intrusion via ssh

From: Frederic Guillet (fguillet_at_gmail.com)
Date: 03/31/05

Next message: Michael Katz: "Re: Fwd: Stable or Just Old?"

Date: Thu, 31 Mar 2005 12:55:46 +0200
To: debian-user@lists.debian.org

Hi,

i just checked my mail log on my server (that runs sarge with postfix)
and got this kind of lines:

MAR 30 20:01:33 servername sshd[17890] illegal user john from 24.15.134.130

I have about 500 attemps with different usernames and the same IP so i
guess it is a robot which is trying to enter my system.

the pb with such log is that it does not say if the user has succeeded
to enter the machine or if the attempt has failed.

any config advice or tutorial are welcome.

Thank in advance for your help.

-------------------------------
Frederic Guillet

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Next message: Michael Katz: "Re: Fwd: Stable or Just Old?"

Relevant Pages

Re: [SLE] mail bounced when on dialup
... There is no postfix listed there. ... You should look carefully at the mail
log. ... > I am wary of messing up postfix (having never tinkered with it ...
and your normal process a maildir. ... (SuSE)
Re: intrusion via ssh
... > i just checked my mail log on my server (that runs sarge with postfix)
... I have a short summary of my tracking of these Bruteforce SSH2 attempts ...
(Debian-User)
Re: intrusion via ssh
... > i just checked my mail log on my server (that runs sarge with postfix)
... (Debian-User)
Re: intrusion via ssh
... > i just checked my mail log on my server (that runs sarge with postfix)
... (Debian-User)
Re: script file for cropping mail log
... > I'm not much of a programmer and was just wondering if I could get some help ...
I thought I could just move the file out of the directory and Postfix ... > sure which
one is doing it) just keeps updating the mail log file, ... I don't want the mail log
file to get too ... (alt.os.linux.suse)