Date: Thu, 26 Apr 2007 08:34:38 -0400 From: Bill Moran <wmoran@potentialtech.com> To: =?ISO-8859-1?Q?"Andreas_Wider=F8e_Andersen"?= <wodfer@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: How do I prevent unauthorized ssh login attempts? Message-ID: <20070426083438.52397267.wmoran@potentialtech.com> In-Reply-To: <23ed14b80704260325w3fc06647vb114cd411625e16b@mail.gmail.com> References: <23ed14b80704260325w3fc06647vb114cd411625e16b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to "Andreas Wider=F8e Andersen" <wodfer@gmail.com>: > I'm getting a lot of unauthorized ssh login attempts. I have a pretty bas= ic > FreeBSD 6.2 setup. I have compiled my own kernel. Here's what I get from = my > daily security run output: >=20 > myserver.domain.com login failures: > Apr 25 20:00:19 myserver sshd[57810]: Invalid user staff from 65.171.74.26 > Apr 25 20:00:22 myserver sshd[57812]: Invalid user sales from 65.171.74.26 > Apr 25 20:00:24 myserver sshd[57814]: Invalid user recruit from 65.171.74= .26 > Apr 25 20:00:26 myserver sshd[57816]: Invalid user alias from 65.171.74.26 > Apr 25 20:00:28 myserver sshd[57818]: Invalid user office from 65.171.74.= 26 > Apr 25 20:00:30 myserver sshd[57820]: Invalid user samba from 65.171.74.26 > Apr 25 20:00:32 myserver sshd[57822]: Invalid user tomcat from 65.171.74.= 26 > Apr 25 20:00:34 myserver sshd[57824]: Invalid user webadmin from > 65.171.74.26 > Apr 25 20:00:36 myserver sshd[57826]: Invalid user spam from 65.171.74.26 > Apr 25 20:00:38 myserver sshd[57828]: Invalid user virus from 65.171.74.26 > Apr 25 20:00:41 myserver sshd[57830]: Invalid user cyrus from 65.171.74.26 > Apr 25 20:00:43 myserver sshd[57832]: Invalid user oracle from 65.171.74.= 26 > Apr 25 20:00:45 myserver sshd[57834]: Invalid user michael from 65.171.74= .26 > Apr 25 20:00:47 myserver sshd[57836]: Invalid user ftp from 65.171.74.26 > Apr 25 20:00:49 myserver sshd[57838]: Invalid user test from 65.171.74.26 > Apr 25 20:00:51 myserver sshd[57840]: Invalid user webmaster from > 65.171.74.26 > Apr 25 20:00:53 myserver sshd[57842]: Invalid user postmaster from > 65.171.74.26 > Apr 25 20:00:56 myserver sshd[57844]: Invalid user postfix from 65.171.74= .26 > Apr 25 20:00:57 myserver sshd[57846]: Invalid user postgres from > 65.171.74.26 > Apr 25 20:00:59 myserver sshd[57848]: Invalid user paul from 65.171.74.26 > Apr 25 20:01:04 myserver sshd[57852]: Invalid user guest from 65.171.74.26 > Apr 25 20:01:06 myserver sshd[57854]: Invalid user admin from 65.171.74.26 > Apr 25 20:01:08 myserver sshd[57856]: Invalid user linux from 65.171.74.26 > Apr 25 20:01:11 myserver sshd[57858]: Invalid user user from 65.171.74.26 > Apr 25 20:01:13 myserver sshd[57860]: Invalid user david from 65.171.74.26 >=20 > How can I stop these attempts or block them - or even recognize them? I do > not have IPF installed. One possibility: http://www.potentialtech.com/cms/node/16 --=20 Bill Moran http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070426083438.52397267.wmoran>