It doesn't worry me because I use very strong passwords, don't allow plaintext passwords over SSH, don't allow root logins over SSH and chroot FTP users into ~/. Nobody ever actually breaks in but I'm amazed just how often I see attempts.
Today I leave a `tail -f' of /var/log/messages running and come back to find this... (not surprisingly).
Code: Select all
Jan 3 13:48:23 d11wtq sshd[14098]: Failed password for invalid user 1956 from 80.235.105.114 port 37819 ssh2
Jan 3 13:48:24 d11wtq sshd[14100]: Invalid user 1957 from 80.235.105.114
Jan 3 13:48:24 d11wtq sshd(pam_unix)[14100]: check pass; user unknown
Jan 3 13:48:24 d11wtq sshd(pam_unix)[14100]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.polytex.ee
Jan 3 13:48:26 d11wtq sshd[14100]: Failed password for invalid user 1957 from 80.235.105.114 port 38242 ssh2
Jan 3 13:48:27 d11wtq sshd[14102]: Invalid user 1958 from 80.235.105.114
Jan 3 13:48:27 d11wtq sshd(pam_unix)[14102]: check pass; user unknown
Jan 3 13:48:27 d11wtq sshd(pam_unix)[14102]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.polytex.ee
Jan 3 13:48:29 d11wtq sshd[14102]: Failed password for invalid user 1958 from 80.235.105.114 port 38679 ssh2
Jan 3 13:48:30 d11wtq sshd[14104]: Invalid user 1959 from 80.235.105.114
Jan 3 13:48:30 d11wtq sshd(pam_unix)[14104]: check pass; user unknown
Jan 3 13:48:30 d11wtq sshd(pam_unix)[14104]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.polytex.ee
Jan 3 13:48:33 d11wtq sshd[14104]: Failed password for invalid user 1959 from 80.235.105.114 port 39099 ssh2
Jan 3 13:48:33 d11wtq sshd[14106]: Invalid user 1960 from 80.235.105.114
Jan 3 13:48:33 d11wtq sshd(pam_unix)[14106]: check pass; user unknown
Jan 3 13:48:33 d11wtq sshd(pam_unix)[14106]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.polytex.ee
Jan 3 13:48:36 d11wtq sshd[14106]: Failed password for invalid user 1960 from 80.235.105.114 port 39527 ssh2
Jan 3 13:48:36 d11wtq sshd[14108]: Invalid user 1961 from 80.235.105.114
Jan 3 13:48:36 d11wtq sshd(pam_unix)[14108]: check pass; user unknown
Jan 3 13:48:36 d11wtq sshd(pam_unix)[14108]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.polytex.ee
Jan 3 13:48:39 d11wtq sshd[14108]: Failed password for invalid user 1961 from 80.235.105.114 port 39953 ssh2
Jan 3 13:48:39 d11wtq sshd[14110]: Invalid user 1962 from 80.235.105.114
Jan 3 13:48:39 d11wtq sshd(pam_unix)[14110]: check pass; user unknown
Jan 3 13:48:39 d11wtq sshd(pam_unix)[14110]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.polytex.ee
Jan 3 13:48:42 d11wtq sshd[14110]: Failed password for invalid user 1962 from 80.235.105.114 port 40328 ssh2
Jan 3 13:48:43 d11wtq sshd[14112]: Invalid user 1963 from 80.235.105.114
Jan 3 13:48:43 d11wtq sshd(pam_unix)[14112]: check pass; user unknown
Jan 3 13:48:43 d11wtq sshd(pam_unix)[14112]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.polytex.ee
Jan 3 13:48:45 d11wtq sshd[14112]: Failed password for invalid user 1963 from 80.235.105.114 port 40764 ssh2
Jan 3 13:48:46 d11wtq sshd[14114]: Invalid user 1964 from 80.235.105.114
Jan 3 13:48:46 d11wtq sshd(pam_unix)[14114]: check pass; user unknown
Jan 3 13:48:46 d11wtq sshd(pam_unix)[14114]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.polytex.ee
Jan 3 13:48:48 d11wtq sshd[14114]: Failed password for invalid user 1964 from 80.235.105.114 port 41213 ssh2
Jan 3 13:48:58 d11wtq sshd[14116]: Invalid user 1965 from 80.235.105.114
Jan 3 13:48:58 d11wtq sshd(pam_unix)[14116]: check pass; user unknown
Jan 3 13:48:58 d11wtq sshd(pam_unix)[14116]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.polytex.ee
Jan 3 13:49:00 d11wtq sshd[14116]: Failed password for invalid user 1965 from 80.235.105.114 port 41651 ssh2
Jan 3 14:46:54 d11wtq xinetd[1206]: START: imap2 pid=14135 from=68.82.20.28
Jan 3 14:46:54 d11wtq imapd[14135]: port 143 service init from 68.82.20.28
Jan 3 14:46:54 d11wtq imapd[14135]: Command stream end of file, while reading line user=??? domain=??? host=pcp03108393pcs.rte20201.de.comcast.net [68.82.20.28]
Jan 3 14:46:54 d11wtq xinetd[1206]: EXIT: imap2 pid=14135 duration=0(sec)
Jan 3 15:14:22 d11wtq xinetd[1206]: START: smtp pid=14145 from=71.48.212.231
Jan 3 15:14:35 d11wtq spamd[13534]: connection from localhost [127.0.0.1] at port 1251
Jan 3 15:14:35 d11wtq spamd[13534]: info: setuid to nobody succeeded
Jan 3 15:14:35 d11wtq spamd[13534]: Creating default_prefs [//.spamassassin/user_prefs]
Jan 3 15:14:35 d11wtq spamd[13534]: Cannot write to //.spamassassin/user_prefs: No such file or directory
Jan 3 15:14:35 d11wtq spamd[13534]: Couldn't create readable default_prefs for [//.spamassassin/user_prefs]
Jan 3 15:14:35 d11wtq spamd[13534]: checking message <000001c61078$65ff7c00$0100007f@work-3> for nobody:65534.
Jan 3 15:14:37 d11wtq spamd[13534]: clean message (3.4/5.0) for nobody:65534 in 2.2 seconds, 6415 bytes.
Jan 3 15:14:37 d11wtq spamd[13534]: result: . 3 - DATE_IN_PAST_06_12,HTML_FONT_BIG,HTML_MESSAGE,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,URIBL_SBL,URIBL_WS_SURBL scantime=2.2,size=6415,mid=<000001c61078$65ff7c00$0100007f@work-3>,autolearn=disabled
Jan 3 15:14:37 d11wtq exim[14145]: 2006-01-03 15:14:37 1Etnrk-0003g9-BU <= alexander@griffield.biz H=nc-71-48-212-231.dhcp.sprint-hsd.net (friend) [71.48.212.231] P=esmtp S=6470 id=000001c61078$65ff7c00$0100007f@work-3
Jan 3 15:14:37 d11wtq exim[14146]: 2006-01-03 15:14:37 1Etnrk-0003g9-BU => enquiries <enquiries@chriscorbyn.co.uk> R=localuser T=local_delivery
Jan 3 15:14:37 d11wtq exim[14146]: 2006-01-03 15:14:37 1Etnrk-0003g9-BU == enquiries@chriscorbyn.co.uk R=write_spam_05 T=write_spam defer (13): Permission denied: failed to create directories for /home/d11wtq/Mail/chriscorbyn.co.uk/spam: Permission denied
Jan 3 15:14:56 d11wtq sshd[14150]: reverse mapping checking getaddrinfo for corporativos_245185-3.etb.net.co failed - POSSIBLE BREAKIN ATTEMPT!
Jan 3 15:14:56 d11wtq sshd(pam_unix)[14150]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.245.185.3 user=root
Jan 3 15:14:59 d11wtq sshd[14150]: Failed password for root from 201.245.185.3 port 35057 ssh2
Jan 3 15:15:05 d11wtq sshd[14152]: reverse mapping checking getaddrinfo for corporativos_245185-3.etb.net.co failed - POSSIBLE BREAKIN ATTEMPT!
Jan 3 15:15:05 d11wtq sshd(pam_unix)[14152]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.245.185.3 user=root
Jan 3 15:15:08 d11wtq sshd[14152]: Failed password for root from 201.245.185.3 port 35356 ssh2
Jan 3 15:15:15 d11wtq sshd[14154]: reverse mapping checking getaddrinfo for corporativos_245185-3.etb.net.co failed - POSSIBLE BREAKIN ATTEMPT!
Jan 3 15:15:15 d11wtq sshd(pam_unix)[14154]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.245.185.3 user=root
Jan 3 15:15:17 d11wtq sshd[14154]: Failed password for root from 201.245.185.3 port 35633 ssh2
Jan 3 15:15:27 d11wtq sshd[14156]: reverse mapping checking getaddrinfo for corporativos_245185-3.etb.net.co failed - POSSIBLE BREAKIN ATTEMPT!
Jan 3 15:15:27 d11wtq sshd(pam_unix)[14156]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.245.185.3 user=root
Jan 3 15:15:29 d11wtq sshd[14156]: Failed password for root from 201.245.185.3 port 35969 ssh2
Jan 3 17:38:09 d11wtq proftpd[14212]: localhost (lns-bzn-31-82-252-215-230.adsl.proxad.net[82.252.215.230]) - FTP session opened.
Jan 3 17:38:10 d11wtq proftpd[14212]: localhost (lns-bzn-31-82-252-215-230.adsl.proxad.net[82.252.215.230]) - USER ftp (Login failed): Invalid shell: '/bin/false'
Jan 3 17:38:10 d11wtq proftpd[14212]: localhost (lns-bzn-31-82-252-215-230.adsl.proxad.net[82.252.215.230]) - FTP session closed.Probably a bot, or several bots doing it.
It makes me wonder just how many people get rooted without even knowing it because they just have god awful security proedures on their meachines.