[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2617
  • Last Modified:

Logwatch tutorial

Does anyone know where I can find a good tutorial on understand the logs I get emailed from logwatch?
0
rickBergami
Asked:
rickBergami
  • 2
2 Solutions
 
http:// thevpn.guruCommented:
Well logwatch mainly sends you who logged into your system and from where, hacking attemtps,important errors, large email messages sent through your system and your remaining disk space.

If there are specific entries you would like to know about ..post them please


I dont know if you will find a good tutorial for the entries in log watch because mostly it only parses your log files..and those logs could come from ssh samba apache etc...

0
 
rickBergamiAuthor Commented:
Here is my log with my questions.  TIA

---------------------- IMAP End -------------------------


--------------------- Named Begin ------------------------


Zone update refused:
   69.141.8.150 (ahosteddomain.com/IN): 8 Time(s)

**Unmatched Entries**
   client 151.74.194.186 error sending response: host unreachable: 1 Time(s)
   client 195.160.232.100 error sending response: host unreachable: 1 Time(s)
   client 59.101.18.253 error sending response: host unreachable: 1 Time(s)
   client 74.53.59.133 error sending response: host unreachable: 2 Time(s)
   notify question section contains no SOA: 1 Time(s)

---------------------- Named End -------------------------
The above client also mentioned they could not send email for a period of time.

--------------------- pam_unix Begin ------------------------

sshd:
   Authentication Failures:
      unknown (ip-209-172-32-29.static.privatedns.com): 116 Time(s)
      root (217.206.149.66): 46 Time(s)
      unknown (217.206.149.66): 5 Time(s)
      mail (ip-209-172-32-29.static.privatedns.com): 2 Time(s)
      postgres (ip-209-172-32-29.static.privatedns.com): 2 Time(s)
      root (211.46.67.3): 2 Time(s)
      root (ip-209-172-32-29.static.privatedns.com): 2 Time(s)
      games (ip-209-172-32-29.static.privatedns.com): 1 Time(s)
      news (ip-209-172-32-29.static.privatedns.com): 1 Time(s)
      root (endora.lunarpages.com): 1 Time(s)
   Invalid Users:
      Unknown Account: 121 Time(s)


---------------------- pam_unix End -------------------------
was someone trying to hack me again?  And should I block these ips?

--------------------- SSHD Begin ------------------------


Failed logins from these:
   games/password from ::ffff:209.172.32.29: 1 Time(s)
   mail/password from ::ffff:209.172.32.29: 2 Time(s)
   news/password from ::ffff:209.172.32.29: 1 Time(s)
   postgres/password from ::ffff:209.172.32.29: 2 Time(s)
   root/password from ::ffff:209.172.32.29: 2 Time(s)
   root/password from ::ffff:209.200.241.2: 1 Time(s)
   root/password from ::ffff:211.46.67.3: 2 Time(s)
   root/password from ::ffff:217.206.149.66: 46 Time(s)

Users logging in through sshd:
   root:
      endora.lunarpages.com (209.200.241.2): 1 time


Received disconnect:
   11: Bye Bye
      ::ffff:209.172.32.29 : 123 Time(s)
      ::ffff:211.46.67.3 : 2 Time(s)
      ::ffff:217.206.149.66 : 51 Time(s)

**Unmatched Entries**
Invalid user t1na from ::ffff:209.172.32.29
input_userauth_request: invalid user t1na
Invalid user t1na from ::ffff:209.172.32.29
input_userauth_request: invalid user t1na
Failed password for invalid user t1na from ::ffff:209.172.32.29 port 34504 ssh2
Failed password for invalid user t1na from ::ffff:209.172.32.29 port 34730 ssh2
Invalid user t1na from ::ffff:209.172.32.29
input_userauth_request: invalid user t1na
Invalid user t1na from ::ffff:209.172.32.29
input_userauth_request: invalid user t1na
Failed password for invalid user t1na from ::ffff:209.172.32.29 port 35672 ssh2
Failed password for invalid user t1na from ::ffff:209.172.32.29 port 35107 ssh2
Invalid user t1na from ::ffff:209.172.32.29
input_userauth_request: invalid user t1na
Invalid user logic from ::ffff:209.172.32.29
input_userauth_request: invalid user logic
Invalid user t1na from ::ffff:209.172.32.29
input_userauth_request: invalid user t1na
Failed password for invalid user t1na from ::ffff:209.172.32.29 port 35843 ssh2
Failed password for invalid user logic from ::ffff:209.172.32.29 port 36437 ssh2
Failed password for invalid user t1na from ::ffff:209.172.32.29 port 36564 ssh2
Invalid user logic from ::ffff:209.172.32.29
input_userauth_request: invalid user logic
Invalid user diablo from ::ffff:209.172.32.29
input_userauth_request: invalid user diablo
Invalid user logic from ::ffff:209.172.32.29
input_userauth_request: invalid user logic
Failed password for invalid user logic from ::ffff:209.172.32.29 port 37345 ssh2
Failed password for invalid user diablo from ::ffff:209.172.32.29 port 37333 ssh2
Invalid user diablo from ::ffff:209.172.32.29
input_userauth_request: invalid user diablo
Failed password for invalid user logic from ::ffff:209.172.32.29 port 37312 ssh2
Invalid user b1ablo from ::ffff:209.172.32.29
input_userauth_request: invalid user b1ablo
Invalid user diablo from ::ffff:209.172.32.29
input_userauth_request: invalid user diablo
Failed password for invalid user diablo from ::ffff:209.172.32.29 port 38103 ssh2
Failed password for invalid user b1ablo from ::ffff:209.172.32.29 port 38197 ssh2
Failed password for invalid user diablo from ::ffff:209.172.32.29 port 38438 ssh2
Invalid user paradise from ::ffff:209.172.32.29
input_userauth_request: invalid user paradise
Invalid user b1ablo from ::ffff:209.172.32.29
input_userauth_request: invalid user b1ablo
Invalid user b1ablo from ::ffff:209.172.32.29
input_userauth_request: invalid user b1ablo
Failed password for invalid user paradise from ::ffff:209.172.32.29 port 38965 ssh2
Failed password for invalid user b1ablo from ::ffff:209.172.32.29 port 38855 ssh2
Failed password for invalid user b1ablo from ::ffff:209.172.32.29 port 39187 ssh2
Invalid user paradisse from ::ffff:209.172.32.29
input_userauth_request: invalid user paradisse
Invalid user paradise from ::ffff:209.172.32.29
input_userauth_request: invalid user paradise
Failed password for invalid user paradisse from ::ffff:209.172.32.29 port 39832 ssh2
Failed password for invalid user paradise from ::ffff:209.172.32.29 port 39964 ssh2
Invalid user baggio from ::ffff:209.172.32.29
input_userauth_request: invalid user baggio
Invalid user paradise from ::ffff:209.172.32.29
input_userauth_request: invalid user paradise
Invalid user paradisse from ::ffff:209.172.32.29
input_userauth_request: invalid user paradisse
Failed password for invalid user baggio from ::ffff:209.172.32.29 port 40712 ssh2
Failed password for invalid user paradise from ::ffff:209.172.32.29 port 39977 ssh2
Failed password for invalid user paradisse from ::ffff:209.172.32.29 port 40729 ssh2
Invalid user paradisse from ::ffff:209.172.32.29
input_userauth_request: invalid user paradisse
Invalid user baggio from ::ffff:209.172.32.29
input_userauth_request: invalid user baggio
Failed password for invalid user paradisse from ::ffff:209.172.32.29 port 41578 ssh2
Failed password for invalid user baggio from ::ffff:209.172.32.29 port 41585 ssh2
Invalid user baggio from ::ffff:209.172.32.29
input_userauth_request: invalid user baggio
Failed password for invalid user baggio from ::ffff:209.172.32.29 port 42333 ssh2
Invalid user roberto from ::ffff:209.172.32.29
input_userauth_request: invalid user roberto
Invalid user roberto from ::ffff:209.172.32.29
input_userauth_request: invalid user roberto
Failed password for invalid user roberto from ::ffff:209.172.32.29 port 43180 ssh2
Failed password for invalid user roberto from ::ffff:209.172.32.29 port 42633 ssh2
Invalid user kim from ::ffff:209.172.32.29
input_userauth_request: invalid user kim
Invalid user kim from ::ffff:209.172.32.29
input_userauth_request: invalid user kim
Failed password for invalid user kim from ::ffff:209.172.32.29 port 44108 ssh2
Invalid user space from ::ffff:209.172.32.29
input_userauth_request: invalid user space
Failed password for invalid user kim from ::ffff:209.172.32.29 port 43955 ssh2
Failed password for invalid user space from ::ffff:209.172.32.29 port 44823 ssh2
Invalid user space from ::ffff:209.172.32.29
input_userauth_request: invalid user space
Invalid user globe from ::ffff:209.172.32.29
input_userauth_request: invalid user globe
Failed password for invalid user space from ::ffff:209.172.32.29 port 45327 ssh2
Failed password for invalid user globe from ::ffff:209.172.32.29 port 45578 ssh2
Invalid user oscar from ::ffff:209.172.32.29
input_userauth_request: invalid user oscar
Invalid user globe from ::ffff:209.172.32.29
input_userauth_request: invalid user globe
Failed password for invalid user oscar from ::ffff:209.172.32.29 port 46370 ssh2
Failed password for invalid user globe from ::ffff:209.172.32.29 port 46325 ssh2
Invalid user oscar from ::ffff:209.172.32.29
input_userauth_request: invalid user oscar
Invalid user simbol from ::ffff:209.172.32.29
input_userauth_request: invalid user simbol
Failed password for invalid user oscar from ::ffff:209.172.32.29 port 47144 ssh2
Failed password for invalid user simbol from ::ffff:209.172.32.29 port 47114 ssh2
Invalid user simbol from ::ffff:209.172.32.29
input_userauth_request: invalid user simbol
Invalid user addicted from ::ffff:209.172.32.29
input_userauth_request: invalid user addicted
Failed password for invalid user simbol from ::ffff:209.172.32.29 port 47848 ssh2
Failed password for invalid user addicted from ::ffff:209.172.32.29 port 47890 ssh2
Invalid user addicted from ::ffff:209.172.32.29
input_userauth_request: invalid user addicted
Invalid user red from ::ffff:209.172.32.29
input_userauth_request: invalid user red
Failed password for invalid user addicted from ::ffff:209.172.32.29 port 48590 ssh2
Failed password for invalid user red from ::ffff:209.172.32.29 port 48634 ssh2
Invalid user red from ::ffff:209.172.32.29
input_userauth_request: invalid user red
Invalid user pink from ::ffff:209.172.32.29
input_userauth_request: invalid user pink
Failed password for invalid user red from ::ffff:209.172.32.29 port 49453 ssh2
Failed password for invalid user pink from ::ffff:209.172.32.29 port 49803 ssh2
Invalid user blue from ::ffff:209.172.32.29
input_userauth_request: invalid user blue
Invalid user pink from ::ffff:209.172.32.29
input_userauth_request: invalid user pink
Failed password for invalid user blue from ::ffff:209.172.32.29 port 50543 ssh2
Failed password for invalid user pink from ::ffff:209.172.32.29 port 50382 ssh2
Invalid user blue from ::ffff:209.172.32.29
input_userauth_request: invalid user blue
Failed password for invalid user blue from ::ffff:209.172.32.29 port 51487 ssh2
Invalid user accept from ::ffff:209.172.32.29
input_userauth_request: invalid user accept
Invalid user accept from ::ffff:209.172.32.29
input_userauth_request: invalid user accept
Failed password for invalid user accept from ::ffff:209.172.32.29 port 53141 ssh2
Invalid user leo from ::ffff:209.172.32.29
input_userauth_request: invalid user leo
Failed password for invalid user accept from ::ffff:209.172.32.29 port 53908 ssh2
Invalid user leo from ::ffff:209.172.32.29
input_userauth_request: invalid user leo
Failed password for invalid user leo from ::ffff:209.172.32.29 port 54863 ssh2
Invalid user zeppelin from ::ffff:209.172.32.29
input_userauth_request: invalid user zeppelin
Failed password for invalid user leo from ::ffff:209.172.32.29 port 55290 ssh2
Invalid user zeppelin from ::ffff:209.172.32.29
input_userauth_request: invalid user zeppelin
Failed password for invalid user zeppelin from ::ffff:209.172.32.29 port 55589 ssh2
Invalid user hacker from ::ffff:209.172.32.29
input_userauth_request: invalid user hacker
Failed password for invalid user zeppelin from ::ffff:209.172.32.29 port 56006 ssh2
Failed password for invalid user hacker from ::ffff:209.172.32.29 port 56293 ssh2
Invalid user hacker from ::ffff:209.172.32.29
input_userauth_request: invalid user hacker
Invalid user olga from ::ffff:209.172.32.29
input_userauth_request: invalid user olga
Failed password for invalid user hacker from ::ffff:209.172.32.29 port 56747 ssh2
Failed password for invalid user olga from ::ffff:209.172.32.29 port 56975 ssh2
Invalid user olga from ::ffff:209.172.32.29
input_userauth_request: invalid user olga
Invalid user boris from ::ffff:209.172.32.29
input_userauth_request: invalid user boris
Failed password for invalid user olga from ::ffff:209.172.32.29 port 57442 ssh2
Failed password for invalid user boris from ::ffff:209.172.32.29 port 57652 ssh2
Invalid user boris from ::ffff:209.172.32.29
input_userauth_request: invalid user boris
Invalid user mathew from ::ffff:209.172.32.29
input_userauth_request: invalid user mathew
Failed password for invalid user boris from ::ffff:209.172.32.29 port 58255 ssh2
Failed password for invalid user mathew from ::ffff:209.172.32.29 port 58487 ssh2
Invalid user mathew from ::ffff:209.172.32.29
input_userauth_request: invalid user mathew
Invalid user testing from ::ffff:209.172.32.29
input_userauth_request: invalid user testing
Failed password for invalid user mathew from ::ffff:209.172.32.29 port 58972 ssh2
Failed password for invalid user testing from ::ffff:209.172.32.29 port 59235 ssh2
Invalid user testing from ::ffff:209.172.32.29
input_userauth_request: invalid user testing
Invalid user galaxy from ::ffff:209.172.32.29
input_userauth_request: invalid user galaxy
Failed password for invalid user testing from ::ffff:209.172.32.29 port 59993 ssh2
Failed password for invalid user galaxy from ::ffff:209.172.32.29 port 60082 ssh2
Invalid user galaxy from ::ffff:209.172.32.29
input_userauth_request: invalid user galaxy
Failed password for invalid user galaxy from ::ffff:209.172.32.29 port 60679 ssh2
Invalid user venice from ::ffff:209.172.32.29
input_userauth_request: invalid user venice
Failed password for invalid user venice from ::ffff:209.172.32.29 port 33959 ssh2
Invalid user venice from ::ffff:209.172.32.29
input_userauth_request: invalid user venice
Failed password for invalid user venice from ::ffff:209.172.32.29 port 33414 ssh2
Invalid user user3 from ::ffff:209.172.32.29
input_userauth_request: invalid user user3
Failed password for invalid user user3 from ::ffff:209.172.32.29 port 35254 ssh2
Invalid user sa from ::ffff:209.172.32.29
input_userauth_request: invalid user sa
Failed password for invalid user sa from ::ffff:209.172.32.29 port 36514 ssh2
Invalid user acer from ::ffff:209.172.32.29
input_userauth_request: invalid user acer
Failed password for invalid user acer from ::ffff:209.172.32.29 port 37213 ssh2
Invalid user angus from ::ffff:209.172.32.29
input_userauth_request: invalid user angus
Failed password for invalid user angus from ::ffff:209.172.32.29 port 38308 ssh2
Invalid user mars from ::ffff:209.172.32.29
input_userauth_request: invalid user mars
Failed password for invalid user mars from ::ffff:209.172.32.29 port 39100 ssh2
Invalid user cruz from ::ffff:209.172.32.29
input_userauth_request: invalid user cruz
Failed password for invalid user cruz from ::ffff:209.172.32.29 port 40044 ssh2
Invalid user danny from ::ffff:209.172.32.29
input_userauth_request: invalid user danny
Failed password for invalid user danny from ::ffff:209.172.32.29 port 40875 ssh2
Invalid user george from ::ffff:209.172.32.29
input_userauth_request: invalid user george
Failed password for invalid user george from ::ffff:209.172.32.29 port 41574 ssh2
Invalid user georgel from ::ffff:209.172.32.29
input_userauth_request: invalid user georgel
Failed password for invalid user georgel from ::ffff:209.172.32.29 port 42227 ssh2
Invalid user eggdrop from ::ffff:209.172.32.29
input_userauth_request: invalid user eggdrop
Failed password for invalid user eggdrop from ::ffff:209.172.32.29 port 42910 ssh2
Invalid user usd from ::ffff:209.172.32.29
input_userauth_request: invalid user usd
Failed password for invalid user usd from ::ffff:209.172.32.29 port 44241 ssh2
Invalid user test from ::ffff:209.172.32.29
input_userauth_request: invalid user test
Failed password for invalid user test from ::ffff:209.172.32.29 port 45018 ssh2
Invalid user ftpadmin from ::ffff:209.172.32.29
input_userauth_request: invalid user ftpadmin
Failed password for invalid user ftpadmin from ::ffff:209.172.32.29 port 45768 ssh2
Invalid user helen from ::ffff:209.172.32.29
input_userauth_request: invalid user helen
Failed password for invalid user helen from ::ffff:209.172.32.29 port 46739 ssh2
Invalid user jobs from ::ffff:209.172.32.29
input_userauth_request: invalid user jobs
Failed password for invalid user jobs from ::ffff:209.172.32.29 port 47539 ssh2
Invalid user bella from ::ffff:209.172.32.29
input_userauth_request: invalid user bella
Failed password for invalid user bella from ::ffff:209.172.32.29 port 48896 ssh2
Invalid user web2 from ::ffff:209.172.32.29
input_userauth_request: invalid user web2
Failed password for invalid user web2 from ::ffff:209.172.32.29 port 50152 ssh2
Invalid user spam from ::ffff:209.172.32.29
input_userauth_request: invalid user spam
Failed password for invalid user spam from ::ffff:209.172.32.29 port 50849 ssh2
Invalid user alex from ::ffff:209.172.32.29
input_userauth_request: invalid user alex
Failed password for invalid user alex from ::ffff:209.172.32.29 port 52869 ssh2
Invalid user ralph from ::ffff:209.172.32.29
input_userauth_request: invalid user ralph
Failed password for invalid user ralph from ::ffff:209.172.32.29 port 53674 ssh2
Invalid user jefferson from ::ffff:209.172.32.29
input_userauth_request: invalid user jefferson
Failed password for invalid user jefferson from ::ffff:209.172.32.29 port 54601 ssh2
Invalid user carla from ::ffff:209.172.32.29
input_userauth_request: invalid user carla
Failed password for invalid user carla from ::ffff:209.172.32.29 port 55265 ssh2
Invalid user thomas from ::ffff:209.172.32.29
input_userauth_request: invalid user thomas
Failed password for invalid user thomas from ::ffff:209.172.32.29 port 56215 ssh2
Invalid user stephen from ::ffff:209.172.32.29
input_userauth_request: invalid user stephen
Failed password for invalid user stephen from ::ffff:209.172.32.29 port 56913 ssh2
Invalid user scan from ::ffff:209.172.32.29
input_userauth_request: invalid user scan
Failed password for invalid user scan from ::ffff:209.172.32.29 port 58439 ssh2
Invalid user jeff from ::ffff:209.172.32.29
input_userauth_request: invalid user jeff
Failed password for invalid user jeff from ::ffff:209.172.32.29 port 59176 ssh2
Invalid user guest from ::ffff:209.172.32.29
input_userauth_request: invalid user guest
Failed password for invalid user guest from ::ffff:209.172.32.29 port 59908 ssh2
Invalid user cathy from ::ffff:209.172.32.29
input_userauth_request: invalid user cathy
Failed password for invalid user cathy from ::ffff:209.172.32.29 port 60730 ssh2
Invalid user bob from ::ffff:209.172.32.29
input_userauth_request: invalid user bob
Failed password for invalid user bob from ::ffff:209.172.32.29 port 33897 ssh2
Invalid user denis from ::ffff:209.172.32.29
input_userauth_request: invalid user denis
Failed password for invalid user denis from ::ffff:209.172.32.29 port 34584 ssh2
Invalid user dennis from ::ffff:209.172.32.29
input_userauth_request: invalid user dennis
Failed password for invalid user dennis from ::ffff:209.172.32.29 port 35242 ssh2
Invalid user download from ::ffff:209.172.32.29
input_userauth_request: invalid user download
Failed password for invalid user download from ::ffff:209.172.32.29 port 35945 ssh2
Invalid user video from ::ffff:209.172.32.29
input_userauth_request: invalid user video
Failed password for invalid user video from ::ffff:209.172.32.29 port 37178 ssh2
Invalid user luciana from ::ffff:209.172.32.29
input_userauth_request: invalid user luciana
Failed password for invalid user luciana from ::ffff:209.172.32.29 port 37906 ssh2
Invalid user sunny from ::ffff:209.172.32.29
input_userauth_request: invalid user sunny
Failed password for invalid user sunny from ::ffff:209.172.32.29 port 38663 ssh2
Invalid user online from ::ffff:209.172.32.29
input_userauth_request: invalid user online
Failed password for invalid user online from ::ffff:209.172.32.29 port 39327 ssh2
Invalid user office from ::ffff:209.172.32.29
input_userauth_request: invalid user office
Failed password for invalid user office from ::ffff:209.172.32.29 port 39981 ssh2
Invalid user abba from ::ffff:209.172.32.29
input_userauth_request: invalid user abba
Failed password for invalid user abba from ::ffff:209.172.32.29 port 41347 ssh2
Invalid user sam from ::ffff:209.172.32.29
input_userauth_request: invalid user sam
Failed password for invalid user sam from ::ffff:209.172.32.29 port 42029 ssh2
Invalid user kelvin from ::ffff:209.172.32.29
input_userauth_request: invalid user kelvin
Failed password for invalid user kelvin from ::ffff:209.172.32.29 port 43266 ssh2
Invalid user monroe from ::ffff:209.172.32.29
input_userauth_request: invalid user monroe
Failed password for invalid user monroe from ::ffff:209.172.32.29 port 43929 ssh2
Invalid user test1 from ::ffff:209.172.32.29
input_userauth_request: invalid user test1
Failed password for invalid user test1 from ::ffff:209.172.32.29 port 44585 ssh2
Invalid user proxy from ::ffff:209.172.32.29
input_userauth_request: invalid user proxy
Failed password for invalid user proxy from ::ffff:209.172.32.29 port 45404 ssh2
Invalid user client from ::ffff:209.172.32.29
input_userauth_request: invalid user client
Failed password for invalid user client from ::ffff:209.172.32.29 port 46238 ssh2
Invalid user carolina from ::ffff:209.172.32.29
input_userauth_request: invalid user carolina
Failed password for invalid user carolina from ::ffff:209.172.32.29 port 47331 ssh2
Invalid user ray from ::ffff:209.172.32.29
input_userauth_request: invalid user ray
Failed password for invalid user ray from ::ffff:209.172.32.29 port 48244 ssh2
Invalid user raymond from ::ffff:209.172.32.29
input_userauth_request: invalid user raymond
Failed password for invalid user raymond from ::ffff:209.172.32.29 port 49073 ssh2
Invalid user usr from ::ffff:209.172.32.29
input_userauth_request: invalid user usr
Failed password for invalid user usr from ::ffff:209.172.32.29 port 49903 ssh2
Invalid user robert from ::ffff:209.172.32.29
input_userauth_request: invalid user robert
Failed password for invalid user robert from ::ffff:209.172.32.29 port 50636 ssh2
Invalid user laura from ::ffff:209.172.32.29
input_userauth_request: invalid user laura
Failed password for invalid user laura from ::ffff:209.172.32.29 port 51549 ssh2
Invalid user matt from ::ffff:209.172.32.29
input_userauth_request: invalid user matt
Failed password for invalid user matt from ::ffff:209.172.32.29 port 52219 ssh2
Invalid user mat from ::ffff:209.172.32.29
input_userauth_request: invalid user mat
Failed password for invalid user mat from ::ffff:209.172.32.29 port 53078 ssh2
Invalid user imaging from ::ffff:217.206.149.66
input_userauth_request: invalid user imaging
Failed password for invalid user imaging from ::ffff:217.206.149.66 port 1904 ssh2
Invalid user test from ::ffff:217.206.149.66
input_userauth_request: invalid user test
Failed password for invalid user test from ::ffff:217.206.149.66 port 2673 ssh2
Invalid user shell from ::ffff:217.206.149.66
input_userauth_request: invalid user shell
Failed password for invalid user shell from ::ffff:217.206.149.66 port 3668 ssh2
Invalid user debian from ::ffff:217.206.149.66
input_userauth_request: invalid user debian
Failed password for invalid user debian from ::ffff:217.206.149.66 port 4361 ssh2
Invalid user admin from ::ffff:217.206.149.66
input_userauth_request: invalid user admin
Failed password for invalid user admin from ::ffff:217.206.149.66 port 1938 ssh2

---------------------- SSHD End -------------------------

Are the above invalid hacks?
0
 
ezatonCommented:
Yes, they are. You have attempts from all kinds of users, for example (look at the two last lines:) "admin" and (two lines above it) "debian".
If your server does not allow direct access through root, and you have a complicated enough passwords for users, you should be quite safe. However, using something similar to "denyhosts" - http://denyhosts.sourceforge.net/ would ease your management burden in this aspect.
0
 
http:// thevpn.guruCommented:
Check this post ..it happened to me a few weeks ago..added to what ezaton said you can also block requests to ssh from all ips except from your IP..that is if you have a static IP
http://www.experts-exchange.com/Security/Misc/Q_22855866.html
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now