[Gllug] Non-existent user in /var/log/secure
gvimrc
gvimrc at googlemail.com
Wed Jun 24 14:33:18 UTC 2009
Peter Corlett wrote:
> That looks awfully like you're being ssh scanned by a worm. Apart from the
> light bandwidth drain and filling your logs, it's harmless provided you have
> strong passwords on all of your accounts.
>
More info. Here are the full log entries. These are being logged at 4-sec. intervals.
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user <someuser>
dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:<my home IP>
Can't work out how my home IP is involved as my mail client has no account with the username <someuser>
gvim
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list