oh kalo yang kayak gitu sih biasa mas.... server saya juga sering digituin. cek aja loh ssh/security/auth. artinya mereka mau coba masuk via service SSH dengan coba2 username & password. blom tentu mereka berhasil loh ya...
solusinya: 1. pake sshguard. untuk menekan bruteforce mereka 2. pindahin port ssh nya kalo mau dilaporin, emang lapor kemana? 2009/7/30 Arief Yudhawarman <arief.mi...@jember.net> > > Terimakasih atas tanggapan rekan2 semua. Berikut log yang tercatat > ketika cracker berusaha masuk kembali via ssh: > > ... > Jul 28 16:54:13 pkusrv1 sshd[23064]: Invalid user dhan from 114.58.213.123 > Jul 28 16:54:13 pkusrv1 sshd[23064]: Failed none for invalid user dhan from > 114.58.213.123 port 2458 ssh2 > Jul 28 16:54:18 pkusrv1 sshd[23064]: Failed password for invalid user dhan > from 114.58.213.123 port 2458 ssh2 > ... > Jul 28 16:56:17 pkusrv1 sshd[23456]: Invalid user dhan from 114.58.213.123 > Jul 28 16:56:17 pkusrv1 sshd[23456]: Failed none for invalid user dhan from > 114.58.213.123 port 2486 ssh2 > Jul 28 16:56:26 pkusrv1 sshd[23456]: Failed password for invalid user dhan > from 114.58.213.123 port 2486 ssh2 > Jul 28 16:56:45 pkusrv1 sshd[23456]: Failed password for invalid user dhan > from 114.58.213.123 port 2486 ssh2 > ... > Jul 29 09:46:30 pkusrv1 sshd[27363]: Invalid user dhan from 114.58.68.68 > Jul 29 09:46:30 pkusrv1 sshd[27363]: Failed none for invalid user dhan from > 114.58.68.68 port 51139 ssh2 > Jul 29 09:46:42 pkusrv1 sshd[27363]: Failed password for invalid user dhan > from 114.58.68.68 port 51139 ssh2 > Jul 29 09:47:03 pkusrv1 sshd[27363]: Failed password for invalid user dhan > from 114.58.68.68 port 51139 ssh2 > ... > Jul 29 15:51:38 pkusrv1 sshd[27519]: Invalid user dhan from 70.84.178.90 > Jul 29 15:51:38 pkusrv1 sshd[27519]: Failed none for invalid user dhan from > 70.84.178.90 port 48852 ssh2 > Jul 29 15:51:41 pkusrv1 sshd[27519]: Failed password for invalid user dhan > from 70.84.178.90 port 48852 ssh2 > Jul 29 15:51:57 pkusrv1 sshd[27594]: Invalid user leqhi from 70.84.178.90 > Jul 29 15:51:57 pkusrv1 sshd[27594]: Failed none for invalid user leqhi from > 70.84.178.90 port 48862 ssh2 > Jul 29 15:51:59 pkusrv1 sshd[27594]: Failed password for invalid user leqhi > from 70.84.178.90 port 48862 ssh2 > > Dia mau masuk sebagai user dhan dan leqhi. > Berdasarkan whois ip 114.58.x.x itu ip indosat sedangkan 70.84.178.x itu > milik theplanet. Perlu dilaporkan ke pihak berwenang (indosat) tidak ? > Belum pernah sih mengalami hal ini jadi belum tahu protap-nya. > > -- > > Terimakasih sebelumnya. > > Salam, > > ~~ Arief Yudhawarman ~~ > > > -- > FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab > Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id > Arsip dan info milis selengkapnya di http://linux.or.id/milis > -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
