From owner-freebsd-questions@freebsd.org Wed Mar 7 09:08:26 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE6CBF3CF3D for ; Wed, 7 Mar 2018 09:08:25 +0000 (UTC) (envelope-from felixphew0@gmail.com) Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 84E6C6801C for ; Wed, 7 Mar 2018 09:08:25 +0000 (UTC) (envelope-from felixphew0@gmail.com) Received: by mail-io0-x243.google.com with SMTP id e30so2251280ioc.3 for ; Wed, 07 Mar 2018 01:08:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=GqU06aHAs8iwcPdwX1+BxOopighOM2WCBhrd56NKXbo=; b=TAaupU6p/uoB4lJiQBjltl8cegBeT8gvkJL5XZDrU47dpuzUYxyqd7FysNm1b+IaDz zsmUFWCK+h6BxpSjQS6JWPGXjiQiaOqJHQQrsU9OF+LK1DNMXx0sjmQhiQfOZFywbdEg j/OCk0czMEBM4EaobgJ9xAjIhcGxILcvmYdRVVDuAQlOyx2fwIxqlvZ474uEpsG3G3z6 X4Is9SNOQT2KDj+/HePEIfObapjsXXtiUtbvuGsI0CoZWM6yq/GHaXqdnO6smfKR63ky 3YCrjdaaymPL9qYqHvrXXvv6SQqgOlKUV1ALOxv6bUPHb6FpJkvVntLrmcOHHA04bYYn C8zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=GqU06aHAs8iwcPdwX1+BxOopighOM2WCBhrd56NKXbo=; b=qqY855m5vDPI31QR4+4QPN/IctZ1OjYvg6bKA0hEPT62GEH4ospiwIItusP8PtDq8U isbNlezh42W7XEvdkTzqkd1i842Q1CCq1ZzYzf+6yvDdjbzUzZgJhh3cN3+bLlPtNMpr JmzpWM2gxjueuRCyEJpb/SKvsghkzOkAqONTEi/+EqfNgIzySKrmM4JQAHkZRFwU29sr 51wWXi2RRVoqdRiX0Nv+rHUHNaOnOTIcH7+bSSDE4HzuplDGkX85miFXQxHsSGJk7Rf/ N+5I+bDc2T/HXrb/g7hDFYOW1Oo+q1dyyuAZQkxH0OVnCckbcE0ajtuAupvkKv9MiNst /5xw== X-Gm-Message-State: AElRT7G/UpyBSpzzT08fsTjc636T1r5sq0vwMU7d7sLbZC+MPyOmDSo1 xVKNssiuI8jdq8+9xV0ry0puekdo X-Google-Smtp-Source: AG47ELvBMndZR9w+uY7eP1IxMmDW8ilSf/lq142lminocBkYEpKcEupF2+EB7N53zvZV+MIzsnISwA== X-Received: by 10.107.7.153 with SMTP id g25mr24952529ioi.271.1520413704468; Wed, 07 Mar 2018 01:08:24 -0800 (PST) Received: from [10.20.71.73] (BnG-nat-02.anu.edu.au. [130.56.207.2]) by smtp.gmail.com with ESMTPSA id x186sm8461907itb.6.2018.03.07.01.08.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Mar 2018 01:08:24 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: Increased abuse activity on my server From: Felix Friedlander In-Reply-To: <20180307071944.GA30971@ymer.bara1.se> Date: Wed, 7 Mar 2018 20:08:19 +1100 Cc: freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20180307071944.GA30971@ymer.bara1.se> To: User Hasse X-Mailer: Apple Mail (2.3445.5.20) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 09:08:26 -0000 > On 7 Mar 2018, at 6:19 pm, User Hasse wrote: >=20 > Hello All > I belive I see an increased amount of abuse attempt on my server by = several 100% > in the last couple of months. Anybody else noticed ? >=20 > all the best > Geir Svalland > ------------------------- > ymer.bara1.se login failures: > Mar 5 00:07:35 ymer sshd[3394]: Invalid user postgres from = 41.138.51.69 > Mar 5 00:07:35 ymer sshd[3394]: input_userauth_request: invalid user = postgres [preauth] > Mar 5 00:12:12 ymer sshd[3419]: Invalid user ubnt from 31.30.120.136 > Mar 5 00:12:12 ymer sshd[3419]: input_userauth_request: invalid user = ubnt [preauth] > Mar 5 00:43:20 ymer sshd[3488]: Invalid user zabbix from = 202.129.16.124 > Mar 5 00:43:20 ymer sshd[3488]: input_userauth_request: invalid user = zabbix [preauth] > Mar 5 00:55:48 ymer sshd[3532]: reverse mapping checking getaddrinfo = for c62.15.comtelnet.pl [176.115.15.62] failed - POSSIBLE BREAK-IN = ATTEMPT! > Mar 5 00:55:48 ymer sshd[3532]: Invalid user oracle from = 176.115.15.62 > Mar 5 00:55:48 ymer sshd[3532]: input_userauth_request: invalid user = oracle [preauth] > Mar 5 01:14:21 ymer sshd[3572]: Invalid user zabbix from = 185.173.226.39 > Mar 5 01:14:21 ymer sshd[3572]: input_userauth_request: invalid user = zabbix [preauth] > Mar 5 01:26:45 ymer sshd[3605]: Invalid user admin from 39.109.10.138 > Mar 5 01:26:45 ymer sshd[3605]: input_userauth_request: invalid user = admin [preauth] > Mar 5 02:02:07 ymer sshd[3687]: reverse mapping checking getaddrinfo = for static-ip-181500122237.cable.net.co [181.50.122.237] failed - = POSSIBLE BREAK-IN ATTEMPT! > Mar 5 02:02:07 ymer sshd[3687]: Invalid user admin from = 181.50.122.237 > Mar 5 02:02:07 ymer sshd[3687]: input_userauth_request: invalid user = admin [preauth] > Mar 5 02:40:45 ymer sshd[3766]: Invalid user oracle from = 123.207.237.12 > Mar 5 02:40:45 ymer sshd[3766]: input_userauth_request: invalid user = oracle [preauth] > Mar 5 02:41:19 ymer sshd[3769]: Invalid user vmuser from = 207.107.67.114 > Mar 5 02:41:19 ymer sshd[3769]: input_userauth_request: invalid user = vmuser [preauth] > Mar 5 03:17:13 ymer sshd[4180]: Invalid user cacti from 190.97.60.94 > Mar 5 03:17:13 ymer sshd[4180]: input_userauth_request: invalid user = cacti [preauth] > Mar 5 03:50:14 ymer sshd[4254]: Invalid user ftptest from = 218.201.250.77 > Mar 5 03:50:14 ymer sshd[4254]: input_userauth_request: invalid user = ftptest [preauth] > Mar 5 04:09:23 ymer sshd[4296]: Invalid user celia from = 180.76.140.116 > Mar 5 04:09:23 ymer sshd[4296]: input_userauth_request: invalid user = celia [preauth] > Mar 5 04:10:27 ymer sshd[4304]: Invalid user ftp_user from = 125.212.249.115 > Mar 5 04:10:27 ymer sshd[4304]: input_userauth_request: invalid user = ftp_user [preauth] > Mar 5 04:11:02 ymer sshd[4319]: Invalid user oracle1 from = 13.59.239.183 > Mar 5 04:11:02 ymer sshd[4319]: input_userauth_request: invalid user = oracle1 [preauth] > Mar 5 05:08:15 ymer sshd[4459]: Invalid user nagios from = 128.199.91.171 > Mar 5 05:08:15 ymer sshd[4459]: input_userauth_request: invalid user = nagios [preauth] > Mar 5 05:10:11 ymer sshd[4464]: Invalid user mia from 218.201.250.77 > Mar 5 05:10:11 ymer sshd[4464]: input_userauth_request: invalid user = mia [preauth] > Mar 5 05:46:22 ymer sshd[4550]: reverse mapping checking getaddrinfo = for broadband.actcorp.in [183.82.0.15] failed - POSSIBLE BREAK-IN = ATTEMPT! > Mar 5 05:46:22 ymer sshd[4550]: Invalid user applmgr from 183.82.0.15 > Mar 5 05:46:22 ymer sshd[4550]: input_userauth_request: invalid user = applmgr [preauth] > Mar 5 05:48:43 ymer sshd[4553]: reverse mapping checking getaddrinfo = for 38.102.112.112.broad.km.yn.dynamic.163data.com.cn [112.112.102.38] = failed - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 05:48:43 ymer sshd[4553]: Invalid user admin from = 112.112.102.38 > Mar 5 05:48:43 ymer sshd[4553]: input_userauth_request: invalid user = admin [preauth] > Mar 5 05:54:02 ymer sshd[4558]: Invalid user ftpuser from = 103.26.14.92 > Mar 5 05:54:02 ymer sshd[4558]: input_userauth_request: invalid user = ftpuser [preauth] > Mar 5 05:56:19 ymer sshd[4575]: reverse mapping checking getaddrinfo = for mail.jntukelearn.in [49.156.148.212] failed - POSSIBLE BREAK-IN = ATTEMPT! > Mar 5 05:56:19 ymer sshd[4575]: Invalid user manager from = 49.156.148.212 > Mar 5 05:56:19 ymer sshd[4575]: input_userauth_request: invalid user = manager [preauth] > Mar 5 06:07:01 ymer sshd[4845]: Invalid user test6 from 185.13.36.208 > Mar 5 06:07:01 ymer sshd[4845]: input_userauth_request: invalid user = test6 [preauth] > Mar 5 06:36:44 ymer sshd[4909]: reverse mapping checking getaddrinfo = for 133.subnet180-250-210.astinet.telkom.net.id [180.250.210.133] failed = - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 06:36:44 ymer sshd[4909]: Invalid user admin from = 180.250.210.133 > Mar 5 06:36:44 ymer sshd[4909]: input_userauth_request: invalid user = admin [preauth] > Mar 5 07:02:22 ymer sshd[7417]: Invalid user user from = 103.229.176.187 > Mar 5 07:02:22 ymer sshd[7417]: input_userauth_request: invalid user = user [preauth] > Mar 5 07:26:31 ymer sshd[7455]: Invalid user gnats from = 139.217.202.77 > Mar 5 07:26:31 ymer sshd[7455]: input_userauth_request: invalid user = gnats [preauth] > Mar 5 07:27:00 ymer sshd[7458]: Invalid user tomcat from = 60.250.168.200 > Mar 5 07:27:00 ymer sshd[7458]: input_userauth_request: invalid user = tomcat [preauth] > Mar 5 07:34:14 ymer sshd[7486]: Invalid user max from 125.212.233.81 > Mar 5 07:34:14 ymer sshd[7486]: input_userauth_request: invalid user = max [preauth] > Mar 5 07:34:14 ymer sshd[7486]: input_userauth_request: invalid user = max [preauth] > Mar 5 07:57:56 ymer sshd[7528]: Invalid user cvsuser from = 112.171.152.12 > Mar 5 07:57:56 ymer sshd[7528]: input_userauth_request: invalid user = cvsuser [preauth] > Mar 5 08:05:21 ymer sshd[7555]: Invalid user admin from 46.105.121.42 > Mar 5 08:05:21 ymer sshd[7555]: input_userauth_request: invalid user = admin [preauth] > Mar 5 08:07:46 ymer sshd[7560]: Invalid user jboss from = 187.162.208.209 > Mar 5 08:07:46 ymer sshd[7560]: input_userauth_request: invalid user = jboss [preauth] > Mar 5 08:08:54 ymer sshd[7567]: Invalid user jboss from = 46.101.198.164 > Mar 5 08:08:54 ymer sshd[7567]: input_userauth_request: invalid user = jboss [preauth] > Mar 5 08:36:41 ymer sshd[7660]: reverse mapping checking getaddrinfo = for static.customer-201-147-183-55.uninet-ide.com.mx [201.147.183.55] = failed - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 08:36:41 ymer sshd[7660]: Invalid user alex from 201.147.183.55 > Mar 5 08:36:41 ymer sshd[7660]: input_userauth_request: invalid user = alex [preauth] > Mar 5 08:49:08 ymer sshd[7690]: reverse mapping checking getaddrinfo = for host-156.195.34.241-static.tedata.net [156.195.241.34] failed - = POSSIBLE BREAK-IN ATTEMPT! > Mar 5 08:49:08 ymer sshd[7690]: Invalid user admin from = 156.195.241.34 > Mar 5 08:49:08 ymer sshd[7690]: input_userauth_request: invalid user = admin [preauth] > Mar 5 08:49:08 ymer sshd[7688]: Invalid user admin from = 180.251.50.186 > Mar 5 08:49:08 ymer sshd[7688]: input_userauth_request: invalid user = admin [preauth] > Mar 5 08:49:23 ymer sshd[7694]: Invalid user admin from = 171.229.253.137 > Mar 5 08:49:23 ymer sshd[7694]: input_userauth_request: invalid user = admin [preauth] > Mar 5 09:10:45 ymer sshd[7750]: Invalid user informix from = 178.32.17.209 > Mar 5 09:10:45 ymer sshd[7750]: input_userauth_request: invalid user = informix [preauth] > Mar 5 09:19:37 ymer sshd[7775]: Invalid user admin from = 78.149.116.204 > Mar 5 09:19:37 ymer sshd[7775]: input_userauth_request: invalid user = admin [preauth] > Mar 5 09:25:55 ymer sshd[7800]: Invalid user backuppc from = 171.244.34.34 > Mar 5 09:25:55 ymer sshd[7800]: input_userauth_request: invalid user = backuppc [preauth] > Mar 5 09:27:17 ymer sshd[7805]: Invalid user midgear from = 125.212.228.165 > Mar 5 09:27:17 ymer sshd[7805]: input_userauth_request: invalid user = midgear [preauth] > Mar 5 09:56:26 ymer sshd[7862]: Invalid user ftp_user from = 182.61.108.55 > Mar 5 09:56:26 ymer sshd[7862]: input_userauth_request: invalid user = ftp_user [preauth] > Mar 5 09:59:10 ymer sshd[7870]: Invalid user admin from = 110.10.189.182 > Mar 5 09:59:10 ymer sshd[7870]: input_userauth_request: invalid user = admin [preauth] > Mar 5 10:20:38 ymer sshd[7923]: Invalid user oracle from = 193.70.85.206 > Mar 5 10:20:38 ymer sshd[7923]: input_userauth_request: invalid user = oracle [preauth] > Mar 5 10:25:47 ymer sshd[7946]: Invalid user admin from = 111.230.100.145 > Mar 5 10:25:47 ymer sshd[7946]: input_userauth_request: invalid user = admin [preauth] > Mar 5 11:54:32 ymer sshd[8110]: Invalid user applmgr from = 202.54.249.131 > Mar 5 11:54:32 ymer sshd[8110]: input_userauth_request: invalid user = applmgr [preauth] > Mar 5 12:22:57 ymer sshd[8189]: Invalid user michael from = 138.197.79.125 > Mar 5 12:22:57 ymer sshd[8189]: input_userauth_request: invalid user = michael [preauth] > Mar 5 12:45:54 ymer sshd[8249]: Invalid user zimbra from = 38.108.53.157 > Mar 5 12:45:54 ymer sshd[8249]: input_userauth_request: invalid user = zimbra [preauth] > Mar 5 13:26:42 ymer sshd[8342]: Invalid user manu from 61.178.220.148 > Mar 5 13:26:42 ymer sshd[8342]: input_userauth_request: invalid user = manu [preauth] > Mar 5 14:21:45 ymer sshd[8459]: Invalid user cacti from = 124.124.99.216 > Mar 5 14:21:45 ymer sshd[8459]: input_userauth_request: invalid user = cacti [preauth] > Mar 5 14:33:28 ymer sshd[8500]: reverse mapping checking getaddrinfo = for strelnikoveugene.fvds.ru [82.146.62.2] failed - POSSIBLE BREAK-IN = ATTEMPT! > Mar 5 14:33:28 ymer sshd[8500]: Invalid user squid from 82.146.62.2 > Mar 5 14:33:28 ymer sshd[8500]: input_userauth_request: invalid user = squid [preauth] > Mar 5 14:37:30 ymer sshd[8505]: Invalid user oracle from = 125.212.233.81 > Mar 5 14:37:30 ymer sshd[8505]: input_userauth_request: invalid user = oracle [preauth] > Mar 5 14:52:35 ymer sshd[8531]: reverse mapping checking getaddrinfo = for host251.181-111-193.telecom.net.ar [181.111.193.251] failed - = POSSIBLE BREAK-IN ATTEMPT! > Mar 5 14:52:35 ymer sshd[8531]: Invalid user admin from = 181.111.193.251 > Mar 5 14:52:35 ymer sshd[8531]: input_userauth_request: invalid user = admin [preauth] > Mar 5 15:34:12 ymer sshd[8624]: Invalid user kodi from 35.194.242.249 > Mar 5 15:34:12 ymer sshd[8624]: input_userauth_request: invalid user = kodi [preauth] > Mar 5 15:51:04 ymer sshd[8649]: Invalid user setup from 103.26.14.92 > Mar 5 15:51:04 ymer sshd[8649]: input_userauth_request: invalid user = setup [preauth] > Mar 5 16:22:17 ymer sshd[8738]: Invalid user pi from 78.129.204.130 > Mar 5 16:22:17 ymer sshd[8738]: input_userauth_request: invalid user = pi [preauth] > Mar 5 16:22:17 ymer sshd[8738]: input_userauth_request: invalid user = pi [preauth] > Mar 5 16:55:47 ymer sshd[8828]: reverse mapping checking getaddrinfo = for 203-154-158-250.inter.net.th [203.154.158.250] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 16:55:47 ymer sshd[8828]: Invalid user admin from = 203.154.158.250 > Mar 5 16:55:47 ymer sshd[8828]: input_userauth_request: invalid user = admin [preauth] > Mar 5 17:21:40 ymer sshd[8874]: Invalid user allen from 61.6.165.220 > Mar 5 17:21:40 ymer sshd[8874]: input_userauth_request: invalid user = allen [preauth] > Mar 5 17:38:11 ymer sshd[8914]: reverse mapping checking getaddrinfo = for 212.224.88.142.living-bots.net [212.224.88.142] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 17:38:11 ymer sshd[8914]: Invalid user postgres from = 212.224.88.142 > Mar 5 17:38:11 ymer sshd[8914]: input_userauth_request: invalid user = postgres [preauth] > Mar 5 17:43:12 ymer sshd[8919]: Invalid user usuario from = 166.62.39.220 > Mar 5 17:43:12 ymer sshd[8919]: input_userauth_request: invalid user = usuario [preauth] > Mar 5 18:02:29 ymer sshd[8970]: Invalid user oracle from = 128.199.131.118 > Mar 5 18:02:29 ymer sshd[8970]: input_userauth_request: invalid user = oracle [preauth] > Mar 5 18:24:13 ymer sshd[9020]: Invalid user arkserver from = 61.6.165.220 > Mar 5 18:24:13 ymer sshd[9020]: input_userauth_request: invalid user = arkserver [preauth] > Mar 5 18:25:15 ymer sshd[9025]: Invalid user dbuser from 88.26.245.85 > Mar 5 18:25:15 ymer sshd[9025]: input_userauth_request: invalid user = dbuser [preauth] > Mar 5 18:36:07 ymer sshd[9048]: Invalid user osmc from 78.129.204.130 > Mar 5 18:36:07 ymer sshd[9048]: input_userauth_request: invalid user = osmc [preauth] > Mar 5 18:41:58 ymer sshd[9057]: Invalid user fabiof from 110.34.24.24 > Mar 5 18:41:58 ymer sshd[9059]: Invalid user fabiof from 110.34.24.24 > Mar 5 18:41:58 ymer sshd[9057]: input_userauth_request: invalid user = fabiof [preauth] > Mar 5 18:41:58 ymer sshd[9059]: input_userauth_request: invalid user = fabiof [preauth] > Mar 5 18:51:06 ymer sshd[9080]: reverse mapping checking getaddrinfo = for static.customer-201-147-183-55.uninet-ide.com.mx [201.147.183.55] = failed - POSSIBLE BREAK-IN ATTEMPT! > Mar 5 18:51:06 ymer sshd[9080]: Invalid user t7inst from = 201.147.183.55 > Mar 5 18:51:06 ymer sshd[9080]: input_userauth_request: invalid user = t7inst [preauth] > Mar 5 18:51:52 ymer sshd[9083]: Invalid user pos from 150.217.141.198 > Mar 5 18:51:52 ymer sshd[9083]: input_userauth_request: invalid user = pos [preauth] > Mar 5 19:59:31 ymer sshd[9218]: Invalid user cvsuser from = 128.199.91.171 > Mar 5 19:59:31 ymer sshd[9218]: input_userauth_request: invalid user = cvsuser [preauth] > Mar 5 20:02:44 ymer sshd[9238]: Invalid user ftp_user from = 36.66.164.143 > Mar 5 20:02:44 ymer sshd[9238]: input_userauth_request: invalid user = ftp_user [preauth] > Mar 5 20:08:14 ymer sshd[9246]: Invalid user admin from 183.6.159.187 > Mar 5 20:08:14 ymer sshd[9246]: input_userauth_request: invalid user = admin [preauth] > Mar 5 20:37:43 ymer sshd[9337]: Invalid user clinton from = 201.23.109.210 > Mar 5 20:37:43 ymer sshd[9337]: input_userauth_request: invalid user = clinton [preauth] > Mar 5 20:55:23 ymer sshd[9383]: Invalid user proba from = 103.200.22.113 > Mar 5 20:55:23 ymer sshd[9383]: input_userauth_request: invalid user = proba [preauth] > Mar 5 20:59:13 ymer sshd[9394]: reverse mapping checking getaddrinfo = for 104-238-169-76.choopa.net [104.238.169.76] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 21:03:45 ymer sshd[9418]: Invalid user postgres from = 115.159.71.44 > Mar 5 21:03:45 ymer sshd[9418]: input_userauth_request: invalid user = postgres [preauth] > Mar 5 21:05:58 ymer sshd[9428]: Invalid user admin from 200.23.233.67 > Mar 5 21:05:58 ymer sshd[9428]: input_userauth_request: invalid user = admin [preauth] > Mar 5 21:06:02 ymer sshd[9426]: Invalid user admin from = 171.229.108.211 > Mar 5 21:06:02 ymer sshd[9426]: input_userauth_request: invalid user = admin [preauth] > Mar 5 21:06:04 ymer sshd[9431]: reverse mapping checking getaddrinfo = for host-197.34.115.50.tedata.net [197.34.115.50] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 21:06:04 ymer sshd[9431]: Invalid user admin from 197.34.115.50 > Mar 5 21:06:04 ymer sshd[9431]: input_userauth_request: invalid user = admin [preauth] > Mar 5 21:10:05 ymer sshd[9438]: Invalid user midgear from = 118.36.193.215 > Mar 5 21:10:05 ymer sshd[9438]: input_userauth_request: invalid user = midgear [preauth] > Mar 5 21:16:20 ymer sshd[9455]: Invalid user houx from 94.46.186.49 > Mar 5 21:16:20 ymer sshd[9455]: input_userauth_request: invalid user = houx [preauth] > Mar 5 21:30:14 ymer sshd[9479]: Invalid user admin from 112.6.224.2 > Mar 5 21:30:14 ymer sshd[9479]: input_userauth_request: invalid user = admin [preauth] > Mar 5 21:36:06 ymer sshd[9496]: Invalid user daniel from = 138.197.79.125 > Mar 5 21:36:06 ymer sshd[9496]: input_userauth_request: invalid user = daniel [preauth] > Mar 5 21:43:05 ymer sshd[9511]: Invalid user zabbix from 77.82.90.234 > Mar 5 21:43:05 ymer sshd[9511]: input_userauth_request: invalid user = zabbix [preauth] > Mar 5 22:13:57 ymer sshd[9603]: Invalid user administrateur from = 193.70.85.206 > Mar 5 22:13:57 ymer sshd[9603]: input_userauth_request: invalid user = administrateur [preauth] > Mar 5 22:16:20 ymer sshd[9608]: Invalid user aaron from 41.138.51.69 > Mar 5 22:16:20 ymer sshd[9608]: input_userauth_request: invalid user = aaron [preauth] > Mar 5 22:53:57 ymer sshd[9682]: Invalid user debian-spamd from = 197.230.82.115 > Mar 5 22:53:57 ymer sshd[9682]: input_userauth_request: invalid user = debian-spamd [preauth] > Mar 5 22:55:07 ymer sshd[9699]: reverse mapping checking getaddrinfo = for 51-15-12-149.rev.poneytelecom.eu [51.15.12.149] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 22:55:07 ymer sshd[9699]: Invalid user alex from 51.15.12.149 > Mar 5 22:55:07 ymer sshd[9699]: input_userauth_request: invalid user = alex [preauth] > Mar 5 23:00:25 ymer sshd[9718]: reverse mapping checking getaddrinfo = for 103.15.74.82.static-pune.hostin.in [103.15.74.82] failed - POSSIBLE = BREAK-IN ATTEMPT! > Mar 5 23:00:25 ymer sshd[9718]: Invalid user testuser from = 103.15.74.82 > Mar 5 23:00:25 ymer sshd[9718]: input_userauth_request: invalid user = testuser [preauth] > Mar 5 23:32:14 ymer sshd[9767]: reverse mapping checking getaddrinfo = for mail.jntukelearn.in [49.156.148.212] failed - POSSIBLE BREAK-IN = ATTEMPT! > Mar 5 23:32:14 ymer sshd[9767]: Invalid user oracle1 from = 49.156.148.212 > Mar 5 23:32:14 ymer sshd[9767]: input_userauth_request: invalid user = oracle1 [preauth] > Mar 5 23:49:11 ymer sshd[9806]: Invalid user ftpuser from = 46.101.198.164 > Mar 5 23:49:11 ymer sshd[9806]: input_userauth_request: invalid user = ftpuser [preauth] > Mar 5 23:54:37 ymer sshd[9814]: Invalid user yang from 203.223.42.55 > Mar 5 23:54:37 ymer sshd[9814]: input_userauth_request: invalid user = yang [preauth] Hello, This is about par for the course with internet-facing SSH. (Indeed, I = recently saw much worse on a server I was doing some work on.) Assuming your credentials are non-guessable (and ideally key-only) it = isn=E2=80=99t a huge concern, but consider firewalling so that only = trusted hosts can connect on port 22 at all. - Felix=