[ilugd] Someone trying to break pass mine server pl. help

Sun, 09 Apr 2006 22:02:57 -0700 

Dear Frirends,
Pl. help , I am receving the cron email from mine server with the following
result from the last few days.

Day 1:
crond:
  Unknown Entries:
     session closed for user root: 103 Time(s)
     session opened for user root by (uid=0): 102 Time(s)
     session closed for user drweb: 40 Time(s)
     session opened for user drweb by (uid=0): 40 Time(s)

sshd:
  Authentication Failures:
     unknown (210.77.121.246): 1215 Time(s)
     root (210.77.121.246): 229 Time(s)
     postgres (210.77.121.246): 37 Time(s)
     news (210.77.121.246): 20 Time(s)
     mysql (210.77.121.246): 13 Time(s)
     bin (210.77.121.246): 11 Time(s)
     ftp ( 210.77.121.246): 11 Time(s)
     mail (210.77.121.246): 11 Time(s)
     rpm (210.77.121.246): 11 Time(s)
     games (210.77.121.246): 10 Time(s)
...................
...............
Invalid Users:
     Unknown Account: 1218 Time(s)


--------------------- Connections (secure-log) Begin
------------------------


Connections:
  Service ftp:
    <mine IP>: 1 Time(s)
  Service poppassd:
     82.82.100.96: 5 Time(s)

 ---------------------- Connections (secure-log) End
-------------------------


 --------------------- SSHD Begin ------------------------


Failed logins from these:
  adm/password from ::ffff: 210.77.121.246: 7 Time(s)
  apache/password from ::ffff:210.77.121.246: 8 Time(s)
  bin/password from ::ffff:210.77.121.246: 11 Time(s)
  daemon/password from ::ffff:210.77.121.246: 3 Time(s)
  ftp/password from ::ffff:210.77.121.246: 11 Time(s)
  games/password from ::ffff:210.77.121.246: 10 Time(s)
..............................
..............................

**Unmatched Entries**
Invalid user fluffy from ::ffff:210.77.121.246
Invalid user fluffy from ::ffff:210.77.121.246
Invalid user fluffy from ::ffff: 210.77.121.246
Failed password for invalid user fluffy from ::ffff:210.77.121.246 port
48294 ssh2
Failed password for invalid user fluffy from ::ffff:210.77.121.246 port
48314 ssh2
Failed password for invalid user fluffy from ::ffff:210.77.121.246 port
48333 ssh2
Invalid user admin from ::ffff:210.77.121.246
Invalid user admin from ::ffff:210.77.121.246
Invalid user admin from ::ffff:210.77.121.246
Failed password for invalid user admin from ::ffff:210.77.121.246 port 48406
ssh2
Failed password for invalid user admin from ::ffff:210.77.121.246 port 48423
ssh2
Failed password for invalid user admin from ::ffff:210.77.121.246 port 48445
ssh2
Invalid user test from ::ffff:210.77.121.246
Invalid user test from ::ffff:210.77.121.246
Invalid user test from ::ffff: 210.77.121.246
Failed password for invalid user test from ::ffff:210.77.121.246 port 48513
ssh2
..........................
...........................
............................



Similar was for other days but the IPs were different. Other day that were
209.137.192.40


I do not know how to protect mine Server. Pl. help me. I have Plesk+RHEL .
Thanks for your time and effort.
--
Regards
Abhishek Jain
_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Reply via email to