[Gllug] Non-existent user in /var/log/secure

gvimrc gvimrc at googlemail.com
Wed Jun 24 14:33:18 UTC 2009


Peter Corlett wrote:
 > That looks awfully like you're being ssh scanned by a worm. Apart from the
> light bandwidth drain and filling your logs, it's harmless provided you have
> strong passwords on all of your accounts.
> 

More info. Here are the full log entries. These are being logged at 4-sec. intervals.

dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user <someuser>
dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:<my home IP>

Can't work out how my home IP is involved as my mail client has no account with the username <someuser>

gvim
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list