Ssh break in attempt

[iamnowonmai at gmail.com (iamnowonmai)]

Check the log review checklist at HTTP://chuvakin.blogspot.com

Brett <cgkades at gmail.com> wrote:

> I realized I haven't checked my logs on my new server ( bad me ). But  
> I figured I wouldn't find anything, it's only my personal server. I  
> checked the logs today to find thousands of login attempts. Most tried  
> to brute my root password, though I don't have a root user. There were  
> a bunch of user name attempts for what looked like a name dictionary  
> attack. Some were from busness static ip's and there were even some  
> from perdu.edu
>
> Now for my questions. What should I look for to find out if they  
> actually got in? Parse the auth log for those ip's for a successfull  
> login? I also run a web server on that machine, is there something I  
> can look for to see If they got into that? Also is there any recourse  
> I have? Or should I just let it go and harden my server even more?
>
> Sent from my iPhone
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com