Subject: Brute Force Warning for ajax.myserver.com
The remote system ev1s-216-40-234-82.theplanet.com was found to have exceeded acceptable login failures on ajax.netelan.com; there was 24 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.
Executed ban command:
/etc/apf/apf -d ev1s-216-40-234-82.theplanet.com {bfd.sshd}
The following are event logs from ev1s-216-40-234-82.theplanet.com on service sshd (all time stamps are GMT -0400):
Sep 29 13:32:03 ajax sshd[25420]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:06 ajax sshd[25434]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:08 ajax sshd[25443]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:11 ajax sshd[25453]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:14 ajax sshd[25462]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:16 ajax sshd[25464]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:19 ajax sshd[25468]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:22 ajax sshd[25480]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:24 ajax sshd[25482]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:27 ajax sshd[25484]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:33 ajax sshd[25486]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:36 ajax sshd[25489]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:39 ajax sshd[25503]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:42 ajax sshd[25506]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:45 ajax sshd[25510]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:47 ajax sshd[25512]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:50 ajax sshd[25514]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:53 ajax sshd[25517]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:56 ajax sshd[25533]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:32:58 ajax sshd[25548]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:33:01 ajax sshd[25563]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:33:04 ajax sshd[25566]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:33:08 ajax sshd[25568]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Sep 29 13:33:11 ajax sshd[25570]: reverse mapping checking getaddrinfo for ev1s-216-40-234-82.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
----
- Thank you;