mosslinux sshd[25906]: Failed password for illegal user
webadmin from 211.251.71.2 port 52159 ssh2
Oct 12 06:48:33 mosslinux sshd[25910]: Illegal user web from 69.90.173.254
Oct 12 06:48:36 mosslinux sshd[25910]: Failed password for illegal user
web from 69.90.173.254 port 48525 ssh2
Oct 12 06:48:36 mosslinux sshd[25914]: Illegal user oracle from 69.90.173.254
Oct 12 06:48:38 mosslinux sshd[25912]: Failed password for root from
211.251.71.2 port 52276 ssh2
Oct 12 06:48:39 mosslinux sshd[25914]: Failed password for illegal user
oracle from 69.90.173.254 port 48537 ssh2
Oct 12 06:48:39 mosslinux sshd[25916]: Illegal user sybase from 69.90.173.254
Oct 12 06:48:42 mosslinux sshd[25916]: Failed password for illegal user
sybase from 69.90.173.254 port 48548 ssh2
Oct 12 06:48:42 mosslinux sshd[25918]: Illegal user master from 69.90.173.254
Oct 12 06:48:45 mosslinux sshd[25918]: Failed password for illegal user
master from 69.90.173.254 port 48562 ssh2
Oct 12 06:48:45 mosslinux sshd[25920]: Illegal user account from
69.90.173.254
Oct 12 06:48:47 mosslinux sshd[25920]: Failed password for illegal user
account from 69.90.173.254 port 48578 ssh2
Oct 12 06:48:48 mosslinux sshd[25922]: Illegal user backup from 69.90.173.254
Oct 12 06:48:50 mosslinux sshd[25922]: Failed password for illegal user
backup from 69.90.173.254 port 48595 ssh2
Oct 12 06:48:51 mosslinux sshd[25924]: Illegal user server from 69.90.173.254
Oct 12 06:48:53 mosslinux sshd[25924]: Failed password for illegal user
server from 69.90.173.254 port 48611 ssh2
Oct 12 06:48:54 mosslinux sshd[25926]: Illegal user adam from 69.90.173.254
Oct 12 06:48:56 mosslinux sshd[25926]: Failed password for illegal user
adam from 69.90.173.254 port 48620 ssh2
Oct 12 06:48:57 mosslinux sshd[25928]: Illegal user alan from 69.90.173.254
Oct 12 06:48:59 mosslinux sshd[25928]: Failed password for illegal user
alan from 69.90.173.254 port 48631 ssh2
Oct 12 06:49:00 mosslinux sshd[25930]: Illegal user frank from 69.90.173.254
Oct 12 06:49:02 mosslinux sshd[25930]: Failed password for illegal user
frank from 69.90.173.254 port 48640 ssh2
Oct 12 06:49:02 mosslinux sshd[25932]: Illegal user george from 69.90.173.254
Oct 12 06:49:05 mosslinux sshd[25932]: Failed password for illegal user
george from 69.90.173.254 port 48650 ssh2
Oct 12 06:49:05 mosslinux sshd[25934]: Illegal user henry from 69.90.173.254
Oct 12 06:49:08 mosslinux sshd[25934]: Failed password for illegal user
henry from 69.90.173.254 port 48660 ssh2
Oct 12 06:49:08 mosslinux sshd[25936]: Illegal user john from 69.90.173.254
Oct 12 06:49:11 mosslinux sshd[25936]: Failed password for illegal user
john from 69.90.173.254 port 48672 ssh2
Oct 12 06:49:14 mosslinux sshd[25938]: Failed password for root from
69.90.173.254 port 48684 ssh2
Oct 12 06:49:16 mosslinux sshd[25940]: Failed password for root from
69.90.173.254 port 48695 ssh2
Oct 12 06:49:19 mosslinux sshd[25942]: Failed password for root from
69.90.173.254 port 48705 ssh2
Oct 12 06:49:22 mosslinux sshd[25944]: Failed password for root from
69.90.173.254 port 48716 ssh2
Oct 12 06:49:23 mosslinux sshd[25946]: Illegal user oracle from 211.251.71.2
Oct 12 06:49:25 mosslinux sshd[25948]: Failed password for root from
69.90.173.254 port 48732 ssh2
Oct 12 06:49:25 mosslinux sshd[25946]: Failed password for illegal user
oracle from 211.251.71.2 port 53403 ssh2
Oct 12 06:49:26 mosslinux sshd[25950]: Illegal user test from 69.90.173.254
Oct 12 06:49:28 mosslinux sshd[25950]: Failed password for illegal user
test from 69.90.173.254 port 48751 ssh2
Oct 12 06:49:30 mosslinux sshd[25952]: Failed password for postgres from
211.251.71.2 port 53501 ssh2
Oct 12 06:49:35 mosslinux sshd[25954]: Failed password for nobody from
211.251.71.2 port 53621 ssh2
Oct 12 06:49:38 mosslinux sshd[25956]: Illegal user webadmin from
211.251.71.2
Oct 12 06:49:40 mosslinux sshd[25956]: Failed password for illegal user
webadmin from 211.251.71.2 port 53723 ssh2
Oct 12 06:49:45 mosslinux sshd[25958]: Failed password for root from
211.251.71.2 port 53844 ssh2
Oct 12 10:12:36 mosslinux sshd[26361]: Did not receive identification
string from 69.44.125.184
Oct 12 14:20:17 mosslinux sshd[26836]: Did not receive identification
string from 203.98.159.200
Oct 13 08:39:28 mosslinux sshd[29428]: Did not receive identification
string from 211.160.163.58
Oct 13 08:52:03 mosslinux sshd[29454]: Failed password for nobody from
211.160.163.58 port 42106 ssh2
Oct 13 08:52:07 mosslinux sshd[29456]: Illegal user patrick from
211.160.163.58
Oct 13 08:52:10 mosslinux sshd[29456]: Failed password for illegal user
patrick from 211.160.163.58 port 43083 ssh2
Oct 13 08:52:13 mosslinux sshd[29458]: Illegal user patrick from
211.160.163.58
Oct 13 08:52:16 mosslinux sshd[29458]: Failed password for illegal user
patrick from 211.160.163.58 port 44071 ssh2
Oct 13 08:52:22 mosslinux sshd[29460]: Failed password for root from
211.160.163.58 port 45456 ssh2
Oct 13 08:52:28 mosslinux sshd[29462]: Failed password for root from
211.160.163.58 port 46372 ssh2
Oct 13 08:52:34 mosslinux sshd[29464]: Failed password for root from
211.160.163.58 port 47299 ssh2
Oct 13 08:52:40 mosslinux sshd[29466]: Failed password for root from
211.160.163.58 port 48214 ssh2
Oct 13 08:52:46 mosslinux sshd[29468]: Failed password for root from
211.160.163.58 port 49216 ssh2
Oct 13 08:52:49 mosslinux sshd[29470]: Illegal user rolo from 211.160.163.58
Oct 13 08:52:51 mosslinux sshd[29470]: Failed password for illegal user
rolo from 211.160.163.58 port 50601 ssh2
Oct 13 08:52:55 mosslinux sshd[29472]: Illegal user iceuser from
211.160.163.58
Oct 13 08:52:57 mosslinux sshd[29472]: Failed password for illegal user
iceuser from 211.160.163.58 port 51525 ssh2
Oct 13 08:53:00 mosslinux sshd[29474]: Illegal user horde from 211.160.163.58
Oct 13 08:53:03 mosslinux sshd[29474]: Failed password for illegal user
horde from 211.160.163.58 port 52398 ssh2
Oct 13 08:53:06 mosslinux sshd[29476]: Illegal user cyrus from 211.160.163.58
Oct 13 08:53:09 mosslinux sshd[29476]: Failed password for illegal user
cyrus from 211.160.163.58 port 53326 ssh2
Oct 13 08:53:12 mosslinux sshd[29478]: Illegal user www from 211.160.163.58
Oct 13 08:53:15 mosslinux sshd[29478]: Failed password for illegal user
www from 211.160.163.58 port 54254 ssh2
Oct 13 08:53:18 mosslinux sshd[29480]: Illegal user wwwrun from
211.160.163.58
Oct 13 08:53:20 mosslinux sshd[29480]: Failed password for illegal user
wwwrun from 211.160.163.58 port 55255 ssh2
Oct 13 08:53:24 mosslinux sshd[29482]: Illegal user matt from 211.160.163.58
Oct 13 08:53:26 mosslinux sshd[29482]: Failed password for illegal user
matt from 211.160.163.58 port 56648 ssh2
Oct 13 08:53:30 mosslinux sshd[29484]: Illegal user test from 211.160.163.58
Oct 13 08:53:32 mosslinux sshd[29484]: Failed password for illegal user
test from 211.160.163.58 port 57559 ssh2
Oct 13 08:53:36 mosslinux sshd[29486]: Illegal user test from 211.160.163.58
Oct 13 08:53:38 mosslinux sshd[29486]: Failed password for illegal user
test from 211.160.163.58 port 58478 ssh2
Oct 13 08:53:42 mosslinux sshd[29488]: Illegal user test from 211.160.163.58
Oct 13 08:53:44 mosslinux sshd[29488]: Failed password for illegal user
test from 211.160.163.58 port 59399 ssh2
Oct 13 08:53:48 mosslinux sshd[29490]: Illegal user test from 211.160.163.58
Oct 13 08:53:50 mosslinux sshd[29490]: Failed password for illegal user
test from 211.160.163.58 port 60396 ssh2
Oct 13 08:53:54 mosslinux sshd[29492]: Illegal user www-data from
211.160.163.58
Oct 13 08:53:56 mosslinux sshd[29492]: Failed password for illegal user
www-data from 211.160.163.58 port 33040 ssh2
Oct 13 08:54:02 mosslinux sshd[29494]: Failed password for mysql from
211.160.163.58 port 34460 ssh2
Oct 13 08:54:08 mosslinux sshd[29496]: Failed password for operator from
211.160.163.58 port 35391 ssh2
Oct 13 08:54:13 mosslinux sshd[29498]: Failed password for adm from
211.160.163.58 port 36349 ssh2
Oct 13 08:54:18 mosslinux sshd[29500]: Failed password for apache from
211.160.163.58 port 36986 ssh2
Oct 13 08:54:21 mosslinux sshd[29502]: Illegal user irc from 211.160.163.58
Oct 13 08:54:24 mosslinux sshd[29502]: Failed password for illegal user
irc from 211.160.163.58 port 37455 ssh2
Oct 13 08:54:27 mosslinux sshd[29504]: Illegal user irc from 211.160.163.58
Oct 13 08:54:30 mosslinux sshd[29504]: Failed password for illegal user
irc from 211.160.163.58 port 37922 ssh2
Oct 13 08:54:36 mosslinux sshd[29506]: Failed password for adm from
211.160.163.58 port 39210 ssh2
Oct 13 08:54:42 mosslinux sshd[29508]: Failed password for root from
211.160.163.58 port 40561 ssh2
Oct 13 08:54:48 mosslinux sshd[29510]: Failed password for root from
211.160.163.58 port 41475 ssh2
Oct 13 08:54:54 mosslinux sshd[29512]: Failed password for root from
211.160.163.58 port 42400 ssh2
Oct 13 08:54:58 mosslinux sshd[29514]: Illegal user jane from 211.160.163.58
Oct 13 08:55:00 mosslinux sshd[29514]: Failed password for illegal user
jane from 211.160.163.58 port 43312 ssh2
Oct 13 08:55:04 mosslinux sshd[29524]: Illegal user pamela from
211.160.163.58
Oct 13 08:55:06 mosslinux sshd[29524]: Failed password for illegal user
pamela from 211.160.163.58 port 44545 ssh2
Oct 13 08:55:12 mosslinux sshd[29526]: Failed password for root from
211.160.163.58 port 45935 ssh2
Oct 13 08:55:18 mosslinux sshd[29528]: Failed password for root from
211.160.163.58 port 46855 ssh2
Oct 13 08:55:24 mosslinux sshd[29530]: Failed password for root from
211.160.163.58 port 47757 ssh2
Oct 13 08:55:30 mosslinux sshd[29532]: Failed password for root from
211.160.163.58 port 48658 ssh2
Oct 13 08:55:36 mosslinux sshd[29534]: Failed password for root from
211.160.163.58 port 49803 ssh2
Oct 13 08:55:39 mosslinux sshd[29536]: Illegal user cosmin from
211.160.163.58
Oct 13 08:55:41 mosslinux sshd[29536]: Failed password for illegal user
cosmin from 211.160.163.58 port 51222 ssh2
Oct 13 08:55:48 mosslinux sshd[29538]: Failed password for root from
211.160.163.58 port 52146 ssh2
Oct 13 08:55:53 mosslinux sshd[29540]: Failed password for root from
211.160.163.58 port 53050 ssh2
Oct 13 08:55:59 mosslinux sshd[29542]: Failed password for root from
211.160.163.58 port 53975 ssh2
Oct 13 08:56:05 mosslinux sshd[29544]: Failed password for root from
211.160.163.58 port 55146 ssh2
Oct 13 08:56:11 mosslinux sshd[29546]: Failed password for root from
211.160.163.58 port 56567 ssh2
Oct 13 08:56:17 mosslinux sshd[29548]: Failed password for root from
211.160.163.58 port 57482 ssh2
Oct 13 08:56:24 mosslinux sshd[29550]: Failed password for root from
211.160.163.58 port 58375 ssh2
Oct 13 08:56:29 mosslinux sshd[29552]: Failed password for root from
211.160.163.58 port 59326 ssh2
Oct 13 08:56:35 mosslinux sshd[29554]: Failed password for root from
211.160.163.58 port 60400 ssh2
Oct 13 08:56:41 mosslinux sshd[29556]: Failed password for root from
211.160.163.58 port 33608 ssh2
Oct 13 08:56:47 mosslinux sshd[29558]: Failed password for root from
211.160.163.58 port 34536 ssh2
Oct 13 08:56:53 mosslinux sshd[29560]: Failed password for root from
211.160.163.58 port 35441 ssh2
Oct 13 08:56:59 mosslinux sshd[29562]: Failed password for root from
211.160.163.58 port 36357 ssh2
Oct 13 08:57:05 mosslinux sshd[29564]: Failed password for root from
211.160.163.58 port 37271 ssh2
Oct 13 08:57:11 mosslinux sshd[29566]: Failed password for root from
211.160.163.58 port 38326 ssh2
Oct 13 08:57:17 mosslinux sshd[29568]: Failed password for root from
211.160.163.58 port 39744 ssh2
Oct 13 08:57:23 mosslinux sshd[29570]: Failed password for root from
211.160.163.58 port 40681 ssh2
Oct 13 08:57:29 mosslinux sshd[29572]: Failed password for root from
211.160.163.58 port 41579 ssh2
Oct 13 08:57:35 mosslinux sshd[29574]: Failed password for root from
211.160.163.58 port 42493 ssh2
Oct 13 08:57:41 mosslinux sshd[29576]: Failed password for root from
211.160.163.58 port 43553 ssh2
Oct 13 08:57:47 mosslinux sshd[29578]: Failed password for root from
211.160.163.58 port 44997 ssh2
Oct 13 08:57:55 mosslinux sshd[29580]: Failed password for root from
211.160.163.58 port 46026 ssh2
Oct 13 08:58:01 mosslinux sshd[29582]: Failed password for root from
211.160.163.58 port 47100 ssh2
Oct 13 08:58:07 mosslinux sshd[29584]: Failed password for root from
211.160.163.58 port 48546 ssh2
Oct 13 08:58:13 mosslinux sshd[29586]: Failed password for root from
211.160.163.58 port 49531 ssh2
Oct 13 08:58:19 mosslinux sshd[29588]: Failed password for root from
211.160.163.58 port 50458 ssh2
Oct 13 08:58:26 mosslinux sshd[29590]: Failed password for root from
211.160.163.58 port 51524 ssh2
Oct 13 08:58:32 mosslinux sshd[29592]: Failed password for root from
211.160.163.58 port 52976 ssh2
Oct 13 08:58:38 mosslinux sshd[29594]: Failed password for root from
211.160.163.58 port 53938 ssh2
Oct 13 08:58:44 mosslinux sshd[29596]: Failed password for root from
211.160.163.58 port 54857 ssh2
Oct 13 08:58:50 mosslinux sshd[29598]: Failed password for root from
211.160.163.58 port 55784 ssh2
Oct 13 08:58:56 mosslinux sshd[29600]: Failed password for root from
211.160.163.58 port 57342 ssh2
Oct 13 08:59:02 mosslinux sshd[29602]: Failed password for root from
211.160.163.58 port 58325 ssh2
Oct 13 08:59:08 mosslinux sshd[29604]: Failed password for root from
211.160.163.58 port 59256 ssh2
Oct 13 08:59:14 mosslinux sshd[29606]: Failed password for root from
211.160.163.58 port 60188 ssh2
Oct 13 08:59:21 mosslinux sshd[29608]: Failed password for root from
211.160.163.58 port 33009 ssh2
Oct 13 08:59:24 mosslinux sshd[29610]: Illegal user cip52 from 211.160.163.58
Oct 13 08:59:27 mosslinux sshd[29610]: Failed password for illegal user
cip52 from 211.160.163.58 port 34396 ssh2
Oct 13 08:59:30 mosslinux sshd[29612]: Illegal user cip51 from 211.160.163.58
Oct 13 08:59:33 mosslinux sshd[29612]: Failed password for illegal user
cip51 from 211.160.163.58 port 35389 ssh2
Oct 13 08:59:39 mosslinux sshd[29614]: Failed password for root from
211.160.163.58 port 36315 ssh2
Oct 13 08:59:42 mosslinux sshd[29616]: Illegal user noc from 211.160.163.58
Oct 13 08:59:45 mosslinux sshd[29616]: Failed password for illegal user
noc from 211.160.163.58 port 37237 ssh2
Oct 13 08:59:51 mosslinux sshd[29618]: Failed password for root from
211.160.163.58 port 38245 ssh2
Oct 13 08:59:57 mosslinux sshd[29620]: Failed password for root from
211.160.163.58 port 39623 ssh2
Oct 13 09:00:03 mosslinux sshd[29622]: Failed password for root from
211.160.163.58 port 40609 ssh2
Oct 13 09:00:11 mosslinux sshd[29646]: Failed password for root from
211.160.163.58 port 41523 ssh2
Oct 13 09:00:15 mosslinux sshd[29648]: Illegal user webmaster from
211.160.163.58
Oct 13 09:00:17 mosslinux sshd[29648]: Failed password for illegal user
webmaster from 211.160.163.58 port 43114 ssh2
Oct 13 09:00:21 mosslinux sshd[29650]: Illegal user data from 211.160.163.58
Oct 13 09:00:23 mosslinux sshd[29650]: Failed password for illegal user
data from 211.160.163.58 port 44085 ssh2
Oct 13 09:00:27 mosslinux sshd[29652]: Illegal user user from 211.160.163.58
Oct 13 09:00:29 mosslinux sshd[29652]: Failed password for illegal user
user from 211.160.163.58 port 44975 ssh2
Oct 13 09:00:33 mosslinux sshd[29654]: Illegal user user from 211.160.163.58
Oct 13 09:00:35 mosslinux sshd[29654]: Failed password for illegal user
user from 211.160.163.58 port 45911 ssh2
Oct 13 09:00:39 mosslinux sshd[29656]: Illegal user user from 211.160.163.58
Oct 13 09:00:41 mosslinux sshd[29656]: Failed password for illegal user
user from 211.160.163.58 port 46913 ssh2
Oct 13 09:00:45 mosslinux sshd[29658]: Illegal user web from 211.160.163.58
Oct 13 09:00:47 mosslinux sshd[29658]: Failed password for illegal user
web from 211.160.163.58 port 48293 ssh2
Oct 13 09:00:51 mosslinux sshd[29660]: Illegal user web from 211.160.163.58
Oct 13 09:00:53 mosslinux sshd[29660]: Failed password for illegal user
web from 211.160.163.58 port 49298 ssh2
Oct 13 09:00:57 mosslinux sshd[29662]: Illegal user oracle from
211.160.163.58
Oct 13 09:00:59 mosslinux sshd[29662]: Failed password for illegal user
oracle from 211.160.163.58 port 50211 ssh2
Oct 13 09:01:03 mosslinux sshd[29666]: Illegal user sybase from
211.160.163.58
Oct 13 09:01:05 mosslinux sshd[29666]: Failed password for illegal user
sybase from 211.160.163.58 port 51205 ssh2
Oct 13 09:01:09 mosslinux sshd[29668]: Illegal user master from
211.160.163.58
Oct 13 09:01:11 mosslinux sshd[29668]: Failed password for illegal user
master from 211.160.163.58 port 52586 ssh2
Oct 13 09:01:15 mosslinux sshd[29670]: Illegal user account from
211.160.163.58
Oct 13 09:01:17 mosslinux sshd[29670]: Failed password for illegal user
account from 211.160.163.58 port 54010 ssh2
Oct 13 09:01:21 mosslinux sshd[29672]: Illegal user backup from
211.160.163.58
Oct 13 09:01:23 mosslinux sshd[29672]: Failed password for illegal user
backup from 211.160.163.58 port 55745 ssh2
Oct 13 09:01:27 mosslinux sshd[29674]: Illegal user server from
211.160.163.58
Oct 13 09:01:29 mosslinux sshd[29674]: Failed password for illegal user
server from 211.160.163.58 port 57184 ssh2
Oct 13 09:01:33 mosslinux sshd[29676]: Illegal user adam from 211.160.163.58
Oct 13 09:01:35 mosslinux sshd[29676]: Failed password for illegal user
adam from 211.160.163.58 port 58622 ssh2
Oct 13 09:01:39 mosslinux sshd[29678]: Illegal user alan from 211.160.163.58
Oct 13 09:01:42 mosslinux sshd[29678]: Failed password for illegal user
alan from 211.160.163.58 port 60492 ssh2
Oct 13 09:01:45 mosslinux sshd[29680]: Illegal user frank from 211.160.163.58
Oct 13 09:01:48 mosslinux sshd[29680]: Failed password for illegal user
frank from 211.160.163.58 port 33704 ssh2
Oct 13 09:01:52 mosslinux sshd[29682]: Illegal user george from
211.160.163.58
Oct 13 09:01:54 mosslinux sshd[29682]: Failed password for illegal user
george from 211.160.163.58 port 35398 ssh2
Oct 13 09:01:58 mosslinux sshd[29684]: Illegal user henry from 211.160.163.58
Oct 13 09:02:00 mosslinux sshd[29684]: Failed password for illegal user
henry from 211.160.163.58 port 36885 ssh2
Oct 13 09:02:04 mosslinux sshd[29686]: Illegal user john from 211.160.163.58
Oct 13 09:02:06 mosslinux sshd[29686]: Failed password for illegal user
john from 211.160.163.58 port 38348 ssh2
Oct 13 09:02:12 mosslinux sshd[29688]: Failed password for root from
211.160.163.58 port 40243 ssh2
Oct 13 09:02:18 mosslinux sshd[29690]: Failed password for root from
211.160.163.58 port 41720 ssh2
Oct 13 09:02:24 mosslinux sshd[29692]: Failed password for root from
211.160.163.58 port 43437 ssh2
Oct 13 09:02:30 mosslinux sshd[29694]: Failed password for root from
211.160.163.58 port 44935 ssh2
Oct 13 09:02:36 mosslinux sshd[29696]: Failed password for root from
211.160.163.58 port 46414 ssh2
Oct 13 09:02:40 mosslinux sshd[29698]: Illegal user test from 211.160.163.58
Oct 13 09:02:42 mosslinux sshd[29698]: Failed password for illegal user
test from 211.160.163.58 port 48272 ssh2
Oct 13 15:49:31 mosslinux sshd[30588]: Accepted password for jon from
12.30.163.5 port 56297 ssh2
Oct 13 15:49:31 mosslinux sshd[30590]: lastlog_perform_login: Couldn't
stat /var/log/lastlog: No such file or directory
Oct 13 15:49:31 mosslinux sshd[30590]: lastlog_openseek: /var/log/lastlog
is not a file or directory!
Oct 13 15:49:31 mosslinux sshd[30588]: lastlog_perform_login: Couldn't
stat /var/log/lastlog: No such file or directory
Oct 13 15:49:31 mosslinux sshd[30588]: lastlog_openseek: /var/log/lastlog
is not a file or directory!
Oct 14 05:02:11 mosslinux sshd[32717]: Illegal user test from 211.185.26.163
Oct 14 05:02:13 mosslinux sshd[32717]: Failed password for illegal user
test from 211.185.26.163 port 2482 ssh2
Oct 14 05:02:15 mosslinux sshd[32719]: Illegal user guest from 211.185.26.163
Oct 14 05:02:18 mosslinux sshd[32719]: Failed password for illegal user
guest from 211.185.26.163 port 2536 ssh2
Oct 14 05:02:19 mosslinux sshd[32721]: Illegal user admin from 211.185.26.163
Oct 14 05:02:22 mosslinux sshd[32721]: Failed password for illegal user
admin from 211.185.26.163 port 2612 ssh2
Oct 14 05:02:24 mosslinux sshd[32723]: Illegal user admin from 211.185.26.163
Oct 14 05:02:26 mosslinux sshd[32723]: Failed password for illegal user
admin from 211.185.26.163 port 2666 ssh2
Oct 14 05:02:28 mosslinux sshd[32725]: Illegal user user from 211.185.26.163
Oct 14 05:02:31 mosslinux sshd[32725]: Failed password for illegal user
user from 211.185.26.163 port 2711 ssh2
Oct 14 05:02:35 mosslinux sshd[32727]: Failed password for root from
211.185.26.163 port 2749 ssh2
Oct 14 05:02:40 mosslinux sshd[32729]: Failed password for root from
211.185.26.163 port 2775 ssh2
Oct 14 05:02:44 mosslinux sshd[32731]: Failed password for root from
211.185.26.163 port 2788 ssh2
Oct 14 05:02:46 mosslinux sshd[32733]: Illegal user test from 211.185.26.163
Oct 14 05:02:49 mosslinux sshd[32733]: Failed password for illegal user
test from 211.185.26.163 port 2799 ssh2
Oct 14 09:00:13 mosslinux sshd[725]: Illegal user test from 202.203.208.60
Oct 14 09:00:15 mosslinux sshd[725]: Failed password for illegal user test
from 202.203.208.60 port 43015 ssh2
Oct 14 09:25:22 mosslinux sshd[783]: Accepted password for jon from
12.30.163.5 port 22868 ssh2
Oct 14 09:25:22 mosslinux sshd[785]: lastlog_perform_login: Couldn't stat
/var/log/lastlog: No such file or directory
Oct 14 09:25:22 mosslinux sshd[785]: lastlog_openseek: /var/log/lastlog is
not a file or directory!
Oct 14 09:25:22 mosslinux sshd[783]: lastlog_perform_login: Couldn't stat
/var/log/lastlog: No such file or directory
Oct 14 09:25:22 mosslinux sshd[783]: lastlog_openseek: /var/log/lastlog is
not a file or directory!
Oct 14 09:25:29 mosslinux sshd[820]: Accepted password for jon from
12.30.163.5 port 22911 ssh2
Oct 14 09:25:30 mosslinux sshd[822]: subsystem request for sftp
Oct 14 10:30:29 mosslinux sshd[1013]: Accepted password for jon from
12.30.163.5 port 50464 ssh2
Oct 14 10:30:29 mosslinux sshd[1015]: lastlog_perform_login: Couldn't stat
/var/log/lastlog: No such file or directory
Oct 14 10:30:29 mosslinux sshd[1015]: lastlog_openseek: /var/log/lastlog
is not a file or directory!
Oct 14 10:30:29 mosslinux sshd[1013]: lastlog_perform_login: Couldn't stat
/var/log/lastlog: No such file or directory
Oct 14 10:30:29 mosslinux sshd[1013]: lastlog_openseek: /var/log/lastlog
is not a file or directory!
Oct 14 19:07:00 mosslinux xinetd[1658]: START: sgi_fam pid=2303 from=<no
address>
Oct 14 19:22:09 mosslinux xinetd[1658]: START: sgi_fam pid=2481 from=<no
address>
Oct 15 01:06:32 mosslinux xinetd[1658]: START: sgi_fam pid=3291 from=<no
address>
Oct 15 15:27:55 mosslinux sshd[5553]: Accepted password for jon from
12.30.163.5 port 19184 ssh2
Oct 15 15:27:55 mosslinux sshd[5555]: lastlog_perform_login: Couldn't stat
/var/log/lastlog: No such file or directory
Oct 15 15:27:55 mosslinux sshd[5555]: lastlog_openseek: /var/log/lastlog
is not a file or directory!
Oct 15 15:27:55 mosslinux sshd[5553]: lastlog_perform_login: Couldn't stat
/var/log/lastlog: No such file or directory
Oct 15 15:27:55 mosslinux sshd[5553]: lastlog_openseek: /var/log/lastlog
is not a file or directory!
Oct 16 02:23:49 mosslinux sshd[7315]: Did not receive identification
string from 222.118.5.179
Oct 16 02:36:32 mosslinux sshd[7341]: Failed password for nobody from
222.118.5.179 port 2931 ssh2
Oct 16 02:36:39 mosslinux sshd[7343]: Illegal user patrick from 222.118.5.179
Oct 16 02:36:41 mosslinux sshd[7343]: Failed password for illegal user
patrick from 222.118.5.179 port 3215 ssh2
Oct 16 02:36:44 mosslinux sshd[7345]: Illegal user patrick from 222.118.5.179
Oct 16 02:36:46 mosslinux sshd[7345]: Failed password for illegal user
patrick from 222.118.5.179 port 3305 ssh2
Oct 16 02:36:58 mosslinux sshd[7347]: Failed password for root from
222.118.5.179 port 3413 ssh2
21 Oct
21 Oct
1:03 p.m.
I've been researching sshd and allowing/denying access and I think I have figured it out. Just please confirm that I'm on the right track.
I edited my hosts.allow as follows:
# # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # sshd: localhost 192.168.0.0/255.255.255.0 12.30.163.*
And then my hosts.deny as follows:
# # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! ALL : ALL
However, I don't really have anyway to test this as I allowed access from everywhere that I am. :)
Any suggestions and advice is still greatly appreciated.
--
Thanks very much,
Jon Moss
jon.moss@cnonline.net
1:26 p.m.
On Thu, 21 Oct 2004 09:03:19 -0400 (EDT) "Jon Moss" jon.moss@cnonline.net wrote:
I've been researching sshd and allowing/denying access and I think I have figured it out. Just please confirm that I'm on the right track.
I edited my hosts.allow as follows:
# # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # sshd: localhost 192.168.0.0/255.255.255.0 12.30.163.*
And then my hosts.deny as follows:
# # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In # particular you should know that NFS uses portmap! ALL : ALL
However, I don't really have anyway to test this as I allowed access from everywhere that I am. :)
Any suggestions and advice is still greatly appreciated.
Yes that is what you want to do to restrict SSH access.
--------------------------------- Frank Wiles frank@wiles.org http://www.wiles.org ---------------------------------
3:37 p.m.
-----Original Message----- From: kclug-bounces@kclug.org [mailto:kclug-bounces@kclug.org] On Behalf Of Matt Graham Sent: Thursday, October 21, 2004 10:10 AM To: kclug@kclug.org Subject: Re: It was bound to happen - suspected hack Where does one find a security log on their system, and how does one monitor it for possible problems?
Have a look at the contents of /var/log, particularly: messages secure maillog
You can peruse them with something like: less /var/log/messages
Hope that gets you started - there are complete volumes of information one should acquaint themselves with if really serious.
D.
3:52 p.m.
Quoting Matt Graham linux@bizniche.com:
My secure log (below) seems to indicate that someone is trying to hack into one of my Linux servers.
Where does one find a security log on their system, and how does one monitor it for possible problems?
On Red Hat systems, /var/log/secure. Red Hat also comes with a logrotate system that rotates the logs weekly and keeps the old ones around for 4 weeks. And there's a logwatch application that will send unusual or previously unseen entries to the root account. I'm sure all of this is highly configurable, but the default setup has been fine for my needs.
-- Dave Hull http://insipid.com
3:48 p.m.
Different distributions have different security measures enabled by default. There are several other things you can do in addition to the hosts.allow/deny you've already setup. You can configure sshd to not allow root login from ssh. You can also setup your system to only allow a certain user (or users) to use su, which helps 'limit liability' if a users account is compromised. And why is /var/log/lastlog missing on your system? does wtmp still exist? I'd be sure to run the most recent version of chkrootkit on your system, and the small myriad of other rootkit checkers that are out there (to lazy to google it myself at the moment ;-) )
On Thu, 21 Oct 2004 08:14:06 -0400 (EDT), Jon Moss jon.moss@cnonline.net wrote:
My secure log (below) seems to indicate that someone is trying to hack into one of my Linux servers.
I only have my Linux workstation's SSH port forwarded through my hardware firewall router. The other server (the church one) does not have anything except the HTTP port (and a non-standard one at that) forwarded.
I will probably change my root password. I only have five user accounts on the Linux workstation (non of which are root equivalents).
What else should I do? Can I change the configuration of SSH to prevent repeated attempts from the same IP address?
3:55 p.m.
I will find chkrootkit and the other utilities you mentioned and check them out.
I wondered about the lastlog error also. I will research it as well.
I thought I could configure ssh to prevent root access (I never login root remotely anyway). I will also limit su to a single user.
Thanks again for the great information.
Jon
Different distributions have different security measures enabled by default. There are several other things you can do in addition to the hosts.allow/deny you've already setup. You can configure sshd to not allow root login from ssh. You can also setup your system to only allow a certain user (or users) to use su, which helps 'limit liability' if a users account is compromised. And why is /var/log/lastlog missing on your system? does wtmp still exist? I'd be sure to run the most recent version of chkrootkit on your system, and the small myriad of other rootkit checkers that are out there (to lazy to google it myself at the moment ;-) )
On Thu, 21 Oct 2004 08:14:06 -0400 (EDT), Jon Moss jon.moss@cnonline.net wrote:
My secure log (below) seems to indicate that someone is trying to hack into one of my Linux servers.
I only have my Linux workstation's SSH port forwarded through my hardware firewall router. The other server (the church one) does not have anything except the HTTP port (and a non-standard one at that) forwarded.
I will probably change my root password. I only have five user accounts on the Linux workstation (non of which are root equivalents).
What else should I do? Can I change the configuration of SSH to prevent repeated attempts from the same IP address?
This message was scanned by GatewayDefender 11:48:19 AM ET - 10/21/2004
--
Thanks very much,
Jon Moss
jon.moss@cnonline.net
7325
Age (days ago)
7325
Last active (days ago)
7 comments
6 participants
participants (6)
-
crash 3m -
Dave Hull -
Dustin Decker -
Frank Wiles -
Jon Moss -
Matt Graham