[SATLUG] /var/log/secure: ssh attack
Luis
junkmailer at satx.rr.com
Fri Sep 3 19:23:52 CDT 2004
It appears that some one has found out that I have been using linux.
In my /var/log/secure, I have found:
Failed password for illegal user admin from 202.114.88.96 port 36122 ssh2
sshd[2479]: Failed password for illegal user test from 212.234.101.249
port 53231 ssh2
sshd[2573]: scanned from 66.15.86.156 with SSH-1.0-SSH_Version_Mapper.
Don't panic.
I have put them in my /etc/hosts.deny.
cut -d: -f1 /etc/passwd | while read a
> do
> passwd -S $a
> done
I did a nslookup on the IP address and a whois on the name server.
I emailed the admin to let them know about the abuse fromtheir user.
In the old days they used to knock off users for that.
Any other suggestions?
More information about the Satlug
mailing list