Komisches Log.

Mo3

Mo3

New Member
Guten Abend

Bei dem Check meiner Logs (hier: auth.log) fand ich das hier vor:

Nov 16 10:19:27 sshd[13179]: reverse mapping checking getaddrinfo for 84-235-124-106.saudi.net.sa [84.235.124.106] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 16 10:19:27 sshd[13179]: Invalid user staff from 84.235.124.106
Nov 16 10:19:27 sshd[13179]: pam_unix(sshd:auth): check pass; user unknown
Nov 16 10:19:27 sshd[13179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.235.124.106
Nov 16 10:19:29 sshd[13179]: Failed password for invalid user staff from 84.235.124.106 port 36474 ssh2
Nov 16 10:19:29 sshd[13279]: error writing /proc/self/oom_adj: Permission denied
Nov 16 10:19:30 sshd[13279]: reverse mapping checking getaddrinfo for 84-235-124-106.saudi.net.sa [84.235.124.106] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 16 10:19:30 sshd[13279]: Invalid user sales from 84.235.124.106
Nov 16 10:19:30 sshd[13279]: pam_unix(sshd:auth): check pass; user unknown
Nov 16 10:19:30 sshd[13279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=XX:XXX:XX:X:X:X (Von mir zensiert)
Nov 16 10:19:32 sshd[13279]: Failed password for invalid user sales from 84.235.124.106 port 36900 ssh2
Nov 16 10:19:32 sshd[13335]: error writing /proc/self/oom_adj: Permission denied
Nov 16 10:19:33 v225771017 sshd[13335]: reverse mapping checking getaddrinfo for 84-235-124-106.saudi.net.sa [84.235.124.106] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 16 10:19:33 sshd[13335]: Invalid user recruit from 84.235.124.106
Nov 16 10:19:33 sshd[13335]: pam_unix(sshd:auth): check pass; user unknown
Nov 16 10:19:33 v225771017 sshd[13335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.235.124.106
Nov 16 10:19:35 sshd[13335]: Failed password for invalid user recruit from 84.235.124.106 port 37380 ssh2
Nov 16 10:19:35 v225771017 sshd[13441]: error writing /proc/self/oom_adj: Permission denied
Nov 16 10:19:37 sshd[13441]: reverse mapping checking getaddrinfo for 84-235-124-106.saudi.net.sa [84.235.124.106] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 16 08:31:44 v225771017 sshd[20391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=XX:XXX:XXX:XX
Nov 16 08:31:44 sshd[20451]: error writing /proc/self/oom_adj: Permission denied
Nov 16 08:31:46 sshd[20391]: Failed password for invalid user sale from XXX;XXX;XX;X port 9949 ssh2
Nov 16 08:31:46 sshd[20451]: Invalid user testuser from XXXXX:X:X:X:XX
Click to expand...

So geht das die ganze Zeit weiter. Sollte ich mir Sorgen machen?
 
Nicht, wenn Du Deinen Paßwörtern (und denen Deiner User) vertraust. :D

Eine schöne Lösung ist es, Paßwörter ganz zu verbieten und nur Public Key Auth zu gestattet.

Wenn Dich die Logeinträge nerven, kannst Du auch den SSH-Port verlegen und/oder fail2ban einsetzen.
 
You must log in or register to reply here.
Back
Top