I noticed that my server has a lot ca. 1000x auth failure from different alocated in China / Romania and Netherlands per day since 3 days It looks to me like somebody was trying to get into server by guessing my password by brute force. what would be the best to stop this attack and how? the server running apache mysql and ftp PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 443/tcp open https 3306/tcp open mysql ... Jan 22 16:07:14 user vsftpd(pam_unix)[17462]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=195.95.228.150 Jan 22 16:07:16 user vsftpd(pam_unix)[16737]: check pass; user unknown Jan 22 16:07:16 user vsftpd(pam_unix)[16737]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=195.95.228.150 Jan 22 16:07:17 user vsftpd(pam_unix)[17462]: check pass; user unknown Jan 23 17:23:52 user vsftpd(pam_unix)[20524]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=221.7.40.47 Jan 23 17:23:55 user vsftpd(pam_unix)[20524]: check pass; user unknown Jan 23 17:23:55 user vsftpd(pam_unix)[20524]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=221.7.40.47 Jan 23 17:23:59 user vsftpd(pam_unix)[20524]: check pass; user unknown Jan 23 17:24:58 user vsftpd(pam_unix)[20524]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=221.7.40.47 Jan 23 00:37:47 user vsftpd(pam_unix)[1791]: check pass; user unknown Jan 23 00:37:47 user vsftpd(pam_unix)[1791]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=217.23.14.168 Jan 23 00:38:06 user vsftpd(pam_unix)[1791]: check pass; user unknown Jan 23 00:38:06 user vsftpd(pam_unix)[1791]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=217.23.14.168 ...
Thanks _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
