login failures
Marko Cupać
marko.cupac at mimar.rs
Tue Nov 19 08:15:15 UTC 2013
I am getting a-mail with security run output from one of my 9.2-RELEASE
servers whose primary role is mysql server:
sql1.kappastar.com login failures:
Nov 18 02:11:09 sql1 sshd[58619]: Invalid user this-is-not-an-attack
from 188.95.234.6 Nov 18 02:11:17 sql1 sshd[58621]: Invalid user
this-is-not-an-attack from 188.95.234.6 Nov 18 04:54:10 sql1 sshd
[59190]: reverse mapping checking getaddrinfo for
189.26.255.11.static.gvt.net.br [189.26.255.11] failed - POSSIBLE
BREAK-IN ATTEMPT! Nov 18 04:54:10 sql1 sshd[59190]: Invalid user info
from 189.26.255.11 Nov 18 21:18:05 sql1 sshd[60883]: reverse mapping
checking getaddrinfo for 210.213.119.53.pldt.net [210.213.119.53]
failed - POSSIBLE BREAK-IN ATTEMPT! Nov 18 21:18:09 sql1 sshd[60885]:
reverse mapping checking getaddrinfo for 210.213.119.53.pldt.net
[210.213.119.53] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 18 21:18:16
sql1 sshd[60887]: reverse mapping checking getaddrinfo for
210.213.119.53.pldt.net [210.213.119.53] failed - POSSIBLE BREAK-IN
ATTEMPT! Nov 18 23:05:39 sql1 sshd[61075]: Invalid user ____ from
208.83.31.22
However, I do not see anything in auth.log. Also, this should not
happen at all as this host is in DMZ behind the firewall which does not
allow ssh connections to it.
How should I start troubleshooting this?
--
Marko Cupać
More information about the freebsd-stable
mailing list