Dear friends,
I am getting some messages in the /var/log/messages file like this in our
online server
Oct 31 16:32:20 server1 sshd(pam_unix)[5143]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
Oct 31 16:32:20 server1 sshd(pam_unix)[5146]: check pass; user unknown
Oct 31 16:32:20 server1 sshd(pam_unix)[5146]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
Oct 31 16:32:20 server1 sshd(pam_unix)[5150]: check pass; user unknown
Oct 31 16:32:20 server1 sshd(pam_unix)[5150]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
Oct 31 16:32:20 server1 sshd(pam_unix)[5151]: check pass; user unknown
Oct 31 16:32:20 server1 sshd(pam_unix)[5151]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
Oct 31 16:32:21 server1 sshd(pam_unix)[5148]: check pass; user unknown
Oct 31 16:32:21 server1 sshd(pam_unix)[5148]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
Oct 31 16:32:23 server1 sshd(pam_unix)[5154]: check pass; user unknown
Oct 31 16:32:23 server1 sshd(pam_unix)[5154]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
Oct 31 16:32:24 server1 sshd(pam_unix)[5157]: check pass; user unknown
Oct 31 16:32:24 server1 sshd(pam_unix)[5157]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
Oct 31 16:32:24 server1 sshd(pam_unix)[5156]: check pass; user unknown
Oct 31 16:32:24 server1 sshd(pam_unix)[5156]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
Oct 31 16:32:25 server1 sshd(pam_unix)[5158]: check pass; user unknown
Oct 31 16:32:25 server1 sshd(pam_unix)[5158]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
Oct 31 16:32:25 server1 sshd(pam_unix)[5161]: check pass; user unknown
Oct 31 16:32:25 server1 sshd(pam_unix)[5161]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
Oct 31 16:32:25 server1 sshd(pam_unix)[5162]: check pass; user unknown
Oct 31 16:32:25 server1 sshd(pam_unix)[5162]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
Oct 31 16:32:25 server1 sshd(pam_unix)[5163]: check pass; user unknown
Oct 31 16:32:25 server1 sshd(pam_unix)[5163]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser=
rhost=211-233-66-115.kidc.net
This is a small part of the whole message...
similar to these I get lot of such messages with rhost field differing as...
211.136.107.116
202.88.169.90
220-130-177-33.hinet-ip.hinet.net
202.88.169.90
62.214.92.189
203-221-189-95.apex.net.au
211.248.38.252
221.11.1.72
220.70.167.67
114-160.pool195103.interbusiness.it
bcl00011.empresas.ya.com
217.20.84.20
mela.dnet.pl
207-36-86-225.ptr.primarydns.com
lan-51-148.eds.com
10.67-19-253.reverse.theplanet.com
ip065229.hkicable.com
68.147.28.249
211-233-66-115.kidc.net
211.115.213.124
ip24-255-115-47.dc.dc.cox.net
delta.ece.cmu.edu
200.208.219.100
What is the actual problem behind this???...
Is this hackers activity???
Do such things make the server down... or affect system performance...???
Is any protection like firewall needed...???
If so how to avoid such unwanted logins???
Please help me in this issue
thank you,
ignacius
---------------------------------
Do you Yahoo!?
Check out the new Yahoo! Front Page. www.yahoo.com