[HLUG] Last couple of messages didn't go through
Mark Broadbent
markb at wetlettuce.com
Sun Jan 1 14:21:06 GMT 2006
David Shorthouse wrote:
> Hi All,
>
> ...
>
> PS why didn't my message not go through last time see below. :
Didn't see in the mod requests, it might have been blocked further upstream.
>
> Happy new-year.....
And you.
>
> Hi All,
>
> I hope everyone is still merry after the Christmas break and ready for the
> New years one.... :)
>
> I have noticed someone has been/or trying to gain access to my ssh on my
> linux server. I get a log sent to my gmail account every hour from my
> router. I have noticed that the ssh port 22 being used. see below.
>
> Wed, 2005-12-28 19:29:02 - TCP Packet - Source:202.63.114.43,46799
> Destination:192.168.0.2,22 - [SSH match]
> Wed, 2005-12-28 19:29:14 - TCP Packet - Source:202.63.114.43,48700
> Destination:192.168.0.2,22 - [SSH match]
> Wed, 2005-12-28 19:29:17 - TCP Packet - Source:202.63.114.43,48779
> Destination:192.168.0.2,22 - [SSH match]
> Wed, 2005-12-28 19:29:21 - TCP Packet - Source:202.63.114.43,48858
> Destination:192.168.0.2,22 - [SSH match]
> Wed, 2005-12-28 19:29:26 - TCP Packet - Source:202.63.114.43,49768
> Destination:192.168.0.2,22 - [SSH match]
>
> Although from this i can tell someone is trying to gain access but is there
> somewhere that will log ssh attempts???
>
If your using a redhat based distro then try looking in /var/log/secure,
debian based try /var/log/auth for failed login attempts. This is
[unfortunately] fairly normal behaviour for open SSH servers on the
Internet, just make sure you keep your distro up-to-date. I'd also
recommend that only allow logins using public-key authentication and
disable root logins for extra security.
Thanks
Mark
--
Mark Broadbent <markb at wetlettuce.com>
Herefordshire LUG Master
Web: www.wetlettuce.com
LUG: www.herefordshire.lug.org.uk
More information about the Herefordshire
mailing list