Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
What should I do?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
Sprotte
Apprentice
Apprentice


Joined: 18 Oct 2004
Posts: 217
Location: Kiel, Germany

PostPosted: Mon Jun 30, 2008 7:09 pm    Post subject: What should I do? Reply with quote

Lots of this in my little router's log:

Quote:
Jul 1 02:38:02 pathfinder sshd[12003]: Connection from 82.138.2.66 port 50883
Jul 1 02:38:02 pathfinder sshd[12003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.138.2.66 user=root
Jul 1 02:38:05 pathfinder sshd[12003]: Failed password for root from 82.138.2.66 port 50883 ssh2
Jul 1 02:38:05 pathfinder sshd[12005]: Connection from 82.138.2.66 port 51131
Jul 1 02:38:06 pathfinder sshd[12005]: Invalid user student from 82.138.2.66
Jul 1 02:38:06 pathfinder sshd[12005]: pam_unix(sshd:auth): check pass; user unknown
Jul 1 02:38:06 pathfinder sshd[12005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.138.2.66
Jul 1 02:38:08 pathfinder sshd[12005]: Failed password for invalid user student from 82.138.2.66 port 51131 ssh2
Jul 1 02:38:08 pathfinder sshd[12007]: Connection from 82.138.2.66 port 51414
Jul 1 02:38:09 pathfinder sshd[12007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.138.2.66 user=root
Jul 1 02:38:11 pathfinder sshd[12007]: Failed password for root from 82.138.2.66 port 51414 ssh2
Jul 1 02:38:12 pathfinder sshd[12009]: Connection from 82.138.2.66 port 51659
Jul 1 02:38:12 pathfinder sshd[12009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.138.2.66 user=root
Jul 1 02:38:14 pathfinder sshd[12009]: Failed password for root from 82.138.2.66 port 51659 ssh2
Jul 1 02:38:15 pathfinder sshd[12011]: Connection from 82.138.2.66 port 51886
Jul 1 02:38:15 pathfinder sshd[12011]: Invalid user httpd from 82.138.2.66
Jul 1 02:38:15 pathfinder sshd[12011]: pam_unix(sshd:auth): check pass; user unknown
Jul 1 02:38:15 pathfinder sshd[12011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.138.2.66
Jul 1 02:38:18 pathfinder sshd[12011]: Failed password for invalid user httpd from 82.138.2.66 port 51886


It tries names like guest, generalmanager etc. It's probably a script, right?

I did a whois on the IP address, should I write an angry email or just let it drop?

I took the router offline, restarted sshd, changed all passwords and double-checked my iptables script. Normally I shouldn't be visible from the internet, apparently I had modified my iptables rules for testing and forgot to reset them. :-/

Why does it say "check pass?" What should I look for in the log?

It looks like he/she/it didn't manage to crack a password, they're pretty strong but I still changed them.

ggrrr, damn hackers.
Back to top
View user's profile Send private message
nixnut
Administrator
Administrator


Joined: 09 Apr 2004
Posts: 10973
Location: the dutch mountains

PostPosted: Mon Jun 30, 2008 7:27 pm    Post subject: Reply with quote

See https://forums.gentoo.org/viewtopic-t-421706.html
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

talk is cheap. supply exceeds demand
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum