Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Question.
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Hydraulix
Guru
Guru


Joined: 12 Dec 2003
Posts: 447
PostPosted: Wed Mar 08, 2006 9:52 am    Post subject: Question. Reply with quote
I just started up my server and I am getting a ton of failed password errors in my secure log. Should I be worried?


Code:

                                                                     
                                                                     
                                                                     
                                             
Mar  6 18:30:04 localhost sshd[1975]: Server listening on :: port 22.
Mar  6 18:30:04 localhost sshd[1975]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Mar  6 18:31:55 localhost useradd[2176]: new group: name=Hydraulix, gid=500
Mar  6 18:31:55 localhost useradd[2176]: new user: name=Hydraulix, uid=500, gid=500, home=/home/Hydraulix, shell=/bin/bash
Mar  6 18:31:55 localhost usermod[2178]: change user `Hydraulix' password
Mar  7 08:47:38 localhost userhelper[9446]: pam_timestamp: updated timestamp file `/var/run/sudo/Hydraulix/unknown:root'
Mar  7 08:47:38 localhost userhelper[9450]: running '/usr/sbin/up2date --uuid 2fb88ce6-ad66-11da-844b-ad982d497d30' with root privileges on behalf of 'Hydraulix'
Mar  7 17:18:18 localhost sshd[1975]: Received signal 15; terminating.
Mar  7 17:18:21 localhost sshd[14069]: Server listening on :: port 22.
Mar  7 17:18:21 localhost sshd[14069]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Mar  7 17:19:23 localhost sshd[14083]: Accepted password for Hydraulix from ::ffff:192.168.1.100 port 2214 ssh2
Mar  7 17:20:51 localhost sshd[14069]: Received signal 15; terminating.
Mar  7 17:20:51 localhost sshd[14175]: Server listening on :: port 22.
Mar  7 17:20:51 localhost sshd[14175]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Mar  7 17:21:16 localhost sshd[14194]: Failed password for root from ::ffff:192.168.1.100 port 2217 ssh2
Mar  7 17:21:25 localhost last message repeated 3 times
Mar  7 17:22:03 localhost sshd[14252]: Accepted password for Hydraulix from ::ffff:192.168.1.1 port 2243 ssh2
Mar  7 17:26:52 localhost sshd[14731]: Accepted password for Hydraulix from ::ffff:192.168.1.1 port 2365 ssh2
Mar  7 17:26:52 localhost sshd[14739]: subsystem request for sftp
Mar  7 17:27:04 localhost sshd[14739]: Received disconnect from ::ffff:192.168.1.1: 11: Client disconnect
Mar  7 17:28:17 localhost sshd[14800]: Did not receive identification string from ::ffff:192.168.1.1
Mar  7 17:28:27 localhost sshd[14813]: Did not receive identification string from ::ffff:192.168.1.1
Mar  7 17:34:47 localhost sshd[14976]: Accepted password for Hydraulix from ::ffff:192.168.1.1 port 2389 ssh2
Mar  7 17:55:14 localhost sshd[14175]: Received signal 15; terminating.
Mar  7 17:55:17 localhost sshd[21706]: Server listening on :: port 22.
Mar  7 17:55:17 localhost sshd[21706]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Mar  7 17:56:14 localhost sshd[21706]: Received signal 15; terminating.
Mar  7 17:59:23 localhost sshd[1700]: Server listening on :: port 22.
Mar  7 17:59:23 localhost sshd[1700]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Mar  7 18:03:18 localhost sshd[1700]: Received signal 15; terminating.
Mar  7 18:06:11 localhost sshd[1695]: Server listening on :: port 22.
Mar  7 18:06:11 localhost sshd[1695]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Mar  7 18:14:22 localhost sshd[2354]: Accepted password for Hydraulix from 192.168.1.1 port 2689 ssh2
Mar  7 18:25:21 localhost sshd[2490]: Did not receive identification string from 221.0.185.126
Mar  7 18:26:47 localhost sshd[2497]: Failed password for root from 221.0.185.126 port 38549 ssh2
Mar  7 18:26:50 localhost sshd[2497]: Failed password for root from 221.0.185.126 port 38549 ssh2
Mar  7 18:27:14 localhost sshd[2501]: Failed password for root from 221.0.185.126 port 38746 ssh2
Mar  7 18:27:17 localhost sshd[2501]: Failed password for root from 221.0.185.126 port 38746 ssh2
Mar  7 18:27:41 localhost sshd[2505]: Failed password for root from 221.0.185.126 port 38943 ssh2
Mar  7 18:27:44 localhost sshd[2505]: Failed password for root from 221.0.185.126 port 38943 ssh2
Mar  7 18:28:10 localhost sshd[2531]: Failed password for root from 221.0.185.126 port 39135 ssh2
Mar  7 18:28:13 localhost sshd[2531]: Failed password for root from 221.0.185.126 port 39135 ssh2
Mar  7 18:28:37 localhost sshd[2536]: Failed password for root from 221.0.185.126 port 39330 ssh2
Mar  7 18:28:40 localhost sshd[2536]: Failed password for root from 221.0.185.126 port 39330 ssh2
Mar  7 18:29:04 localhost sshd[2540]: Invalid user admin from 221.0.185.126
Mar  7 18:29:07 localhost sshd[2540]: Failed password for invalid user admin from 221.0.185.126 port 39527 ssh2
Mar  7 18:29:10 localhost sshd[2540]: Failed password for invalid user admin from 221.0.185.126 port 39527 ssh2
Mar  7 18:29:41 localhost sshd[2544]: Failed password for root from 221.0.185.126 port 39719 ssh2
Mar  7 18:29:44 localhost sshd[2544]: Failed password for root from 221.0.185.126 port 39719 ssh2
Mar  7 18:30:11 localhost sshd[2550]: Failed password for root from 221.0.185.126 port 39917 ssh2
Mar  7 18:30:14 localhost sshd[2550]: Failed password for root from 221.0.185.126 port 39917 ssh2
Mar  7 18:30:37 localhost sshd[2574]: Failed password for root from 221.0.185.126 port 40106 ssh2
Mar  7 18:30:40 localhost sshd[2574]: Failed password for root from 221.0.185.126 port 40106 ssh2
Mar  7 18:31:08 localhost sshd[2581]: Failed password for root from 221.0.185.126 port 40325 ssh2
Mar  7 18:31:11 localhost sshd[2581]: Failed password for root from 221.0.185.126 port 40325 ssh2
Mar  7 18:31:29 localhost sshd[2585]: Failed password for root from 221.0.185.126 port 40490 ssh2
Mar  7 18:31:32 localhost sshd[2585]: Failed password for root from 221.0.185.126 port 40490 ssh2
Mar  7 18:31:55 localhost sshd[2607]: Failed password for root from 221.0.185.126 port 40680 ssh2
Mar  7 18:31:57 localhost sshd[2607]: Failed password for root from 221.0.185.126 port 40680 ssh2
Mar  7 18:32:20 localhost sshd[2611]: Failed password for root from 221.0.185.126 port 40868 ssh2
Mar  7 18:32:23 localhost sshd[2611]: Failed password for root from 221.0.185.126 port 40868 ssh2
Mar  7 18:32:46 localhost sshd[2615]: Failed password for root from 221.0.185.126 port 41067 ssh2
Mar  7 18:32:49 localhost sshd[2615]: Failed password for root from 221.0.185.126 port 41067 ssh2
Mar  7 18:33:10 localhost sshd[2618]: Failed password for root from 221.0.185.126 port 41248 ssh2
Mar  7 18:33:13 localhost sshd[2618]: Failed password for root from 221.0.185.126 port 41248 ssh2
Mar  7 18:33:36 localhost sshd[2622]: Failed password for root from 221.0.185.126 port 41437 ssh2
Mar  7 18:33:38 localhost sshd[2622]: Failed password for root from 221.0.185.126 port 41437 ssh2
Mar  7 18:34:00 localhost sshd[2626]: Failed password for root from 221.0.185.126 port 41625 ssh2
Mar  7 18:34:03 localhost sshd[2626]: Failed password for root from 221.0.185.126 port 41625 ssh2
Mar  7 18:34:26 localhost sshd[2629]: Failed password for root from 221.0.185.126 port 41815 ssh2
Mar  7 18:34:28 localhost sshd[2629]: Failed password for root from 221.0.185.126 port 41815 ssh2
Mar  7 18:34:51 localhost sshd[2633]: Failed password for root from 221.0.185.126 port 42005 ssh2
Mar  7 18:34:54 localhost sshd[2633]: Failed password for root from 221.0.185.126 port 42005 ssh2
Mar  7 18:35:16 localhost sshd[2639]: Failed password for root from 221.0.185.126 port 42193 ssh2
Mar  7 18:35:19 localhost sshd[2639]: Failed password for root from 221.0.185.126 port 42193 ssh2
Mar  7 18:35:42 localhost sshd[2642]: Failed password for root from 221.0.185.126 port 42387 ssh2
Mar  7 18:35:45 localhost sshd[2642]: Failed password for root from 221.0.185.126 port 42387 ssh2
Mar  7 18:36:06 localhost sshd[2646]: Failed password for root from 221.0.185.126 port 42573 ssh2
Mar  7 18:36:09 localhost sshd[2646]: Failed password for root from 221.0.185.126 port 42573 ssh2
Mar  7 18:36:33 localhost sshd[2650]: Failed password for root from 221.0.185.126 port 42771 ssh2
Mar  7 18:36:35 localhost sshd[2650]: Failed password for root from 221.0.185.126 port 42771 ssh2
Mar  7 18:36:56 localhost sshd[2653]: Failed password for root from 221.0.185.126 port 42953 ssh2
Mar  7 18:36:59 localhost sshd[2653]: Failed password for root from 221.0.185.126 port 42953 ssh2
Mar  7 18:37:21 localhost sshd[2657]: Failed password for root from 221.0.185.126 port 43140 ssh2
Mar  7 18:37:24 localhost sshd[2657]: Failed password for root from 221.0.185.126 port 43140 ssh2
Mar  7 18:37:47 localhost sshd[2661]: Failed password for root from 221.0.185.126 port 43330 ssh2
Mar  7 18:37:50 localhost sshd[2661]: Failed password for root from 221.0.185.126 port 43330 ssh2
Mar  7 18:38:13 localhost sshd[2664]: Failed password for root from 221.0.185.126 port 43526 ssh2
Mar  7 18:38:16 localhost sshd[2664]: Failed password for root from 221.0.185.126 port 43526 ssh2
Mar  7 18:38:37 localhost sshd[2668]: Failed password for root from 221.0.185.126 port 43709 ssh2
Mar  7 18:38:40 localhost sshd[2668]: Failed password for root from 221.0.185.126 port 43709 ssh2
Mar  7 18:39:03 localhost sshd[2672]: Failed password for root from 221.0.185.126 port 43902 ssh2
Mar  7 18:39:06 localhost sshd[2672]: Failed password for root from 221.0.185.126 port 43902 ssh2
Mar  7 18:39:28 localhost sshd[2675]: Failed password for root from 221.0.185.126 port 44085 ssh2
Mar  7 18:39:30 localhost sshd[2675]: Failed password for root from 221.0.185.126 port 44085 ssh2
Mar  7 18:39:53 localhost sshd[2679]: Failed password for root from 221.0.185.126 port 44275 ssh2
Mar  7 18:39:56 localhost sshd[2679]: Failed password for root from 221.0.185.126 port 44275 ssh2
Mar  7 18:40:18 localhost sshd[2685]: Failed password for root from 221.0.185.126 port 44465 ssh2
Mar  7 18:40:21 localhost sshd[2685]: Failed password for root from 221.0.185.126 port 44465 ssh2
Mar  7 18:40:45 localhost sshd[2689]: Failed password for root from 221.0.185.126 port 44675 ssh2
Mar  7 18:40:48 localhost sshd[2689]: Failed password for root from 221.0.185.126 port 44675 ssh2
Mar  7 18:41:08 localhost sshd[2692]: Failed password for root from 221.0.185.126 port 44841 ssh2
Mar  7 18:41:11 localhost sshd[2692]: Failed password for root from 221.0.185.126 port 44841 ssh2
Mar  7 18:41:27 localhost sshd[2695]: Failed password for root from 221.0.185.126 port 44979 ssh2
Mar  7 18:41:29 localhost sshd[2695]: Failed password for root from 221.0.185.126 port 44979 ssh2
Mar  7 19:49:22 localhost sshd[3006]: Accepted password for Hydraulix from 209.135.35.83 port 59192 ssh2
Mar  7 20:44:09 localhost sshd[3455]: Did not receive identification string from 69.60.114.220
Mar  7 20:54:10 localhost sshd[3501]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:54:12 localhost sshd[3501]: Failed password for root from 69.60.114.220 port 33703 ssh2
Mar  7 20:54:14 localhost sshd[3503]: Invalid user test from 69.60.114.220
Mar  7 20:54:14 localhost sshd[3503]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:54:16 localhost sshd[3503]: Failed password for invalid user test from 69.60.114.220 port 34814 ssh2
Mar  7 20:54:17 localhost sshd[3505]: Invalid user test from 69.60.114.220
Mar  7 20:54:17 localhost sshd[3505]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:54:20 localhost sshd[3505]: Failed password for invalid user test from 69.60.114.220 port 35775 ssh2
Mar  7 20:54:24 localhost sshd[3508]: Invalid user test from 69.60.114.220
Mar  7 20:54:24 localhost sshd[3508]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:54:26 localhost sshd[3508]: Failed password for invalid user test from 69.60.114.220 port 37428 ssh2
Mar  7 20:54:28 localhost sshd[3510]: Invalid user test from 69.60.114.220
Mar  7 20:54:28 localhost sshd[3510]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:54:30 localhost sshd[3510]: Failed password for invalid user test from 69.60.114.220 port 38513 ssh2
Mar  7 20:54:32 localhost sshd[3512]: Invalid user guest from 69.60.114.220
Mar  7 20:54:32 localhost sshd[3512]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:54:34 localhost sshd[3512]: Failed password for invalid user guest from 69.60.114.220 port 39540 ssh2
Mar  7 20:54:40 localhost sshd[3515]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:54:42 localhost sshd[3515]: Failed password for nobody from 69.60.114.220 port 41032 ssh2
Mar  7 20:54:44 localhost sshd[3517]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:54:46 localhost sshd[3517]: Failed password for apache from 69.60.114.220 port 42621 ssh2
Mar  7 20:54:52 localhost sshd[3520]: Invalid user prova from 69.60.114.220
Mar  7 20:54:52 localhost sshd[3520]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:54:54 localhost sshd[3520]: Failed password for invalid user prova from 69.60.114.220 port 43751 ssh2
Mar  7 20:54:59 localhost sshd[3522]: Invalid user prueba from 69.60.114.220
Mar  7 20:54:59 localhost sshd[3522]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:55:02 localhost sshd[3522]: Failed password for invalid user prueba from 69.60.114.220 port 45813 ssh2
Mar  7 20:55:03 localhost sshd[3527]: Invalid user proba from 69.60.114.220
Mar  7 20:55:03 localhost sshd[3527]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:55:05 localhost sshd[3527]: Failed password for invalid user proba from 69.60.114.220 port 47471 ssh2
Mar  7 20:55:06 localhost sshd[3529]: Invalid user try from 69.60.114.220
Mar  7 20:55:07 localhost sshd[3529]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:55:09 localhost sshd[3529]: Failed password for invalid user try from 69.60.114.220 port 48405 ssh2
Mar  7 20:55:10 localhost sshd[3531]: Invalid user new from 69.60.114.220
Mar  7 20:55:10 localhost sshd[3531]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:55:12 localhost sshd[3531]: Failed password for invalid user new from 69.60.114.220 port 49300 ssh2
Mar  7 20:55:21 localhost sshd[3533]: Invalid user www from 69.60.114.220
Mar  7 20:55:21 localhost sshd[3533]: reverse mapping checking getaddrinfo for 220-114-60-69.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!
Mar  7 20:55:24 localhost sshd[3533]: Failed password for invalid user www from 69.60.114.220 port 50804 ssh2
Mar  8 01:58:24 localhost sshd[5514]: Accepted password for Hydraulix from 209.135.35.83 port 32051 ssh2
Mar  8 01:59:07 localhost sshd[1695]: Received signal 15; terminating.
Mar  8 02:02:04 localhost sshd[1695]: Server listening on :: port 22.
Mar  8 02:02:04 localhost sshd[1695]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Mar  8 02:02:51 localhost sshd[2171]: Accepted password for Hydraulix from 209.135.35.83 port 32850 ssh2
Mar  8 04:43:01 localhost sshd[30256]: Accepted password for Hydraulix from 209.135.35.83 port 30838 ssh2


_________________
It is the fate of operating systems to become free.
- Neal Stephenson
Back to top
View user's profile Send private message
brims
Guru
Guru


Joined: 19 Apr 2004
Posts: 492
Location: Arizona
PostPosted: Wed Mar 08, 2006 11:33 am    Post subject: Reply with quote
It's just some cracked win box in Indonesia or North Korea or something. I used to get that all the time. I setup iptables to only allow one trusted IP access to my network remotely, I put AllowUsers in /etc/ssh/sshd_config and my only legitamite username. Or you could install denyhosts and block IPs based on their failed attempts to connect.
_________________
Adopt an Unanswered Post
Report violations, duplicates, misplaced, etc
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy