PaulDotCom mailing list archives
Ssh break in attempt
From: iamnowonmai at gmail.com (iamnowonmai)
Date: Wed, 10 Mar 2010 20:43:23 -0500
Check the log review checklist at HTTP://chuvakin.blogspot.com Brett <cgkades at gmail.com> wrote:
I realized I haven't checked my logs on my new server ( bad me ). But I figured I wouldn't find anything, it's only my personal server. I checked the logs today to find thousands of login attempts. Most tried to brute my root password, though I don't have a root user. There were a bunch of user name attempts for what looked like a name dictionary attack. Some were from busness static ip's and there were even some from perdu.edu Now for my questions. What should I look for to find out if they actually got in? Parse the auth log for those ip's for a successfull login? I also run a web server on that machine, is there something I can look for to see If they got into that? Also is there any recourse I have? Or should I just let it go and harden my server even more? Sent from my iPhone _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Ssh break in attempt Brett (Mar 10)
- Ssh break in attempt Jody & Jennifer McCluggage (Mar 10)
- Ssh break in attempt Matt Erasmus (Mar 10)
- Ssh break in attempt Dimitrios Kapsalis (Mar 11)
- Ssh break in attempt Brett (Mar 11)
- Ssh break in attempt Joshua Smith (Mar 11)
- Ssh break in attempt Jody & Jennifer McCluggage (Mar 11)
- Ssh break in attempt PJ McGarvey (Mar 12)
- Ssh break in attempt Dimitrios Kapsalis (Mar 11)
- <Possible follow-ups>
- Ssh break in attempt iamnowonmai (Mar 10)