Find the answer to your Linux question:
Results 1 to 10 of 10
Is some one trying to hack into system Jan 21 19:17:14 ip-10-212-187-79 sshd[13665]: Invalid user www from 222.41.213.238 Jan 21 19:17:16 ip-10-212-187-79 sshd[13665]: Failed password for invalid user www from ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,757

    hackers ??


    Is some one trying to hack into system

    Jan 21 19:17:14 ip-10-212-187-79 sshd[13665]: Invalid user www from 222.41.213.238
    Jan 21 19:17:16 ip-10-212-187-79 sshd[13665]: Failed password for invalid user www from 222.41.213.238 port 12806 ssh2
    Jan 21 19:17:16 ip-10-212-187-79 sshd[13666]: Received disconnect from 222.41.213.238: 11: Bye Bye
    Jan 21 19:17:18 ip-10-212-187-79 sshd[13668]: input_userauth_request: invalid user wwwrun
    Jan 21 19:17:18 ip-10-212-187-79 sshd[13667]: Invalid user wwwrun from 222.41.213.238
    Jan 21 19:17:21 ip-10-212-187-79 sshd[13667]: Failed password for invalid user wwwrun from 222.41.213.238 port 14839 ssh2
    Jan 21 19:17:21 ip-10-212-187-79 sshd[13668]: Received disconnect from 222.41.213.238: 11: Bye Bye
    Jan 21 19:17:23 ip-10-212-187-79 sshd[13670]: input_userauth_request: invalid user adam
    Jan 21 19:17:23 ip-10-212-187-79 sshd[13669]: Invalid user adam from 222.41.213.238
    Jan 21 19:17:25 ip-10-212-187-79 sshd[13669]: Failed password for invalid user adam from 222.41.213.238 port 12524 ssh2
    Jan 21 19:17:25 ip-10-212-187-79 sshd[13670]: Received disconnect from 222.41.213.238: 11: Bye Bye
    Jan 21 19:17:27 ip-10-212-187-79 sshd[13671]: Invalid user stephen from 222.41.213.238
    Jan 21 19:17:27 ip-10-212-187-79 sshd[13672]: input_userauth_request: invalid user stephen
    Jan 21 19:17:30 ip-10-212-187-79 sshd[13671]: Failed password for invalid user stephen from 222.41.213.238 port 15935 ssh2
    Jan 21 19:17:30 ip-10-212-187-79 sshd[13672]: Received disconnect from 222.41.213.238: 11: Bye Bye
    Jan 21 19:17:32 ip-10-212-187-79 sshd[13673]: Invalid user richard from 222.41.213.238
    Jan 21 19:17:32 ip-10-212-187-79 sshd[13674]: input_userauth_request: invalid user richard
    Jan 21 19:17:34 ip-10-212-187-79 sshd[13673]: Failed password for invalid user richard from 222.41.213.238 port 15148 ssh2
    Jan 21 19:17:34 ip-10-212-187-79 sshd[13674]: Received disconnect from 222.41.213.238: 11: Bye Bye
    Jan 21 19:17:36 ip-10-212-187-79 sshd[13676]: input_userauth_request: invalid user george
    Jan 21 19:17:36 ip-10-212-187-79 sshd[13675]: Invalid user george from 222.41.213.238
    Jan 21 19:17:38 ip-10-212-187-79 sshd[13675]: Failed password for invalid user george from 222.41.213.238 port 14275 ssh2
    Jan 21 19:17:38 ip-10-212-187-79 sshd[13676]: Received disconnect from 222.41.213.238: 11: Bye Bye
    Jan 21 19:17:40 ip-10-212-187-79 sshd[13678]: input_userauth_request: invalid user michael
    Jan 21 19:17:40 ip-10-212-187-79 sshd[13677]: Invalid user michael from 222.41.213.238
    Jan 21 19:17:42 ip-10-212-187-79 sshd[13677]: Failed password for invalid user michael from 222.41.213.238 port 15107 ssh2
    Jan 21 19:17:43 ip-10-212-187-79 sshd[13678]: Received disconnect from 222.41.213.238: 11: Bye Bye
    Jan 21 19:17:45 ip-10-212-187-79 sshd[13680]: input_userauth_request: invalid user john
    Jan 21 19:17:45 ip-10-212-187-79 sshd[13679]: Invalid user john from 222.41.213.238
    Jan 21 19:17:48 ip-10-212-187-79 sshd[13679]: Failed password for invalid user john from 222.41.213.238 port 12597 ssh2
    Jan 21 19:17:48 ip-10-212-187-79 sshd[13680]: Received disconnect from 222.41.213.238: 11: Bye Bye
    Jan 21 19:17:50 ip-10-212-187-79 sshd[13682]: input_userauth_request: invalid user david
    Jan 21 19:17:50 ip-10-212-187-79 sshd[13681]: Invalid user david from 222.41.213.238
    Jan 21 19:17:52 ip-10-212-187-79 sshd[13681]: Failed password for invalid user david from 222.41.213.238 port 14336 ssh2
    Jan 21 19:17:52 ip-10-212-187-79 sshd[13682]: Received disconnect from 222.41.213.238: 11: Bye Bye
    Jan 21 19:17:54 ip-10-212-187-79 sshd[13684]: input_userauth_request: invalid user paul

    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  2. #2
    Linux Engineer GNU-Fan's Avatar
    Join Date
    Mar 2008
    Posts
    935
    These are the usual random login attempts from bots all around the globe.
    It is nothing personal and if you switch the port of the SSH server to some non-standard number, they won't follow you.
    Debian GNU/Linux -- You know you want it.

  3. #3
    Linux Enthusiast Bemk's Avatar
    Join Date
    Sep 2008
    Location
    Oosterhout-NB, Netherlands
    Posts
    525
    Quote Originally Posted by GNU-Fan View Post
    These are the usual random login attempts from bots all around the globe.
    It is nothing personal and if you switch the port of the SSH server to some non-standard number, they won't follow you.
    I've had the same, and people also try to find things on my server that don't exist at all. The only problem I get is when there are too many of them at once. My server starts beeping a bit because it gets warm (It's just a normal desktop machine from Dell running server software). Resolved the ssh problem by moving to some other port. Nice this peace and quietness.

  4. #4
    oxf
    oxf is offline
    Linux Newbie
    Join Date
    May 2009
    Location
    Oxfordshire, UK
    Posts
    187
    Quote Originally Posted by GNU-Fan View Post
    These are the usual random login attempts from bots all around the globe.
    It is nothing personal and if you switch the port of the SSH server to some non-standard number, they won't follow you.
    Could you elaborate for us less informed exactly how to do this? and if there is a downside to doing this?
    Thanks

  5. #5
    Linux Enthusiast Bemk's Avatar
    Join Date
    Sep 2008
    Location
    Oosterhout-NB, Netherlands
    Posts
    525
    changing the port you listen to is done in the /etc/ssh/sshd_config file

    The advantage of it is that those bots won't follow you to that port, the disadvantage is that you instead of the ssh [uname]@[host] command you will have to give the ssh [uname]@[host] -p [portNo].

    Beware when doing this on servers, you can't configure without ssh, for I have managed to break the ssh server on one of those. When SSH is forwarded, that must be taken into account, but that's just networking basics.

  6. #6
    oxf
    oxf is offline
    Linux Newbie
    Join Date
    May 2009
    Location
    Oxfordshire, UK
    Posts
    187
    Quote Originally Posted by Bemk View Post
    changing the port you listen to is done in the /etc/ssh/sshd_config file

    The advantage of it is that those bots won't follow you to that port, the disadvantage is that you instead of the ssh [uname]@[host] command you will have to give the ssh [uname]@[host] -p [portNo].

    Beware when doing this on servers, you can't configure without ssh, for I have managed to break the ssh server on one of those. When SSH is forwarded, that must be taken into account, but that's just networking basics.
    OK Many thanks!

  7. #7
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,757
    I have a doubt about changing ssh port. If i change the port number ,is it possible to detect them using some tools like nmap
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  8. #8
    Linux Engineer GNU-Fan's Avatar
    Join Date
    Mar 2008
    Posts
    935
    Yes, it is.

    But there are about 64000 possible ports to scan on one single machine. In about the same time, the invader could try instead the standard ports of 64000 different computers. This is why they aren't bothering you anymore, unless they are really serious about cracking your machine in particular.

    If you are concerned about the SSH port visible, this can be fixed by certain firewall setups, like a "port-knocker". I don't think that's necessary for private servers though.
    Debian GNU/Linux -- You know you want it.

  9. #9
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,757
    Thanks GNU-Fan and thank you all for your answers.
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  10. #10
    Linux Enthusiast Bemk's Avatar
    Join Date
    Sep 2008
    Location
    Oosterhout-NB, Netherlands
    Posts
    525
    You're welcome, Lakshmi

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •