auth.log showing attempted access

Dick Dowdell dick.dowdell at
Wed Aug 15 00:53:27 UTC 2007

You might try installing fail2ban for a start.  It will ban an IP address
for a specified time after a specified number of failed logins within a
specified period of time.  It's dramatically reduced robot attacks on my

sudo apt-get install fail2ban

Tracing IP addresses rarely provides any useful information about the real

On 8/14/07, Yuelin Li <liy12 at> wrote:
> I see many entries like this in /var/log/auth.log
> sshd[15144]: Failed password for invalid user josh from::ffff:
> port 2092 ssh2
> How can I trace this computer's location?  More importantly, how can I
> report this person to his/her ISP?  "host" showed that
> this DNS entry can not be reversed.  Traceroute stops at
> (  I have added iptables
> rules (see to try
> to tighten SSH access.  I feel I should do something about it because
> I get a few hundred entries a day coming from the same IP address.
> Yuelin.
>      =====================================================================
>      Please note that this e-mail and any files transmitted with it may be
>      privileged, confidential, and protected from disclosure under
>      applicable law. If the reader of this message is not the intended
>      recipient, or an employee or agent responsible for delivering this
>      message to the intended recipient, you are hereby notified that any
>      reading, dissemination, distribution, copying, or other use of this
>      communication or any of its attachments is strictly prohibited.  If
>      you have received this communication in error, please notify the
>      sender immediately by replying to this message and deleting this
>      message, any attachments, and all copies and backups from your
>      computer.
> --
> ubuntu-users mailing list
> ubuntu-users at
> Modify settings or unsubscribe at:

Dick Dowdell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ubuntu-users mailing list