Possible break-in attempt?

florin florin la xcellcomputers.ro
Vin Ian 8 11:54:01 GMT 2010


In fisierul log.auth din /var/log am citit urmatoarele:

Dec 30 19:09:01 telacad CRON[26205]: pam_unix(cron:session): session 
opened for user root by (uid=0)
Dec 30 19:09:01 telacad dbus-daemon: Rejected send message, 1 matched 
rules; type="method_call", sender=":1.31" (uid=1000 pid=3643 
comm="/usr/lib/indicator-$
Dec 30 19:09:01 telacad CRON[26205]: pam_unix(cron:session): session 
closed for user root

pam_unix(cron:session): session opened for user root by (uid=0)
Dec 30 19:30:03 telacad dbus-daemon: Rejected send message, 1 matched 
rules; type="method_call", sender=":1.31" (uid=1000 pid=3643 
comm="/usr/lib/indicator-$
Dec 30 19:30:05 telacad CRON[27043]: pam_unix(cron:session): session 
closed for user root
Dec 30 19:33:40 telacad sshd[27344]: Did not receive identification 
string from 188.121.134.50

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 
tty=ssh ruser= rhost=94.52.203.47  user=root
Jan  1 21:43:35 telacad sshd[21374]: Failed password for root from 
94.52.203.47 port 32785 ssh2
Jan  1 21:43:40 telacad sshd[21376]: pam_unix(sshd:auth): authentication 
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.52.203.47  user=root
Jan  1 21:43:42 telacad sshd[21376]: Failed password for root from 
94.52.203.47 port 33170 ssh2

Jan  3 18:25:50 telacad sshd[23891]: Invalid user luxmundi from 
74.223.159.121
Jan  3 18:25:50 telacad sshd[23891]: pam_unix(sshd:auth): check pass; 
user unknown
Jan  3 18:25:50 telacad sshd[23891]: pam_unix(sshd:auth): authentication 
failure; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=74.223.159.121.nw.nuvox.net
Jan  3 18:25:50 telacad sshd[23886]: Failed password for invalid user 
utilidades from 74.223.159.121 port 38618 ssh2
Jan  3 18:25:51 telacad sshd[23885]: Failed password for invalid user 
sol from 74.223.159.121 port 38612 ssh2
Jan  3 18:25:51 telacad sshd[23889]: Failed password for invalid user 
Aarni from 74.223.159.121 port 38713 ssh2
Jan  3 18:25:51 telacad sshd[23891]: Failed password for invalid user 
luxmundi from 74.223.159.121 port 38794 ssh2
Jan  3 18:25:53 telacad sshd[23894]: Invalid user perla from 74.223.159.121
Jan  3 18:25:53 telacad sshd[23893]: Invalid user Aarno from 74.223.159.121


Jan  8 11:56:56 telacad sshd[4156]: reverse mapping checking getaddrinfo 
for 20.117.127.124.broad.bj.bj.static.163data.com.cn [124.127.117.20] 
failed - POSSIBLE BREAK-IN ATTEMPT!
Jan  8 11:56:56 telacad sshd[4156]: pam_unix(sshd:auth): authentication 
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.127.117.20  
user=root
Jan  8 11:56:57 telacad sshd[4156]: Failed password for root from 
124.127.117.20 port 57299 ssh2
Jan  8 11:57:00 telacad sshd[4159]: reverse mapping checking getaddrinfo 
for 20.117.127.124.broad.bj.bj.static.163data.com.cn [124.127.117.20] 
failed - POSSIBLE BREAK-IN ATTEMPT!
Jan  8 11:57:00 telacad sshd[4159]: pam_unix(sshd:auth): authentication 
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.127.117.20  
user=root


As vrea sa stiu daca am fost atacat sau ce inseamna aceste mesaje, mai 
ales cel cu POSSIBLE BREAK-IN ATTEMP! ?
Mentionez ca numele calculatorului meu "telacad" nu are nimic in comun 
cu scoala "telacad".
Mesaje gen primele de mai sus am cred ca zeci de useri si ip-uri.
Ma poate ajuta cineva cu ceva informatii?
Va multumesc oricum, sunteti o echipa super cool!
Multa bafta in continuare.



Mai multe informații despre lista de discuții ubuntu-ro