auth.log showing attempted access

sktsee sktsee at
Wed Aug 15 03:37:20 UTC 2007

On Tue, 2007-08-14 at 20:46 -0400, Yuelin Li wrote: 
> I see many entries like this in /var/log/auth.log
> sshd[15144]: Failed password for invalid user josh from::ffff: port 2092 ssh2
> How can I trace this computer's location?  More importantly, how can I
> report this person to his/her ISP?  "host" showed that
> this DNS entry can not be reversed.  Traceroute stops at
> (  I have added iptables
> rules (see to try
> to tighten SSH access.  I feel I should do something about it because
> I get a few hundred entries a day coming from the same IP address.
> Yuelin.


$ whois 

and go from there.


More information about the ubuntu-users mailing list