Site Navigation

Date:      Thu, 26 Apr 2007 08:34:38 -0400
From:      Bill Moran <wmoran@potentialtech.com>
To:        =?ISO-8859-1?Q?"Andreas_Wider=F8e_Andersen"?= <wodfer@gmail.com>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: How do I prevent unauthorized ssh login attempts?
Message-ID:  <20070426083438.52397267.wmoran@potentialtech.com>
In-Reply-To: <23ed14b80704260325w3fc06647vb114cd411625e16b@mail.gmail.com>
References:  <23ed14b80704260325w3fc06647vb114cd411625e16b@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

In response to "Andreas Wider=F8e Andersen" <wodfer@gmail.com>:

> I'm getting a lot of unauthorized ssh login attempts. I have a pretty bas=
ic
> FreeBSD 6.2 setup. I have compiled my own kernel. Here's what I get from =
my
> daily security run output:
>=20
> myserver.domain.com login failures:
> Apr 25 20:00:19 myserver sshd[57810]: Invalid user staff from 65.171.74.26
> Apr 25 20:00:22 myserver sshd[57812]: Invalid user sales from 65.171.74.26
> Apr 25 20:00:24 myserver sshd[57814]: Invalid user recruit from 65.171.74=
.26
> Apr 25 20:00:26 myserver sshd[57816]: Invalid user alias from 65.171.74.26
> Apr 25 20:00:28 myserver sshd[57818]: Invalid user office from 65.171.74.=
26
> Apr 25 20:00:30 myserver sshd[57820]: Invalid user samba from 65.171.74.26
> Apr 25 20:00:32 myserver sshd[57822]: Invalid user tomcat from 65.171.74.=
26
> Apr 25 20:00:34 myserver sshd[57824]: Invalid user webadmin from
> 65.171.74.26
> Apr 25 20:00:36 myserver sshd[57826]: Invalid user spam from 65.171.74.26
> Apr 25 20:00:38 myserver sshd[57828]: Invalid user virus from 65.171.74.26
> Apr 25 20:00:41 myserver sshd[57830]: Invalid user cyrus from 65.171.74.26
> Apr 25 20:00:43 myserver sshd[57832]: Invalid user oracle from 65.171.74.=
26
> Apr 25 20:00:45 myserver sshd[57834]: Invalid user michael from 65.171.74=
.26
> Apr 25 20:00:47 myserver sshd[57836]: Invalid user ftp from 65.171.74.26
> Apr 25 20:00:49 myserver sshd[57838]: Invalid user test from 65.171.74.26
> Apr 25 20:00:51 myserver sshd[57840]: Invalid user webmaster from
> 65.171.74.26
> Apr 25 20:00:53 myserver sshd[57842]: Invalid user postmaster from
> 65.171.74.26
> Apr 25 20:00:56 myserver sshd[57844]: Invalid user postfix from 65.171.74=
.26
> Apr 25 20:00:57 myserver sshd[57846]: Invalid user postgres from
> 65.171.74.26
> Apr 25 20:00:59 myserver sshd[57848]: Invalid user paul from 65.171.74.26
> Apr 25 20:01:04 myserver sshd[57852]: Invalid user guest from 65.171.74.26
> Apr 25 20:01:06 myserver sshd[57854]: Invalid user admin from 65.171.74.26
> Apr 25 20:01:08 myserver sshd[57856]: Invalid user linux from 65.171.74.26
> Apr 25 20:01:11 myserver sshd[57858]: Invalid user user from 65.171.74.26
> Apr 25 20:01:13 myserver sshd[57860]: Invalid user david from 65.171.74.26
>=20
> How can I stop these attempts or block them - or even recognize them? I do
> not have IPF installed.

One possibility:
http://www.potentialtech.com/cms/node/16

--=20
Bill Moran
http://www.potentialtech.com

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070426083438.52397267.wmoran>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact