someone trying to hack my server? [Archive]

Click to See Complete Forum and Search --> : someone trying to hack my server?

geezy

07-26-2004, 03:20 PM

I was looking through the log files trying to see if I had gallery logging correctly and I noticed in /var/log/messages that there were a couple instances for sshd where there is an entry
Illegal user test from ip address
Failed password for illegal user test from ip address port XXXX ssh2
Illegal user guest from ip address
Failed password for illegal user guest from ip address port XXXX ssh2
Illegal user admin from ip address
Failed password for illegal user admin from ip address port XXXX ssh2

Was someone trying to gain access to my machine?

ph34r

07-26-2004, 03:33 PM

Looks like it.

Dark Ninja

07-26-2004, 03:44 PM

My recommendation -- send that part of those logs to the ISP that the IP address is associated with. Tell the ISP that you hope they will take appropriate action, but do not threaten. (For example, do not say, "If you don't take down this guy's IP, I'm going to sue you.") If you do, you'll most likely be ignored. Just explain the situation and let the ISP know of the problem. (Usually, abuse@ispname.com is the address to send this stuff to.)