|
|
Modify Remote Login server to block scripted attacks
I, too, had access attempts. There appears to be something to this. Pay attention folks! Try this from your command line: grep sshd /var/log/system.log Review the lines for stuff like what shows up in my list below. I see attempts to access common accounts and dummy accounts such as "nobody". I have chosen to include the offending IP addresses so everyone is aware of potential sources of these attacks. Jan 31 16:24:24 My_Machine sshd[2109]: Did not receive identification string from 66.15.145.131 Jan 31 16:28:38 My_Machine sshd[2110]: Illegal user jordan from 66.15.145.131 Jan 31 16:28:38 My_Machine sshd[2110]: reverse mapping checking getaddrinfo for bdsl.66.15.145.131.gte.net failed - POSSIBLE BREAKIN ATTEMPT! Jan 31 16:30:15 My_Machine sshd[2218]: Illegal user pub from 66.15.145.131 Jan 31 16:30:15 My_Machine sshd[2218]: reverse mapping checking getaddrinfo for bdsl.66.15.145.131.gte.net failed - POSSIBLE BREAKIN ATTEMPT! Feb 1 15:24:02 My_Machine sshd[2602]: Did not receive identification string from 210.100.255.3 Feb 1 15:33:27 My_Machine sshd[2603]: User nobody not allowed because shell /dev/null is not executable Feb 1 15:33:29 My_Machine sshd[2605]: Illegal user patrick from 210.100.255.3 Feb 1 15:33:32 My_Machine sshd[2607]: Illegal user patrick from 210.100.255.3 Feb 1 15:33:34 My_Machine sshd[2609]: Failed password for root from 210.100.255.3 port 42075 ssh2 Feb 1 15:33:37 My_Machine sshd[2611]: Failed password for root from 210.100.255.3 port 43794 ssh2 Feb 1 15:33:48 My_Machine sshd[2620]: Illegal user rolo from 210.100.255.3 Feb 1 15:33:51 My_Machine sshd[2622]: Illegal user iceuser from 210.100.255.3 Feb 1 15:33:53 My_Machine sshd[2624]: Illegal user horde from 210.100.255.3 Feb 1 15:33:56 My_Machine sshd[2626]: Failed password for cyrus from 210.100.255.3 port 52386 ssh2 Feb 1 15:33:58 My_Machine sshd[2628]: User www not allowed because shell /dev/null is not executable Feb 1 15:34:01 My_Machine sshd[2630]: Illegal user wwwrun from 210.100.255.3 Feb 1 15:34:03 My_Machine sshd[2632]: Illegal user matt from 210.100.255.3 Feb 1 15:36:51 My_Machine sshd[2768]: Illegal user webmaster from 210.100.255.3 Feb 1 15:36:54 My_Machine sshd[2770]: Illegal user data from 210.100.255.3 Feb 1 15:36:56 My_Machine sshd[2772]: Illegal user user from 210.100.255.3 Feb 1 15:36:59 My_Machine sshd[2774]: Illegal user user from 210.100.255.3 Feb 1 15:37:01 My_Machine sshd[2776]: Illegal user user from 210.100.255.3 Feb 1 15:37:03 My_Machine sshd[2778]: Illegal user web from 210.100.255.3 Feb 1 15:37:06 My_Machine sshd[2780]: Illegal user web from 210.100.255.3 Feb 1 15:37:08 My_Machine sshd[2782]: Illegal user oracle from 210.100.255.3 Feb 1 15:37:10 My_Machine sshd[2784]: Illegal user sybase from 210.100.255.3 Feb 1 15:37:12 My_Machine sshd[2786]: Illegal user master from 210.100.255.3 Feb 1 15:37:15 My_Machine sshd[2788]: Illegal user account from 210.100.255.3 Feb 1 15:37:22 My_Machine sshd[2794]: Illegal user adam from 210.100.255.3 Feb 1 15:37:31 My_Machine sshd[2802]: Illegal user henry from 210.100.255.3 Feb 1 15:37:33 My_Machine sshd[2804]: Illegal user john from 210.100.255.3 Feb 1 15:37:36 My_Machine sshd[2806]: Failed password for root from 210.100.255.3 port 60520 ssh2 Feb 1 15:37:46 My_Machine sshd[2814]: Failed password for root from 210.100.255.3 port 38468 ssh2 Feb 1 15:37:49 My_Machine sshd[2816]: Illegal user test from 210.100.255.3Admin: Commented edited to narrow display; no content was changed
This is OLD NEWS
There is nothing "to this". This is a super old SSH attack that has been going around for almost a year. It simply tries username/password pairs for common first names and common role accounts. You are NOT VULNERABLE to this attack if you have strong passwords set on your account(s).
Modify Remote Login server to block scripted attacks
You can also use:
zgrep sshd /var/log/system.log.x.gz Where x is a number (like 0, 1, 2, ...). This will allow you to see SSH activity on older rotated logs. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|