Attacks on the server

Dorianek

Member
Joined
Nov 29, 2018
Messages
108
Reaction score
3
36988

I have checked the logs and are not satisfactory. Someone tried to break into the database for 8 hours.

then in the morning the server was already off for unknown reasons

Will you give some commands on linux debian 8 to secure the attacks? and kicking the server? because my hands are already falling.

I wrote here only a small fragment of what I have in the logs for one night.

Serwer Close :

Rich (BB code):
Jun 13 23:39:16 De543256 sshd[19222]: Failed password for invalid user tomcat from 51.75.123.124 port 41280 ssh2
Jun 13 23:39:16 De543256  sshd[19222]: Received disconnect from 51.75.123.124: 11: Normal Shutdown, Thank you for playing [preauth]
Jun 13 23:39:25 De543256  systemd-logind[463]: Power key pressed.
Jun 13 23:39:25 De543256  systemd-logind[463]: Powering Off...
Jun 13 23:39:25 De543256  systemd-logind[463]: System is powering down.





Rich (BB code):
Jun 14 04:32:00 De543256 sshd[5174]: Failed password for root from 218.92.0.132 port 6701 ssh2
Jun 14 04:32:03 De543256 sshd[5174]: Failed password for root from 218.92.0.132 port 6701 ssh2
Jun 14 04:32:03 De543256 sshd[5174]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 6701 ssh2 [preauth]
Jun 14 04:32:03 De543256 sshd[5174]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:03 De543256 sshd[5174]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:32:06 De543256 sshd[5180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:08 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:10 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:13 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:16 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:19 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:22 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:22 De543256 sshd[5180]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 27881 ssh2 [preauth]
Jun 14 04:32:22 De543256 sshd[5180]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:22 De543256 sshd[5180]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:32:23 De543256 sshd[5182]: reverse mapping checking getaddrinfo for 212445.cloudwaysapps.com [128.199.197.53] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 14 04:32:23 De543256 sshd[5182]: Invalid user andy from 128.199.197.53
Jun 14 04:32:23 De543256 sshd[5182]: input_userauth_request: invalid user andy [preauth]
Jun 14 04:32:23 De543256 sshd[5182]: pam_unix(sshd:auth): check pass; user unknown
Jun 14 04:32:23 De543256 sshd[5182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.197.53
Jun 14 04:32:25 De543256 sshd[5182]: Failed password for invalid user andy from 128.199.197.53 port 55401 ssh2
Jun 14 04:32:25 De543256 sshd[5182]: Received disconnect from 128.199.197.53: 11: Bye Bye [preauth]
Jun 14 04:32:26 De543256 sshd[5184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:28 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:31 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:34 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:37 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:39 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:42 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:42 De543256 sshd[5184]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 46162 ssh2 [preauth]
Jun 14 04:32:42 De543256 sshd[5184]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:42 De543256 sshd[5184]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:32:46 De543256 sshd[5186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:48 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:32:51 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:32:54 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:32:56 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:32:59 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:33:02 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:33:02 De543256 sshd[5186]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 64610 ssh2 [preauth]
Jun 14 04:33:02 De543256 sshd[5186]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:02 De543256 sshd[5186]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:33:09 De543256 sshd[5188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:11 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:12 De543256 sshd[5190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.163.136  user=root
Jun 14 04:33:14 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:14 De543256 sshd[5190]: Failed password for root from 139.199.163.136 port 53508 ssh2
Jun 14 04:33:15 De543256 sshd[5190]: Received disconnect from 139.199.163.136: 11: Bye Bye [preauth]
Jun 14 04:33:18 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:20 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:23 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:26 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:26 De543256 sshd[5188]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 19051 ssh2 [preauth]
Jun 14 04:33:26 De543256 sshd[5188]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:26 De543256 sshd[5188]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:33:30 De543256 sshd[5192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:31 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:34 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:36 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:39 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:41 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:43 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:43 De543256 sshd[5192]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 42481 ssh2 [preauth]
Jun 14 04:33:43 De543256 sshd[5192]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:43 De543256 sshd[5192]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:33:47 De543256 sshd[5194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:50 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:33:54 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:33:56 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:33:58 De543256 sshd[5196]: reverse mapping checking getaddrinfo for 65-150-164-181.fibertel.com.ar [181.164.150.65] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 14 04:33:58 De543256 sshd[5196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.150.65  user=root
Jun 14 04:33:58 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:34:00 De543256 sshd[5196]: Failed password for root from 181.164.150.65 port 42850 ssh2
Jun 14 04:34:00 De543256 sshd[5196]: Received disconnect from 181.164.150.65: 11: Bye Bye [preauth]
Jun 14 04:34:02 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:34:05 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:34:05 De543256 sshd[5194]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 58616 ssh2 [preauth]
Jun 14 04:34:05 De543256 sshd[5194]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:34:05 De543256 sshd[5194]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:34:13 De543256 sshd[5198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:34:15 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:18 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:21 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:24 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:27 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:27 De543256 sshd[5200]: Invalid user csserver from 175.6.64.169
Jun 14 04:34:27 De543256 sshd[5200]: input_userauth_request: invalid user csserver [preauth]
Jun 14 04:34:27 De543256 sshd[5200]: pam_unix(sshd:auth): check pass; user unknown
Jun 14 04:34:27 De543256 sshd[5200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.64.169
Jun 14 04:34:29 De543256 sshd[5202]: reverse mapping checking getaddrinfo for 212445.cloudwaysapps.com [128.199.197.53] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 14 04:34:29 De543256 sshd[5202]: Invalid user alex from 128.199.197.53
Jun 14 04:34:29 De543256 sshd[5202]: input_userauth_request: invalid user alex [preauth]
Jun 14 04:34:29 De543256 sshd[5202]: pam_unix(sshd:auth): check pass; user unknown
Jun 14 04:34:29 De543256 sshd[5202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.197.53
Jun 14 04:34:29 De543256 sshd[5200]: Failed password for invalid user csserver from 175.6.64.169 port 54472 ssh2
Jun 14 04:34:29 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:29 De543256 sshd[5198]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 18471 ssh2 [preauth]
Jun 14 04:34:29 De543256 sshd[5198]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:34:29 De543256 sshd[5198]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:34:29 De543256 sshd[5200]: Received disconnect from 175.6.64.169: 11: Bye Bye [preauth]
Jun 14 04:34:31 De543256 sshd[5202]: Failed password for invalid user alex from 128.199.197.53 port 37774 ssh2
Jun 14 04:34:31 De543256 sshd[5202]: Received disconnect from 128.199.197.53: 11: Bye Bye [preauth]
Jun 14 04:34:41 De543256 sshd[5204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:34:43 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:44 De543256 sshd[5206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:34:46 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:34:46 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:49 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:34:49 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:51 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:34:52 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:53 De543256 sshd[5208]: Invalid user anti from 45.122.222.253
Jun 14 04:34:53 De543256 sshd[5208]: input_userauth_request: invalid user anti [preauth]
Jun 14 04:34:53 De543256 sshd[5208]: pam_unix(sshd:auth): check pass; user unknown
Jun 14 04:34:53 De543256 sshd[5208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.253
Jun 14 04:34:54 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:34:55 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:56 De543256 sshd[5208]: Failed password for invalid user anti from 45.122.222.253 port 43852 ssh2
Jun 14 04:34:56 De543256 sshd[5208]: Received disconnect from 45.122.222.253: 11: Bye Bye [preauth]
Jun 14 04:34:57 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:34:57 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:57 De543256 sshd[5204]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 36237 ssh2 [preauth]
Jun 14 04:34:57 De543256 sshd[5204]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:34:57 De543256 sshd[5204]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:00 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:35:00 De543256 sshd[5206]: Disconnecting: Too many authentication failures for root from 58.242.82.5 port 16274 ssh2 [preauth]
Jun 14 04:35:00 De543256 sshd[5206]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:00 De543256 sshd[5206]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:01 De543256 sshd[5210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:35:03 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:04 De543256 sshd[5212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:05 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:06 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:08 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:09 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:11 De543256 sshd[5214]: Invalid user vnc from 139.199.163.136
Jun 14 04:35:11 De543256 sshd[5214]: input_userauth_request: invalid user vnc [preauth]
Jun 14 04:35:11 De543256 sshd[5214]: pam_unix(sshd:auth): check pass; user unknown
Jun 14 04:35:11 De543256 sshd[5214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.163.136
Jun 14 04:35:11 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:11 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:13 De543256 sshd[5214]: Failed password for invalid user vnc from 139.199.163.136 port 44566 ssh2
Jun 14 04:35:13 De543256 sshd[5214]: Received disconnect from 139.199.163.136: 11: Bye Bye [preauth]
Jun 14 04:35:15 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:15 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:18 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:18 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:18 De543256 sshd[5210]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 62852 ssh2 [preauth]
Jun 14 04:35:18 De543256 sshd[5210]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:35:18 De543256 sshd[5210]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:21 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:21 De543256 sshd[5212]: Disconnecting: Too many authentication failures for root from 58.242.82.5 port 31132 ssh2 [preauth]
Jun 14 04:35:21 De543256 sshd[5212]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:21 De543256 sshd[5212]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:21 De543256 sshd[5216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:35:23 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:25 De543256 sshd[5218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:26 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:27 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:29 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:29 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:32 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:33 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:35 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:36 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:38 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:38 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:38 De543256 sshd[5216]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 16840 ssh2 [preauth]
Jun 14 04:35:38 De543256 sshd[5216]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:35:38 De543256 sshd[5216]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:41 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:41 De543256 sshd[5218]: Disconnecting: Too many authentication failures for root from 58.242.82.5 port 45883 ssh2 [preauth]
Jun 14 04:35:41 De543256 sshd[5218]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:41 De543256 sshd[5218]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:45 De543256 sshd[5222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:46 De543256 sshd[5222]: Failed password for root from 58.242.82.5 port 57306 ssh2
Jun 14 04:35:49 De543256 sshd[5222]: Failed password for root from 58.242.82.5 port 57306 ssh2
Jun 14 04:35:53 De543256 sshd[5222]: Failed password for root from 58.242.82.5 port 57306 ssh2
Jun 14 04:35:55 De543256 sshd[5222]: Failed password for root from 58.242.82.5 port 57306 ssh2
Jun 14 04:35:59 De543256 sshd[5222]: Failed password for root from 58.242.82.5 port 57306 ssh2
Jun 14 04:36:15 De543256 sshd[5226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:36:16 De543256 sshd[5228]: reverse mapping checking getaddrinfo for 65-150-164-181.fibertel.com.ar [181.164.150.65] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 14 04:36:16 De543256 sshd[5228]: Invalid user testing from 181.164.150.65
Jun 14 04:36:16 De543256 sshd[5228]: input_userauth_request: invalid user testing [preauth]
 
Last edited:

kuhi

Well-Known Member
Joined
Aug 26, 2012
Messages
63
Reaction score
12
View attachment 36988

I have checked the logs and are not satisfactory. Someone tried to break into the database for 8 hours.

then in the morning the server was already off for unknown reasons

Will you give some commands on linux debian 8 to secure the attacks? and kicking the server? because my hands are already falling.

I wrote here only a small fragment of what I have in the logs for one night.

Serwer Close :

Rich (BB code):
Jun 13 23:39:16 De543256 sshd[19222]: Failed password for invalid user tomcat from 51.75.123.124 port 41280 ssh2
Jun 13 23:39:16 De543256  sshd[19222]: Received disconnect from 51.75.123.124: 11: Normal Shutdown, Thank you for playing [preauth]
Jun 13 23:39:25 De543256  systemd-logind[463]: Power key pressed.
Jun 13 23:39:25 De543256  systemd-logind[463]: Powering Off...
Jun 13 23:39:25 De543256  systemd-logind[463]: System is powering down.





Rich (BB code):
Jun 14 04:32:00 De543256 sshd[5174]: Failed password for root from 218.92.0.132 port 6701 ssh2
Jun 14 04:32:03 De543256 sshd[5174]: Failed password for root from 218.92.0.132 port 6701 ssh2
Jun 14 04:32:03 De543256 sshd[5174]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 6701 ssh2 [preauth]
Jun 14 04:32:03 De543256 sshd[5174]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:03 De543256 sshd[5174]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:32:06 De543256 sshd[5180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:08 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:10 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:13 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:16 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:19 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:22 De543256 sshd[5180]: Failed password for root from 218.92.0.132 port 27881 ssh2
Jun 14 04:32:22 De543256 sshd[5180]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 27881 ssh2 [preauth]
Jun 14 04:32:22 De543256 sshd[5180]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:22 De543256 sshd[5180]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:32:23 De543256 sshd[5182]: reverse mapping checking getaddrinfo for 212445.cloudwaysapps.com [128.199.197.53] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 14 04:32:23 De543256 sshd[5182]: Invalid user andy from 128.199.197.53
Jun 14 04:32:23 De543256 sshd[5182]: input_userauth_request: invalid user andy [preauth]
Jun 14 04:32:23 De543256 sshd[5182]: pam_unix(sshd:auth): check pass; user unknown
Jun 14 04:32:23 De543256 sshd[5182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.197.53
Jun 14 04:32:25 De543256 sshd[5182]: Failed password for invalid user andy from 128.199.197.53 port 55401 ssh2
Jun 14 04:32:25 De543256 sshd[5182]: Received disconnect from 128.199.197.53: 11: Bye Bye [preauth]
Jun 14 04:32:26 De543256 sshd[5184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:28 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:31 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:34 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:37 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:39 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:42 De543256 sshd[5184]: Failed password for root from 218.92.0.132 port 46162 ssh2
Jun 14 04:32:42 De543256 sshd[5184]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 46162 ssh2 [preauth]
Jun 14 04:32:42 De543256 sshd[5184]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:42 De543256 sshd[5184]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:32:46 De543256 sshd[5186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:32:48 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:32:51 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:32:54 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:32:56 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:32:59 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:33:02 De543256 sshd[5186]: Failed password for root from 218.92.0.132 port 64610 ssh2
Jun 14 04:33:02 De543256 sshd[5186]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 64610 ssh2 [preauth]
Jun 14 04:33:02 De543256 sshd[5186]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:02 De543256 sshd[5186]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:33:09 De543256 sshd[5188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:11 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:12 De543256 sshd[5190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.163.136  user=root
Jun 14 04:33:14 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:14 De543256 sshd[5190]: Failed password for root from 139.199.163.136 port 53508 ssh2
Jun 14 04:33:15 De543256 sshd[5190]: Received disconnect from 139.199.163.136: 11: Bye Bye [preauth]
Jun 14 04:33:18 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:20 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:23 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:26 De543256 sshd[5188]: Failed password for root from 218.92.0.132 port 19051 ssh2
Jun 14 04:33:26 De543256 sshd[5188]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 19051 ssh2 [preauth]
Jun 14 04:33:26 De543256 sshd[5188]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:26 De543256 sshd[5188]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:33:30 De543256 sshd[5192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:31 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:34 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:36 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:39 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:41 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:43 De543256 sshd[5192]: Failed password for root from 218.92.0.132 port 42481 ssh2
Jun 14 04:33:43 De543256 sshd[5192]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 42481 ssh2 [preauth]
Jun 14 04:33:43 De543256 sshd[5192]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:43 De543256 sshd[5192]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:33:47 De543256 sshd[5194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:33:50 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:33:54 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:33:56 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:33:58 De543256 sshd[5196]: reverse mapping checking getaddrinfo for 65-150-164-181.fibertel.com.ar [181.164.150.65] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 14 04:33:58 De543256 sshd[5196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.150.65  user=root
Jun 14 04:33:58 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:34:00 De543256 sshd[5196]: Failed password for root from 181.164.150.65 port 42850 ssh2
Jun 14 04:34:00 De543256 sshd[5196]: Received disconnect from 181.164.150.65: 11: Bye Bye [preauth]
Jun 14 04:34:02 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:34:05 De543256 sshd[5194]: Failed password for root from 218.92.0.132 port 58616 ssh2
Jun 14 04:34:05 De543256 sshd[5194]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 58616 ssh2 [preauth]
Jun 14 04:34:05 De543256 sshd[5194]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:34:05 De543256 sshd[5194]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:34:13 De543256 sshd[5198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:34:15 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:18 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:21 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:24 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:27 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:27 De543256 sshd[5200]: Invalid user csserver from 175.6.64.169
Jun 14 04:34:27 De543256 sshd[5200]: input_userauth_request: invalid user csserver [preauth]
Jun 14 04:34:27 De543256 sshd[5200]: pam_unix(sshd:auth): check pass; user unknown
Jun 14 04:34:27 De543256 sshd[5200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.64.169
Jun 14 04:34:29 De543256 sshd[5202]: reverse mapping checking getaddrinfo for 212445.cloudwaysapps.com [128.199.197.53] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 14 04:34:29 De543256 sshd[5202]: Invalid user alex from 128.199.197.53
Jun 14 04:34:29 De543256 sshd[5202]: input_userauth_request: invalid user alex [preauth]
Jun 14 04:34:29 De543256 sshd[5202]: pam_unix(sshd:auth): check pass; user unknown
Jun 14 04:34:29 De543256 sshd[5202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.197.53
Jun 14 04:34:29 De543256 sshd[5200]: Failed password for invalid user csserver from 175.6.64.169 port 54472 ssh2
Jun 14 04:34:29 De543256 sshd[5198]: Failed password for root from 218.92.0.132 port 18471 ssh2
Jun 14 04:34:29 De543256 sshd[5198]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 18471 ssh2 [preauth]
Jun 14 04:34:29 De543256 sshd[5198]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:34:29 De543256 sshd[5198]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:34:29 De543256 sshd[5200]: Received disconnect from 175.6.64.169: 11: Bye Bye [preauth]
Jun 14 04:34:31 De543256 sshd[5202]: Failed password for invalid user alex from 128.199.197.53 port 37774 ssh2
Jun 14 04:34:31 De543256 sshd[5202]: Received disconnect from 128.199.197.53: 11: Bye Bye [preauth]
Jun 14 04:34:41 De543256 sshd[5204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:34:43 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:44 De543256 sshd[5206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:34:46 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:34:46 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:49 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:34:49 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:51 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:34:52 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:53 De543256 sshd[5208]: Invalid user anti from 45.122.222.253
Jun 14 04:34:53 De543256 sshd[5208]: input_userauth_request: invalid user anti [preauth]
Jun 14 04:34:53 De543256 sshd[5208]: pam_unix(sshd:auth): check pass; user unknown
Jun 14 04:34:53 De543256 sshd[5208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.122.222.253
Jun 14 04:34:54 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:34:55 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:56 De543256 sshd[5208]: Failed password for invalid user anti from 45.122.222.253 port 43852 ssh2
Jun 14 04:34:56 De543256 sshd[5208]: Received disconnect from 45.122.222.253: 11: Bye Bye [preauth]
Jun 14 04:34:57 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:34:57 De543256 sshd[5204]: Failed password for root from 218.92.0.132 port 36237 ssh2
Jun 14 04:34:57 De543256 sshd[5204]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 36237 ssh2 [preauth]
Jun 14 04:34:57 De543256 sshd[5204]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:34:57 De543256 sshd[5204]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:00 De543256 sshd[5206]: Failed password for root from 58.242.82.5 port 16274 ssh2
Jun 14 04:35:00 De543256 sshd[5206]: Disconnecting: Too many authentication failures for root from 58.242.82.5 port 16274 ssh2 [preauth]
Jun 14 04:35:00 De543256 sshd[5206]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:00 De543256 sshd[5206]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:01 De543256 sshd[5210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:35:03 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:04 De543256 sshd[5212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:05 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:06 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:08 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:09 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:11 De543256 sshd[5214]: Invalid user vnc from 139.199.163.136
Jun 14 04:35:11 De543256 sshd[5214]: input_userauth_request: invalid user vnc [preauth]
Jun 14 04:35:11 De543256 sshd[5214]: pam_unix(sshd:auth): check pass; user unknown
Jun 14 04:35:11 De543256 sshd[5214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.163.136
Jun 14 04:35:11 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:11 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:13 De543256 sshd[5214]: Failed password for invalid user vnc from 139.199.163.136 port 44566 ssh2
Jun 14 04:35:13 De543256 sshd[5214]: Received disconnect from 139.199.163.136: 11: Bye Bye [preauth]
Jun 14 04:35:15 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:15 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:18 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:18 De543256 sshd[5210]: Failed password for root from 218.92.0.132 port 62852 ssh2
Jun 14 04:35:18 De543256 sshd[5210]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 62852 ssh2 [preauth]
Jun 14 04:35:18 De543256 sshd[5210]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:35:18 De543256 sshd[5210]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:21 De543256 sshd[5212]: Failed password for root from 58.242.82.5 port 31132 ssh2
Jun 14 04:35:21 De543256 sshd[5212]: Disconnecting: Too many authentication failures for root from 58.242.82.5 port 31132 ssh2 [preauth]
Jun 14 04:35:21 De543256 sshd[5212]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:21 De543256 sshd[5212]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:21 De543256 sshd[5216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:35:23 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:25 De543256 sshd[5218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:26 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:27 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:29 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:29 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:32 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:33 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:35 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:36 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:38 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:38 De543256 sshd[5216]: Failed password for root from 218.92.0.132 port 16840 ssh2
Jun 14 04:35:38 De543256 sshd[5216]: Disconnecting: Too many authentication failures for root from 218.92.0.132 port 16840 ssh2 [preauth]
Jun 14 04:35:38 De543256 sshd[5216]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.132  user=root
Jun 14 04:35:38 De543256 sshd[5216]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:41 De543256 sshd[5218]: Failed password for root from 58.242.82.5 port 45883 ssh2
Jun 14 04:35:41 De543256 sshd[5218]: Disconnecting: Too many authentication failures for root from 58.242.82.5 port 45883 ssh2 [preauth]
Jun 14 04:35:41 De543256 sshd[5218]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:41 De543256 sshd[5218]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 14 04:35:45 De543256 sshd[5222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:35:46 De543256 sshd[5222]: Failed password for root from 58.242.82.5 port 57306 ssh2
Jun 14 04:35:49 De543256 sshd[5222]: Failed password for root from 58.242.82.5 port 57306 ssh2
Jun 14 04:35:53 De543256 sshd[5222]: Failed password for root from 58.242.82.5 port 57306 ssh2
Jun 14 04:35:55 De543256 sshd[5222]: Failed password for root from 58.242.82.5 port 57306 ssh2
Jun 14 04:35:59 De543256 sshd[5222]: Failed password for root from 58.242.82.5 port 57306 ssh2
Jun 14 04:36:15 De543256 sshd[5226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.5  user=root
Jun 14 04:36:16 De543256 sshd[5228]: reverse mapping checking getaddrinfo for 65-150-164-181.fibertel.com.ar [181.164.150.65] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 14 04:36:16 De543256 sshd[5228]: Invalid user testing from 181.164.150.65
Jun 14 04:36:16 De543256 sshd[5228]: input_userauth_request: invalid user testing [preauth]
If you don't want to get mad dealing with this, I would take a look at Fail2ban (http://www.fail2ban.org/wiki/index.php/Main_Page)

If you don't want any third party tools, check this:

1) Add the following line to /etc/ssh/sshd_config

MaxAuthTries 1

This will allow only 1 login attempt per connection. Restart the ssh server.

2) Add the following firewall rules

Create a new chain

iptables -N SSHATTACK
iptables -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
iptables -A SSHATTACK -j DROP

Block each IP address for 120 seconds which establishes more than three connections within 120 seconds. In case of the fourth connection attempt, the request gets delegated to the SSHATTACKchain, which is responsible for logging the possible ssh attack and finally drops the request.

iptables -A INPUT -i eth0 -p tcp -m state --dport 22 --state NEW -m recent --set
iptables -A INPUT -i eth0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK

3) See log entries of possible ssh attacks in /var/log/syslog
 
OP
D

Dorianek

Member
Joined
Nov 29, 2018
Messages
108
Reaction score
3
Thank you so much for your help.

I will have a log on the eye if something disturbing happens then I will speak.

Once again, thank you very much for your help. Kuhi
 

Merrok

Magic Tomato
Premium User
Joined
Jun 18, 2009
Messages
42
Reaction score
34
Also a few basic best practice rules:

Disable the root login on your server completely (of course add a new user with sudo privileges before you do so)
Disable password login on your server and only allow SSH-Key logins.
Close port 3306. You only need access from localhost anyway so no need to open that port. This prevents anyone from even getting the possibility of trying to login to your database.
 

kuhi

Well-Known Member
Joined
Aug 26, 2012
Messages
63
Reaction score
12
Also a few basic best practice rules:

Disable the root login on your server completely (of course add a new user with sudo privileges before you do so)
Disable password login on your server and only allow SSH-Key logins.
Close port 3306. You only need access from localhost anyway so no need to open that port. This prevents anyone from even getting the possibility of trying to login to your database.
Good basics, but not everyone can disable port 3306, I suggest to filter it instead of disable
 

kuhi

Well-Known Member
Joined
Aug 26, 2012
Messages
63
Reaction score
12
Thank you so much for your help.

I will have a log on the eye if something disturbing happens then I will speak.

Once again, thank you very much for your help. Kuhi
Please keep us updated this is very interesting for me like waiting for your favorite series new episode xD
 
Top