Re: attempt to login as root?
David Purton wrote:
Hi all, just looking for some advice.
I just noticed a stack of failed attempts to ssh into my box as root
over the last half an hour or so. I've now blocked the offending ip
address, so hopefully they'll go away. Is there anything else I
can/should do? Is it worth complaining to the owner of the subnet?
Can't hurt. I would.
Cops too.
I don't allow root to log in directly over ssh anyway, so what would a
person gain from trying to do this?
Your box.
cheers
dc
Here's the the bits of /var/log/auth.log
Jul 26 09:40:20 vetinari PAM_unix[28059]: authentication failure; (uid=0) -> root for ssh service
Jul 26 09:40:22 vetinari sshd[28059]: Failed password for root from 156.63.113.108 port 54515 ssh2
summer@Dolphin:~$ whois 156.63.113.108
State of Ohio Network STATE-OHIO (NET-156-63-0-0-1)
156.63.0.0 - 156.63.255.255
Lakeshore Northeast Ohio Computer Association OH-156-63-113-0-24
(NET-156-63-113-0-1)
156.63.113.0 - 156.63.113.255
# ARIN WHOIS database, last updated 2004-07-24 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
In the words of Arlo Guthrie
Kill! Kill! KILL! KILL! _KILL!_ etc.
Jul 26 09:40:25 vetinari PAM_unix[28061]: authentication failure; (uid=0) -> root for ssh service
Jul 26 09:40:28 vetinari sshd[28061]: Failed password for root from 156.63.113.108 port 54638 ssh2
Jul 26 09:40:31 vetinari PAM_unix[28063]: authentication failure; (uid=0) -> root for ssh service
Jul 26 09:40:33 vetinari sshd[28063]: Failed password for root from 156.63.113.108 port 54883 ssh2
Jul 26 09:50:08 vetinari PAM_unix[28102]: authentication failure; (uid=0) -> root for ssh service
Jul 26 09:50:10 vetinari sshd[28102]: Failed password for root from 156.63.113.108 port 47511 ssh2
Jul 26 09:50:13 vetinari PAM_unix[28104]: authentication failure; (uid=0) -> root for ssh service
Jul 26 09:50:16 vetinari sshd[28104]: Failed password for root from 156.63.113.108 port 47623 ssh2
Jul 26 09:50:19 vetinari PAM_unix[28106]: authentication failure; (uid=0) -> root for ssh service
Jul 26 09:50:22 vetinari sshd[28106]: Failed password for root from 156.63.113.108 port 47838 ssh2
Jul 26 09:56:26 vetinari PAM_unix[28140]: authentication failure; (uid=0) -> root for ssh service
Jul 26 09:56:28 vetinari sshd[28140]: Failed password for root from 156.63.113.108 port 57815 ssh2
Jul 26 09:56:32 vetinari PAM_unix[28142]: authentication failure; (uid=0) -> root for ssh service
Jul 26 09:56:34 vetinari sshd[28142]: Failed password for root from 156.63.113.108 port 58004 ssh2
Jul 26 09:56:38 vetinari PAM_unix[28150]: authentication failure; (uid=0) -> root for ssh service
Jul 26 09:56:40 vetinari sshd[28150]: Failed password for root from 156.63.113.108 port 58186 ssh2
Jul 26 10:01:58 vetinari PAM_unix[28197]: authentication failure; (uid=0) -> root for ssh service
Jul 26 10:02:01 vetinari sshd[28197]: Failed password for root from 156.63.113.108 port 38701 ssh2
Jul 26 10:07:10 vetinari PAM_unix[28624]: authentication failure; (uid=0) -> root for ssh service
Jul 26 10:07:12 vetinari sshd[28624]: Failed password for root from 156.63.113.108 port 47086 ssh2
Jul 26 10:07:15 vetinari PAM_unix[28626]: authentication failure; (uid=0) -> root for ssh service
Jul 26 10:07:17 vetinari sshd[28626]: Failed password for root from 156.63.113.108 port 47194 ssh2
Jul 26 10:07:21 vetinari PAM_unix[28628]: authentication failure; (uid=0) -> root for ssh service
Jul 26 10:07:23 vetinari sshd[28628]: Failed password for root from 156.63.113.108 port 47397 ssh2
--
Cheers
John
-- spambait
1aaaaaaa@computerdatasafe.com.au Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
Reply to: