auth.log showing attempted access
sktsee
sktsee at tulsaconnect.com
Wed Aug 15 03:37:20 UTC 2007
On Tue, 2007-08-14 at 20:46 -0400, Yuelin Li wrote:
> I see many entries like this in /var/log/auth.log
>
> sshd[15144]: Failed password for invalid user josh from::ffff:89.123.234.25 port 2092 ssh2
>
> How can I trace this computer's location? More importantly, how can I
> report this person to his/her ISP? "host 89.123.234.25" showed that
> this DNS entry can not be reversed. Traceroute stops at
> FR1-Frankfurt.teleglobe.net (80.231.64.6). I have added iptables
> rules (see http://www.debian-administration.org/articles/187) to try
> to tighten SSH access. I feel I should do something about it because
> I get a few hundred entries a day coming from the same IP address.
>
> Yuelin.
>
>
Try
$ whois 89.123.234.25
and go from there.
--
sktsee
More information about the ubuntu-users
mailing list