troubleshooting Question

SSH: Possible Break In Attempt???

Avatar of Julian Matz
Julian MatzFlag for Ireland asked on
Operating SystemsLinux Distributions
43 Comments13 Solutions7699 ViewsLast Modified:
Hello!

In my server's auth.log in /var/log/auth.log I have found a couple of entries that look like this:

Feb 17 20:02:04 webbox788 sshd[8874]: reverse mapping checking getaddrinfo for unknown.sagonet.net failed - POSSIBLE BREAK IN ATTEMPT!
Feb 17 20:02:04 webbox788 sshd[8874]: Failed password for root from 207.150.161.170 port 60126 ssh2


The only people that have authorized access to my server are the staff at the datacenter and myself. The ip-address 207.150.... and the hostname sagonet.net are completely unknown to me... From this info could I conclude that someone tried to gain access to my server?

And how could I prevent (besides having a strong password) this from ever happening??

I'm thinking that if someone were able to gain root access to the server they could wipe every single file on it including the websites and files of a couple of dozen clients I have on the server....

Would greatly appreciate your input...

This is my software: Debian Sarge/Linux, Apache 1.33, MySQL, PHP, etc...
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 13 Answers and 43 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 13 Answers and 43 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros