Dear Frirends, Pl. help , I am receving the cron email from mine server with the following result from the last few days.
Day 1: crond: Unknown Entries: session closed for user root: 103 Time(s) session opened for user root by (uid=0): 102 Time(s) session closed for user drweb: 40 Time(s) session opened for user drweb by (uid=0): 40 Time(s) sshd: Authentication Failures: unknown (210.77.121.246): 1215 Time(s) root (210.77.121.246): 229 Time(s) postgres (210.77.121.246): 37 Time(s) news (210.77.121.246): 20 Time(s) mysql (210.77.121.246): 13 Time(s) bin (210.77.121.246): 11 Time(s) ftp ( 210.77.121.246): 11 Time(s) mail (210.77.121.246): 11 Time(s) rpm (210.77.121.246): 11 Time(s) games (210.77.121.246): 10 Time(s) ................... ............... Invalid Users: Unknown Account: 1218 Time(s) --------------------- Connections (secure-log) Begin ------------------------ Connections: Service ftp: <mine IP>: 1 Time(s) Service poppassd: 82.82.100.96: 5 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from these: adm/password from ::ffff: 210.77.121.246: 7 Time(s) apache/password from ::ffff:210.77.121.246: 8 Time(s) bin/password from ::ffff:210.77.121.246: 11 Time(s) daemon/password from ::ffff:210.77.121.246: 3 Time(s) ftp/password from ::ffff:210.77.121.246: 11 Time(s) games/password from ::ffff:210.77.121.246: 10 Time(s) .............................. .............................. **Unmatched Entries** Invalid user fluffy from ::ffff:210.77.121.246 Invalid user fluffy from ::ffff:210.77.121.246 Invalid user fluffy from ::ffff: 210.77.121.246 Failed password for invalid user fluffy from ::ffff:210.77.121.246 port 48294 ssh2 Failed password for invalid user fluffy from ::ffff:210.77.121.246 port 48314 ssh2 Failed password for invalid user fluffy from ::ffff:210.77.121.246 port 48333 ssh2 Invalid user admin from ::ffff:210.77.121.246 Invalid user admin from ::ffff:210.77.121.246 Invalid user admin from ::ffff:210.77.121.246 Failed password for invalid user admin from ::ffff:210.77.121.246 port 48406 ssh2 Failed password for invalid user admin from ::ffff:210.77.121.246 port 48423 ssh2 Failed password for invalid user admin from ::ffff:210.77.121.246 port 48445 ssh2 Invalid user test from ::ffff:210.77.121.246 Invalid user test from ::ffff:210.77.121.246 Invalid user test from ::ffff: 210.77.121.246 Failed password for invalid user test from ::ffff:210.77.121.246 port 48513 ssh2 .......................... ........................... ............................ Similar was for other days but the IPs were different. Other day that were 209.137.192.40 I do not know how to protect mine Server. Pl. help me. I have Plesk+RHEL . Thanks for your time and effort. -- Regards Abhishek Jain _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/