I noticed that my server has a lot ca. 1000x auth failure from
different alocated in China / Romania and Netherlands per day since 3
days
It looks to me like somebody was trying to get into server by guessing
my password by brute force.
what would be the best to stop this attack and how? the server running
apache mysql and ftp
PORT     STATE SERVICE
21/tcp   open  ftp
80/tcp   open  http
443/tcp  open  https
3306/tcp open  mysql
...
Jan 22 16:07:14 user vsftpd(pam_unix)[17462]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=195.95.228.150
Jan 22 16:07:16 user vsftpd(pam_unix)[16737]: check pass; user unknown
Jan 22 16:07:16 user vsftpd(pam_unix)[16737]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=195.95.228.150
Jan 22 16:07:17 user vsftpd(pam_unix)[17462]: check pass; user unknown
Jan 23 17:23:52 user vsftpd(pam_unix)[20524]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=221.7.40.47
Jan 23 17:23:55 user vsftpd(pam_unix)[20524]: check pass; user unknown
Jan 23 17:23:55 user vsftpd(pam_unix)[20524]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=221.7.40.47
Jan 23 17:23:59 user vsftpd(pam_unix)[20524]: check pass; user unknown
Jan 23 17:24:58 user vsftpd(pam_unix)[20524]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=221.7.40.47
Jan 23 00:37:47 user vsftpd(pam_unix)[1791]: check pass; user unknown
Jan 23 00:37:47 user vsftpd(pam_unix)[1791]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=217.23.14.168
Jan 23 00:38:06 user vsftpd(pam_unix)[1791]: check pass; user unknown
Jan 23 00:38:06 user vsftpd(pam_unix)[1791]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=217.23.14.168
...

Thanks
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Reply via email to