OK, my logs this am show the following:
sshd:
Authentication Failures:
green (202.39.71.115 ): 5 Time(s)
root (122.69-93-162.reverse.theplanet.com ): 295 Time(s)
unknown (202.39.71.115 ): 255 Time(s)
operator (122.69-93-162.reverse.theplanet.com ): 5 Time(s)
unknown (122.69-93-162.reverse.theplanet.com ): 210 Time(s)
mail (202.39.71.115 ): 5 Time(s)
lp (202.39.71.115 ): 5 Time(s)
apache (122.69-93-162.reverse.theplanet.com ): 5 Time(s)
adm (122.69-93-162.reverse.theplanet.com ): 10 Time(s)
nobody (122.69-93-162.reverse.theplanet.com ): 5 Time(s)
operator (202.39.71.115 ): 5 Time(s)
mysql (122.69-93-162.reverse.theplanet.com ): 5 Time(s)
Invalid Users:
Unknown Account: 465 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
Connections:
Service imap:
127.0.0.1: 172 Time(s)
---------------------- Connections (secure-log) End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from these:
account/password from 69.93.162.122: 5 Time(s)
adam/password from 69.93.162.122: 5 Time(s)
adm/password from 69.93.162.122: 10 Time(s)
alan/password from 69.93.162.122: 5 Time(s)
andrew/password from 202.39.71.115: 5 Time(s)
angel/password from 202.39.71.115: 5 Time(s)
apache/password from 69.93.162.122: 5 Time(s)
backup/password from 69.93.162.122: 5 Time(s)
barbara/password from 202.39.71.115: 5 Time(s)
ben/password from 202.39.71.115: 5 Time(s)
betty/password from 202.39.71.115: 5 Time(s)
billy/password from 202.39.71.115: 5 Time(s)
black/password from 202.39.71.115: 5 Time(s)
blue/password from 202.39.71.115: 5 Time(s)
brandon/password from 202.39.71.115: 5 Time(s)
brian/password from 202.39.71.115: 5 Time(s)
buddy/password from 202.39.71.115: 5 Time(s)
carmen/password from 202.39.71.115: 5 Time(s)
charlie/password from 202.39.71.115: 5 Time(s)
cip51/password from 69.93.162.122: 5 Time(s)
cip52/password from 69.93.162.122: 5 Time(s)
cosmin/password from 69.93.162.122: 5 Time(s)
cyrus/password from 69.93.162.122: 5 Time(s)
daniel/password from 202.39.71.115: 5 Time(s)
data/password from 69.93.162.122: 5 Time(s)
david/password from 202.39.71.115: 5 Time(s)
dog/password from 202.39.71.115: 5 Time(s)
emily/password from 202.39.71.115: 5 Time(s)
eric/password from 202.39.71.115: 5 Time(s)
frank/password from 69.93.162.122: 5 Time(s)
george/password from 69.93.162.122: 5 Time(s)
god/password from 202.39.71.115: 5 Time(s)
green/password from 202.39.71.115: 5 Time(s)
henry/password from 202.39.71.115: 5 Time(s)
henry/password from 69.93.162.122: 5 Time(s)
horde/password from 69.93.162.122: 5 Time(s)
iceuser/password from 69.93.162.122: 5 Time(s)
irc/password from 69.93.162.122: 10 Time(s)
jane/password from 202.39.71.115: 5 Time(s)
jane/password from 69.93.162.122: 5 Time(s)
jason/password from 202.39.71.115: 5 Time(s)
jeremy/password from 202.39.71.115: 5 Time(s)
joe/password from 202.39.71.115: 5 Time(s)
john/password from 69.93.162.122: 5 Time(s)
johnny/password from 202.39.71.115: 5 Time(s)
jordan/password from 202.39.71.115: 5 Time(s)
justin/password from 202.39.71.115: 5 Time(s)
larisa/password from 202.39.71.115: 5 Time(s)
lion/password from 202.39.71.115: 5 Time(s)
lp/password from 202.39.71.115: 5 Time(s)
lucy/password from 202.39.71.115: 5 Time(s)
magic/password from 202.39.71.115: 5 Time(s)
mail/password from 202.39.71.115: 5 Time(s)
maria/password from 202.39.71.115: 5 Time(s)
market/password from 202.39.71.115: 5 Time(s)
master/password from 69.93.162.122: 5 Time(s)
matt/password from 69.93.162.122: 5 Time(s)
matthew/password from 202.39.71.115: 5 Time(s)
max/password from 202.39.71.115: 5 Time(s)
michael/password from 202.39.71.115: 5 Time(s)
mysql/password from 69.93.162.122: 5 Time(s)
nathan/password from 202.39.71.115: 5 Time(s)
nicholas/password from 202.39.71.115: 5 Time(s)
nicole/password from 202.39.71.115: 5 Time(s)
nobody/password from 69.93.162.122: 5 Time(s)
noc/password from 69.93.162.122: 5 Time(s)
operator/password from 202.39.71.115: 5 Time(s)
operator/password from 69.93.162.122: 5 Time(s)
oracle/password from 69.93.162.122: 5 Time(s)
pamela/password from 69.93.162.122: 5 Time(s)
patrick/password from 69.93.162.122: 10 Time(s)
pub/password from 202.39.71.115: 5 Time(s)
red/password from 202.39.71.115: 5 Time(s)
robin/password from 202.39.71.115: 5 Time(s)
rolo/password from 69.93.162.122: 5 Time(s)
root/password from 69.93.162.122: 295 Time(s)
rose/password from 202.39.71.115: 5 Time(s)
server/password from 69.93.162.122: 5 Time(s)
shell/password from 202.39.71.115: 5 Time(s)
stephen/password from 202.39.71.115: 5 Time(s)
steven/password from 202.39.71.115: 5 Time(s)
sybase/password from 69.93.162.122: 5 Time(s)
system/password from 202.39.71.115: 5 Time(s)
test/password from 69.93.162.122: 25 Time(s)
tom/password from 202.39.71.115: 5 Time(s)
user/password from 69.93.162.122: 15 Time(s)
vampire/password from 202.39.71.115: 5 Time(s)
web/password from 69.93.162.122: 10 Time(s)
webmaster/password from 69.93.162.122: 5 Time(s)
william/password from 202.39.71.115: 5 Time(s)
www-data/password from 69.93.162.122: 5 Time(s)
www/password from 69.93.162.122: 5 Time(s)
wwwrun/password from 69.93.162.122: 5 Time(s)
yellow/password from 202.39.71.115: 5 Time(s)
**Unmatched Entries**
Illegal user patrick from 69.93.162.122
Illegal user patrick from 69.93.162.122
Illegal user patrick from 69.93.162.122
Illegal user patrick from 69.93.162.122
Illegal user patrick from 69.93.162.122
Illegal user patrick from 69.93.162.122
Illegal user patrick from 69.93.162.122
Illegal user patrick from 69.93.162.122
Illegal user patrick from 69.93.162.122
Illegal user rolo from 69.93.162.122
Illegal user rolo from 69.93.162.122
Illegal user patrick from 69.93.162.122
Illegal user rolo from 69.93.162.122
Illegal user iceuser from 69.93.162.122
Illegal user iceuser from 69.93.162.122
Illegal user iceuser from 69.93.162.122
Illegal user horde from 69.93.162.122
Illegal user horde from 69.93.162.122
Illegal user horde from 69.93.162.122
Illegal user cyrus from 69.93.162.122
Illegal user cyrus from 69.93.162.122
Illegal user cyrus from 69.93.162.122
Illegal user www from 69.93.162.122
Illegal user www from 69.93.162.122
Illegal user www from 69.93.162.122
Illegal user wwwrun from 69.93.162.122
Illegal user wwwrun from 69.93.162.122
Illegal user wwwrun from 69.93.162.122
Illegal user rolo from 69.93.162.122
Illegal user matt from 69.93.162.122
Illegal user matt from 69.93.162.122
Illegal user rolo from 69.93.162.122
Illegal user matt from 69.93.162.122
Illegal user iceuser from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user iceuser from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user horde from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user horde from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user cyrus from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user cyrus from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user www from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user www from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user wwwrun from 69.93.162.122
Illegal user www-data from 69.93.162.122
Illegal user www-data from 69.93.162.122
Illegal user wwwrun from 69.93.162.122
Illegal user www-data from 69.93.162.122
Illegal user matt from 69.93.162.122
Illegal user matt from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user irc from 69.93.162.122
Illegal user irc from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user irc from 69.93.162.122
Illegal user www-data from 69.93.162.122
Illegal user irc from 69.93.162.122
Illegal user irc from 69.93.162.122
Illegal user www-data from 69.93.162.122
Illegal user irc from 69.93.162.122
Illegal user irc from 69.93.162.122
Illegal user jane from 69.93.162.122
Illegal user jane from 69.93.162.122
Illegal user irc from 69.93.162.122
Illegal user jane from 69.93.162.122
Illegal user irc from 69.93.162.122
Illegal user pamela from 69.93.162.122
Illegal user pamela from 69.93.162.122
Illegal user irc from 69.93.162.122
Illegal user pamela from 69.93.162.122
Illegal user jane from 69.93.162.122
Illegal user jane from 69.93.162.122
Illegal user pamela from 69.93.162.122
Illegal user cosmin from 69.93.162.122
Illegal user cosmin from 69.93.162.122
Illegal user pamela from 69.93.162.122
Illegal user cosmin from 69.93.162.122
Illegal user cosmin from 69.93.162.122
Illegal user cosmin from 69.93.162.122
Illegal user cip52 from 69.93.162.122
Illegal user cip52 from 69.93.162.122
Illegal user cip52 from 69.93.162.122
Illegal user cip51 from 69.93.162.122
Illegal user cip51 from 69.93.162.122
Illegal user cip51 from 69.93.162.122
Illegal user noc from 69.93.162.122
Illegal user noc from 69.93.162.122
Illegal user noc from 69.93.162.122
Illegal user cip52 from 69.93.162.122
Illegal user cip52 from 69.93.162.122
Illegal user cip51 from 69.93.162.122
Illegal user cip51 from 69.93.162.122
Illegal user webmaster from 69.93.162.122
Illegal user webmaster from 69.93.162.122
Illegal user webmaster from 69.93.162.122
Illegal user noc from 69.93.162.122
Illegal user data from 69.93.162.122
Illegal user data from 69.93.162.122
Illegal user noc from 69.93.162.122
Illegal user data from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user web from 69.93.162.122
Illegal user web from 69.93.162.122
Illegal user web from 69.93.162.122
Illegal user webmaster from 69.93.162.122
Illegal user web from 69.93.162.122
Illegal user web from 69.93.162.122
Illegal user webmaster from 69.93.162.122
Illegal user web from 69.93.162.122
Illegal user data from 69.93.162.122
Illegal user oracle from 69.93.162.122
Illegal user oracle from 69.93.162.122
Illegal user data from 69.93.162.122
Illegal user oracle from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user sybase from 69.93.162.122
Illegal user sybase from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user sybase from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user master from 69.93.162.122
Illegal user master from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user master from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user account from 69.93.162.122
Illegal user account from 69.93.162.122
Illegal user user from 69.93.162.122
Illegal user account from 69.93.162.122
Illegal user web from 69.93.162.122
Illegal user backup from 69.93.162.122
Illegal user backup from 69.93.162.122
Illegal user web from 69.93.162.122
Illegal user backup from 69.93.162.122
Illegal user web from 69.93.162.122
Illegal user server from 69.93.162.122
Illegal user server from 69.93.162.122
Illegal user web from 69.93.162.122
Illegal user server from 69.93.162.122
Illegal user oracle from 69.93.162.122
Illegal user adam from 69.93.162.122
Illegal user adam from 69.93.162.122
Illegal user oracle from 69.93.162.122
Illegal user adam from 69.93.162.122
Illegal user sybase from 69.93.162.122
Illegal user alan from 69.93.162.122
Illegal user alan from 69.93.162.122
Illegal user sybase from 69.93.162.122
Illegal user alan from 69.93.162.122
Illegal user master from 69.93.162.122
Illegal user frank from 69.93.162.122
Illegal user frank from 69.93.162.122
Illegal user master from 69.93.162.122
Illegal user frank from 69.93.162.122
Illegal user account from 69.93.162.122
Illegal user george from 69.93.162.122
Illegal user george from 69.93.162.122
Illegal user account from 69.93.162.122
Illegal user george from 69.93.162.122
Illegal user backup from 69.93.162.122
Illegal user henry from 69.93.162.122
Illegal user henry from 69.93.162.122
Illegal user backup from 69.93.162.122
Illegal user henry from 69.93.162.122
Illegal user server from 69.93.162.122
Illegal user john from 69.93.162.122
Illegal user john from 69.93.162.122
Illegal user server from 69.93.162.122
Illegal user john from 69.93.162.122
Illegal user adam from 69.93.162.122
Illegal user adam from 69.93.162.122
Illegal user alan from 69.93.162.122
Illegal user alan from 69.93.162.122
Illegal user frank from 69.93.162.122
Illegal user frank from 69.93.162.122
Illegal user george from 69.93.162.122
Illegal user george from 69.93.162.122
Illegal user henry from 69.93.162.122
Illegal user henry from 69.93.162.122
Illegal user john from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user john from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user test from 69.93.162.122
Illegal user jordan from 202.39.71.115
Illegal user jordan from 202.39.71.115
Illegal user michael from 202.39.71.115
Illegal user jordan from 202.39.71.115
Illegal user michael from 202.39.71.115
Illegal user nicole from 202.39.71.115
Illegal user michael from 202.39.71.115
Illegal user nicole from 202.39.71.115
Illegal user daniel from 202.39.71.115
Illegal user nicole from 202.39.71.115
Illegal user daniel from 202.39.71.115
Illegal user andrew from 202.39.71.115
Illegal user daniel from 202.39.71.115
Illegal user andrew from 202.39.71.115
Illegal user jordan from 202.39.71.115
Illegal user nathan from 202.39.71.115
Illegal user nathan from 202.39.71.115
Illegal user andrew from 202.39.71.115
Illegal user jordan from 202.39.71.115
Illegal user michael from 202.39.71.115
Illegal user matthew from 202.39.71.115
Illegal user nathan from 202.39.71.115
Illegal user matthew from 202.39.71.115
Illegal user michael from 202.39.71.115
Illegal user nicole from 202.39.71.115
Illegal user magic from 202.39.71.115
Illegal user matthew from 202.39.71.115
Illegal user magic from 202.39.71.115
Illegal user nicole from 202.39.71.115
Illegal user daniel from 202.39.71.115
Illegal user lion from 202.39.71.115
Illegal user magic from 202.39.71.115
Illegal user lion from 202.39.71.115
Illegal user daniel from 202.39.71.115
Illegal user andrew from 202.39.71.115
Illegal user david from 202.39.71.115
Illegal user lion from 202.39.71.115
Illegal user andrew from 202.39.71.115
Illegal user david from 202.39.71.115
Illegal user nathan from 202.39.71.115
Illegal user jason from 202.39.71.115
Illegal user david from 202.39.71.115
Illegal user nathan from 202.39.71.115
Illegal user jason from 202.39.71.115
Illegal user matthew from 202.39.71.115
Illegal user ben from 202.39.71.115
Illegal user jason from 202.39.71.115
Illegal user matthew from 202.39.71.115
Illegal user ben from 202.39.71.115
Illegal user magic from 202.39.71.115
Illegal user carmen from 202.39.71.115
Illegal user ben from 202.39.71.115
Illegal user magic from 202.39.71.115
Illegal user carmen from 202.39.71.115
Illegal user lion from 202.39.71.115
Illegal user justin from 202.39.71.115
Illegal user carmen from 202.39.71.115
Illegal user lion from 202.39.71.115
Illegal user justin from 202.39.71.115
Illegal user david from 202.39.71.115
Illegal user charlie from 202.39.71.115
Illegal user justin from 202.39.71.115
Illegal user david from 202.39.71.115
Illegal user charlie from 202.39.71.115
Illegal user jason from 202.39.71.115
Illegal user steven from 202.39.71.115
Illegal user charlie from 202.39.71.115
Illegal user jason from 202.39.71.115
Illegal user steven from 202.39.71.115
Illegal user ben from 202.39.71.115
Illegal user brandon from 202.39.71.115
Illegal user steven from 202.39.71.115
Illegal user ben from 202.39.71.115
Illegal user brandon from 202.39.71.115
Illegal user carmen from 202.39.71.115
Illegal user brian from 202.39.71.115
Illegal user brandon from 202.39.71.115
Illegal user carmen from 202.39.71.115
Illegal user brian from 202.39.71.115
Illegal user justin from 202.39.71.115
Illegal user stephen from 202.39.71.115
Illegal user brian from 202.39.71.115
Illegal user justin from 202.39.71.115
Illegal user stephen from 202.39.71.115
Illegal user charlie from 202.39.71.115
Illegal user william from 202.39.71.115
Illegal user stephen from 202.39.71.115
Illegal user william from 202.39.71.115
Illegal user charlie from 202.39.71.115
Illegal user steven from 202.39.71.115
Illegal user angel from 202.39.71.115
Illegal user william from 202.39.71.115
Illegal user angel from 202.39.71.115
Illegal user steven from 202.39.71.115
Illegal user brandon from 202.39.71.115
Illegal user emily from 202.39.71.115
Illegal user angel from 202.39.71.115
Illegal user emily from 202.39.71.115
Illegal user brandon from 202.39.71.115
Illegal user brian from 202.39.71.115
Illegal user eric from 202.39.71.115
Illegal user emily from 202.39.71.115
Illegal user eric from 202.39.71.115
Illegal user brian from 202.39.71.115
Illegal user stephen from 202.39.71.115
Illegal user joe from 202.39.71.115
Illegal user eric from 202.39.71.115
Illegal user joe from 202.39.71.115
Illegal user stephen from 202.39.71.115
Illegal user william from 202.39.71.115
Illegal user tom from 202.39.71.115
Illegal user joe from 202.39.71.115
Illegal user tom from 202.39.71.115
Illegal user william from 202.39.71.115
Illegal user angel from 202.39.71.115
Illegal user billy from 202.39.71.115
Illegal user tom from 202.39.71.115
Illegal user billy from 202.39.71.115
Illegal user angel from 202.39.71.115
Illegal user emily from 202.39.71.115
Illegal user buddy from 202.39.71.115
Illegal user billy from 202.39.71.115
Illegal user buddy from 202.39.71.115
Illegal user emily from 202.39.71.115
Illegal user eric from 202.39.71.115
Illegal user jeremy from 202.39.71.115
Illegal user buddy from 202.39.71.115
Illegal user jeremy from 202.39.71.115
Illegal user eric from 202.39.71.115
Illegal user joe from 202.39.71.115
Illegal user vampire from 202.39.71.115
Illegal user jeremy from 202.39.71.115
Illegal user vampire from 202.39.71.115
Illegal user joe from 202.39.71.115
Illegal user tom from 202.39.71.115
Illegal user betty from 202.39.71.115
Illegal user vampire from 202.39.71.115
Illegal user betty from 202.39.71.115
Illegal user tom from 202.39.71.115
Illegal user billy from 202.39.71.115
Illegal user henry from 202.39.71.115
Illegal user betty from 202.39.71.115
Illegal user henry from 202.39.71.115
Illegal user billy from 202.39.71.115
Illegal user buddy from 202.39.71.115
Illegal user max from 202.39.71.115
Illegal user henry from 202.39.71.115
Illegal user max from 202.39.71.115
Illegal user buddy from 202.39.71.115
Illegal user jeremy from 202.39.71.115
Illegal user nicholas from 202.39.71.115
Illegal user max from 202.39.71.115
Illegal user nicholas from 202.39.71.115
Illegal user jeremy from 202.39.71.115
Illegal user vampire from 202.39.71.115
Illegal user robin from 202.39.71.115
Illegal user nicholas from 202.39.71.115
Illegal user robin from 202.39.71.115
Illegal user vampire from 202.39.71.115
Illegal user betty from 202.39.71.115
Illegal user system from 202.39.71.115
Illegal user robin from 202.39.71.115
Illegal user system from 202.39.71.115
Illegal user betty from 202.39.71.115
Illegal user henry from 202.39.71.115
Illegal user johnny from 202.39.71.115
Illegal user system from 202.39.71.115
Illegal user johnny from 202.39.71.115
Illegal user henry from 202.39.71.115
Illegal user max from 202.39.71.115
Illegal user lucy from 202.39.71.115
Illegal user johnny from 202.39.71.115
Illegal user lucy from 202.39.71.115
Illegal user max from 202.39.71.115
Illegal user nicholas from 202.39.71.115
Illegal user market from 202.39.71.115
Illegal user lucy from 202.39.71.115
Illegal user market from 202.39.71.115
Illegal user nicholas from 202.39.71.115
Illegal user robin from 202.39.71.115
Illegal user market from 202.39.71.115
Illegal user robin from 202.39.71.115
Illegal user system from 202.39.71.115
Illegal user maria from 202.39.71.115
Illegal user maria from 202.39.71.115
Illegal user system from 202.39.71.115
Illegal user johnny from 202.39.71.115
Illegal user rose from 202.39.71.115
Illegal user maria from 202.39.71.115
Illegal user rose from 202.39.71.115
Illegal user johnny from 202.39.71.115
Illegal user lucy from 202.39.71.115
Illegal user rose from 202.39.71.115
Illegal user lucy from 202.39.71.115
Illegal user market from 202.39.71.115
Illegal user god from 202.39.71.115
Illegal user god from 202.39.71.115
Illegal user market from 202.39.71.115
Illegal user barbara from 202.39.71.115
Illegal user god from 202.39.71.115
Illegal user barbara from 202.39.71.115
Illegal user maria from 202.39.71.115
Illegal user barbara from 202.39.71.115
Illegal user maria from 202.39.71.115
Illegal user rose from 202.39.71.115
Illegal user larisa from 202.39.71.115
Illegal user larisa from 202.39.71.115
Illegal user rose from 202.39.71.115
Illegal user shell from 202.39.71.115
Illegal user larisa from 202.39.71.115
Illegal user shell from 202.39.71.115
Illegal user god from 202.39.71.115
Illegal user jane from 202.39.71.115
Illegal user shell from 202.39.71.115
Illegal user jane from 202.39.71.115
Illegal user god from 202.39.71.115
Illegal user barbara from 202.39.71.115
Illegal user dog from 202.39.71.115
Illegal user jane from 202.39.71.115
Illegal user dog from 202.39.71.115
Illegal user barbara from 202.39.71.115
Illegal user blue from 202.39.71.115
Illegal user dog from 202.39.71.115
Illegal user blue from 202.39.71.115
Illegal user larisa from 202.39.71.115
Illegal user red from 202.39.71.115
Illegal user blue from 202.39.71.115
Illegal user red from 202.39.71.115
Illegal user larisa from 202.39.71.115
Illegal user shell from 202.39.71.115
Illegal user yellow from 202.39.71.115
Illegal user red from 202.39.71.115
Illegal user yellow from 202.39.71.115
Illegal user shell from 202.39.71.115
Illegal user jane from 202.39.71.115
Illegal user yellow from 202.39.71.115
Illegal user jane from 202.39.71.115
Illegal user dog from 202.39.71.115
Illegal user black from 202.39.71.115
Illegal user black from 202.39.71.115
Illegal user dog from 202.39.71.115
Illegal user blue from 202.39.71.115
Illegal user pub from 202.39.71.115
Illegal user black from 202.39.71.115
Illegal user pub from 202.39.71.115
Illegal user blue from 202.39.71.115
Illegal user red from 202.39.71.115
Illegal user pub from 202.39.71.115
Illegal user red from 202.39.71.115
Illegal user yellow from 202.39.71.115
Illegal user yellow from 202.39.71.115
Illegal user black from 202.39.71.115
Illegal user black from 202.39.71.115
Illegal user pub from 202.39.71.115
Illegal user pub from 202.39.71.115
---------------------- SSHD End -------------------------
This is the first time that it shows ip's from reverse.theplanet.net.
I get slammed every day and normally from different ip addresses each day. Anyone have any suggestions on how to stop this? All help is appreciated.
Full Version: Getting Slammed - Need Advice!
QUOTE (scriptjunkie)
This is the first time that it shows ip's from reverse.theplanet.net.
I get slammed every day and normally from different ip addresses each day. Anyone have any suggestions on how to stop this? All help is appreciated.
Firstly report the ones from theplanet to abuse@theplanet.com (it's theplanet.com, if you sent it to theplanet.net they'd just laugh at you).
I get slammed every day and normally from different ip addresses each day. Anyone have any suggestions on how to stop this? All help is appreciated.
Secondly, do you have any firewall on your server, and some kind of brute force protection?
(if not, WHY? APF and BFD from rfxnetworks will do the job)
you can't stop it from different IPs. bfd and apf will just stop the same ip from trying it again. bfd usually runs on an 8 to 10 minute cron and most of these attacks are much shorter than that. Mostly these types of failed attempts are something you just have to live with. As long as you don't have any stupid logins, it's just an annoyance.
QUOTE (S3)
bfd and apf will just stop the same ip from trying it again.
Those attacks were from the same 2 IP's so in this case it would (should) have stopped them.
oops, I missed the part where he stated how long the attacks persisted.
I agree completely that if the attacks lasted longer than 8 to 10 minutes, then bfd/apf could have locked them out before they were finished attempting clueless logins.
I agree completely that if the attacks lasted longer than 8 to 10 minutes, then bfd/apf could have locked them out before they were finished attempting clueless logins.
Thanks for all the help. I did not have apf or bfd installed before this, nut I have just now installed and we will see what happens.
I got BFG and APF and I get hit like this every damn day. It's annoying but in the end it's not much you can do. Sometimes I'm thinking of trying to report IP's to th abuse-addresses but the only time I did it I never got any reply.
/B
/B
boaf.. I get 2-3 BF per day.. and I just let it go.
What I have is 3 recommandations for you.
1- You should desiable root for SSH login
2- You should create a username that is weird, like ckoel with a long password, like that, no attack will ever find that user, and login with this account and the su as root.
3-Allow only SSH2 logins
if you are rough and want to call SM every week, if you have a statis ip, you should block every connections from the internet to the port of your ssh, excluding your IP and TP's ips.
This is not going to reduce the amout of attacks, but it is going to make sure nothing can be done.
What I have is 3 recommandations for you.
1- You should desiable root for SSH login
2- You should create a username that is weird, like ckoel with a long password, like that, no attack will ever find that user, and login with this account and the su as root.
3-Allow only SSH2 logins
if you are rough and want to call SM every week, if you have a statis ip, you should block every connections from the internet to the port of your ssh, excluding your IP and TP's ips.
This is not going to reduce the amout of attacks, but it is going to make sure nothing can be done.
QUOTE
I get slammed every day and normally from different ip addresses each day. Anyone have any suggestions on how to stop this? All help is appreciated.
Make APF do this:
allow port 22(ssh) access only if ip = your ip, else deny
this can be done by putting your ip or ip range in allow_hosts.rules and removing port 22 in conf.apf. However you have to be careful and know what u r doing if not you run the risk of locking yourself out from ssh.
Or move ssh to some other random port. This will also stop attempted logins to ssh because the scanners that they use are set to hit port 22. So, if you change ssh to port 5921 or some other random port, all login attempts will stop.
Just make sure you open this new port on your firewall BEFORE making the switch and tell SM what the new port number is
Just make sure you open this new port on your firewall BEFORE making the switch and tell SM what the new port number is
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.