Date: Sun, 01 Oct 2017 11:18:14 -0400 From: Ernie Luzar <luzar722@gmail.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: help - under attack Message-ID: <59D10736.2070504@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello list; Installed 11.1 from scratch and after about 2-3 weeks I finally got around to inspecting the /var/logs. I have never seen the auth.log file roll over before, so this peaked my interest. It was full of failed login attempts. My firewall blocks all inbound traffic, so I am very baffled be what I see in the log. Any suggestions on how this can be happening? Sep 29 03:09:14 fbsd sshd[33675]: Connection closed by 149.202.179.216 port 48876 [preauth] Sep 29 03:23:27 fbsd sshd[33709]: Connection closed by 149.202.179.216 port 37641 [preauth] Sep 29 03:37:19 fbsd sshd[33732]: Connection closed by 149.202.179.216 port 51083 [preauth] Sep 29 03:51:35 fbsd sshd[33897]: Connection closed by 149.202.179.216 port 42178 [preauth] Sep 29 04:06:12 fbsd sshd[33935]: Connection closed by 149.202.179.216 port 40065 [preauth] Sep 29 04:20:57 fbsd sshd[33957]: Connection closed by 149.202.179.216 port 51644 [preauth] Sep 29 04:35:13 fbsd sshd[33993]: Connection closed by 149.202.179.216 port 55964 [preauth] Sep 29 04:49:36 fbsd sshd[34012]: Connection closed by 149.202.179.216 port 33713 [preauth] Sep 29 05:03:20 fbsd sshd[34050]: Connection closed by 149.202.179.216 port 48110 [preauth] snip Oct 1 00:04:31 fbsd sshd[48041]: input_userauth_request: invalid user virus [preauth] Oct 1 00:04:31 fbsd sshd[48041]: Connection closed by 149.202.179.216 port 50713 [preauth] Oct 1 00:14:11 fbsd sshd[48060]: Invalid user vmail from 149.202.179.216 Oct 1 00:14:11 fbsd sshd[48060]: input_userauth_request: invalid user vmail [preauth] Oct 1 00:14:11 fbsd sshd[48060]: Connection closed by 149.202.179.216 port 36514 [preauth] Oct 1 00:23:36 fbsd sshd[48079]: Invalid user vmail from 149.202.179.216 Oct 1 00:23:36 fbsd sshd[48079]: input_userauth_request: invalid user vmail [preauth] Oct 1 00:23:36 fbsd sshd[48079]: Connection closed by 149.202.179.216 port 49458 [preauth] Oct 1 00:32:05 fbsd sshd[48087]: Invalid user vnc from 149.202.179.216 Oct 1 00:32:05 fbsd sshd[48087]: input_userauth_request: invalid user vnc [preauth] Oct 1 00:32:05 fbsd sshd[48087]: Connection closed by 149.202.179.216 port 52451 [preauth] Oct 1 00:40:24 fbsd sshd[48106]: Invalid user vnc from 149.202.179.216 Oct 1 00:40:24 fbsd sshd[48106]: input_userauth_request: invalid user vnc [preauth] Oct 1 00:40:24 fbsd sshd[48106]: Connection closed by 149.202.179.216 port 59811 [preauth] Oct 1 00:48:39 fbsd sshd[48123]: Invalid user vnc from 149.202.179.216 Oct 1 00:48:39 fbsd sshd[48123]: input_userauth_request: invalid user vnc [preauth] Oct 1 00:48:40 fbsd sshd[48123]: Connection closed by 149.202.179.216 port 35215 [preauth] Oct 1 00:56:41 fbsd sshd[48143]: Invalid user voip from 149.202.179.216 Oct 1 00:56:41 fbsd sshd[48143]: input_userauth_request: invalid user voip [preauth] Oct 1 00:56:41 fbsd sshd[48143]: Connection closed by 149.202.179.216 port 49147 [preauth]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?59D10736.2070504>