[Lilug] brute force
Jörg Kewisch
jorg at mellifera.buzz
Tue Dec 22 14:12:32 PST 2020
they guessed to port number I used on the router to forward to port 22 and tried to brute-force login to root from different IP numbers. Computer slowed down a lot.
So look at /var/log/auth.log , if it looks like this you got to do something:
Dec 21 12:26:35 blackbird sshd[661262]: Failed password for root from 51.91.250.49 port 59164 ssh2
Dec 21 12:26:35 blackbird sshd[661262]: Received disconnect from 51.91.250.49 port 59164:11: Bye Bye [preauth]
Dec 21 12:26:35 blackbird sshd[661262]: Disconnected from authenticating user root 51.91.250.49 port 59164 [preauth]
Dec 21 12:26:37 blackbird sshd[661266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.245.53.163 user=root
Dec 21 12:26:38 blackbird sshd[661265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.189.31.176 user=root
Dec 21 12:26:39 blackbird sshd[661266]: Failed password for root from 198.245.53.163 port 43710 ssh2
Dec 21 12:26:40 blackbird sshd[661265]: Failed password for root from 191.189.31.176 port 31322 ssh2
Dec 21 12:26:41 blackbird sshd[661265]: Received disconnect from 191.189.31.176 port 31322:11: Bye Bye [preauth]
Dec 21 12:26:41 blackbird sshd[661265]: Disconnected from authenticating user root 191.189.31.176 port 31322 [preauth]
Dec 21 12:26:41 blackbird sshd[661266]: Received disconnect from 198.245.53.163 port 43710:11: Bye Bye [preauth]
Dec 21 12:26:41 blackbird sshd[661266]: Disconnected from authenticating user root 198.245.53.163 port 43710 [preauth]
Dec 21 12:26:44 blackbird sshd[661270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.98.176 user=root
--
Jörg Kewisch
jorg at mellifera.buzz
More information about the Lilug
mailing list