Possible Break-in Attempts
Rick Stijnman
rick.stijnman op gmail.com
Wo Okt 24 11:55:17 UTC 2007
Hoi,
Een van mijn machines hangt direct aan het internet, SSH etc open.
Echter als ik /var/log/auth.log bekijk zie ik o.a het volgende
==============================================================================================
Oct 24 04:48:30 ubuntu-rick sshd[839]: Address 64.150.163.63 maps to
caringforcarcinoid.org, but this does not map back to the address - POSSIBLE
BREAK-IN ATTEMPT!
Oct 24 04:48:30 ubuntu-rick sshd[839]: Invalid user raul from 64.150.163.63
Oct 24 04:48:30 ubuntu-rick sshd[839]: pam_unix(ssh:auth): check pass; user
unknown
Oct 24 04:48:30 ubuntu-rick sshd[839]: pam_unix(ssh:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.150.163.63
Oct 24 04:48:32 ubuntu-rick sshd[839]: Failed password for invalid user raul
from 64.150.163.63 port 45602 ssh2
Oct 24 04:48:34 ubuntu-rick sshd[842]: Address 64.150.163.63 maps to
caringforcarcinoid.org, but this does not map back to the address - POSSIBLE
BREAK-IN ATTEMPT!
Oct 24 04:48:34 ubuntu-rick sshd[842]: Invalid user user1 from 64.150.163.63
Oct 24 04:48:34 ubuntu-rick sshd[842]: pam_unix(ssh:auth): check pass; user
unknown
Oct 24 04:48:34 ubuntu-rick sshd[842]: pam_unix(ssh:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.150.163.63
Oct 24 04:48:36 ubuntu-rick sshd[842]: Failed password for invalid user
user1 from 64.150.163.63 port 45754 ssh2
Oct 24 04:48:37 ubuntu-rick sshd[845]: Address 64.150.163.63 maps to
caringforcarcinoid.org, but this does not map back to the address - POSSIBLE
BREAK-IN ATTEMPT!
Oct 24 04:48:37 ubuntu-rick sshd[845]: Invalid user user from 64.150.163.63
Oct 24 04:48:37 ubuntu-rick sshd[845]: pam_unix(ssh:auth): check pass; user
unknown
Oct 24 04:48:37 ubuntu-rick sshd[845]: pam_unix(ssh:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.150.163.63
Oct 24 04:48:39 ubuntu-rick sshd[845]: Failed password for invalid user user
from 64.150.163.63 port 45870 ssh2
Oct 24 04:48:41 ubuntu-rick sshd[847]: Address 64.150.163.63 maps to
caringforcarcinoid.org, but this does not map back to the address - POSSIBLE
BREAK-IN ATTEMPT!
Oct 24 04:48:41 ubuntu-rick sshd[847]: Invalid user user from 64.150.163.63
Oct 24 04:48:41 ubuntu-rick sshd[847]: pam_unix(ssh:auth): check pass; user
unknown
Oct 24 04:48:41 ubuntu-rick sshd[847]: pam_unix(ssh:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.150.163.63
Oct 24 04:48:43 ubuntu-rick sshd[847]: Failed password for invalid user user
from 64.150.163.63 port 45981 ssh2
Oct 24 04:48:45 ubuntu-rick sshd[850]: Address 64.150.163.63 maps to
caringforcarcinoid.org, but this does not map back to the address - POSSIBLE
BREAK-IN ATTEMPT!
Oct 24 04:48:45 ubuntu-rick sshd[850]: Invalid user user from 64.150.163.63
Oct 24 04:48:45 ubuntu-rick sshd[850]: pam_unix(ssh:auth): check pass; user
unknown
Oct 24 04:48:45 ubuntu-rick sshd[850]: pam_unix(ssh:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.150.163.63
Oct 24 04:48:47 ubuntu-rick sshd[850]: Failed password for invalid user user
from 64.150.163.63 port 46140 ssh2
Oct 24 05:00:01 ubuntu-rick CRON[1015]: pam_unix(cron:session): session
opened for user smmsp by (uid=0)
Oct 24 05:00:05 ubuntu-rick CRON[1015]: pam_unix(cron:session): session
closed for user smmsp
Oct 24 05:08:35 ubuntu-rick sshd[1152]: pam_unix(ssh:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.10.254.205
user=nobody
Oct 24 05:08:37 ubuntu-rick sshd[1152]: Failed password for nobody from
221.10.254.205 port 45095 ssh2
==============================================================================================
Wat kan ik hier aan doen, of moet ik het maar zo laten ?
Lijkt er op dat iemand probeerd binnen te komen..
Rick
------------- volgend deel ------------
Een HTML-bijlage is gescrubt...
URL: <https://lists.ubuntu.com/archives/ubuntu-nl/attachments/20071024/85f61c6e/attachment.html>
Meer informatie over de Ubuntu-NL
maillijst