Forgot your password?
typodupeerror

Comment: Noticed It (Score 1) 203

by cheese-cube (#27551903) Attached to: The Low-Intensity, Brute-Force Zombies Are Back
I noticed this last night when lwatch just start spewing out failed authentication attempts. One point that I don't really see mentioned is that they will try a wide variety of different usernames. A snippet from auth.log:

Apr 12 23:16:27 host sshd[523]: Address 202.42.66.11 maps to changi.aglow.com.sg, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Apr 12 23:16:27 host sshd[523]: Invalid user warpuser from 202.42.66.11
Apr 12 23:16:27 host sshd[523]: pam_unix(sshd:auth): check pass; user unknown
Apr 12 23:16:27 host sshd[523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.42.66.11
Apr 12 23:16:29 host sshd[523]: Failed password for invalid user warpuser from 202.42.66.11 port 58502 ssh2
Apr 12 23:16:32 host sshd[525]: Address 202.42.66.11 maps to changi.aglow.com.sg, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Apr 12 23:16:32 host sshd[525]: Invalid user fwadmin from 202.42.66.11
Apr 12 23:16:32 host sshd[525]: pam_unix(sshd:auth): check pass; user unknown
Apr 12 23:16:32 host sshd[525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.42.66.11
Apr 12 23:16:35 host sshd[525]: Failed password for invalid user fwadmin from 202.42.66.11 port 58869 ssh2
Apr 12 23:16:38 host sshd[535]: Address 202.42.66.11 maps to changi.aglow.com.sg, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Apr 12 23:16:38 host sshd[535]: Invalid user mailadm from 202.42.66.11
Apr 12 23:16:38 host sshd[535]: pam_unix(sshd:auth): check pass; user unknown
Apr 12 23:16:38 host sshd[535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.42.66.11
Apr 12 23:16:40 host sshd[535]: Failed password for invalid user mailadm from 202.42.66.11 port 59272 ssh2

An easy method to out-smart them that has been mentioned before is to simply change the SSH port.

Don't steal; thou'lt never thus compete successfully in business. Cheat. -- Ambrose Bierce

Working...