Others than admin trying to access our server

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
nurais
Posts: 1
Joined: 2009/10/07 04:39:01

Others than admin trying to access our server

Postby nurais » 2010/12/17 01:02:22

Dear Sir,

As the security log below...is there someone outside our networking trying to acccess our centos server?
Can we check the origin of this person??

Dec 11 03:37:21 mx1 sshd[6345]: input_userauth_request: invalid user ts3
Dec 11 03:37:21 mx1 sshd[6345]: Failed keyboard-interactive for invalid user ts3 from ::ffff:84.38.67.96 port 58793 ssh2
Dec 11 11:37:23 mx1 sshd[6344]: Failed password for invalid user ts3 from ::ffff:84.38.67.96 port 58793 ssh2
Dec 11 03:37:23 mx1 sshd[6345]: Failed password for invalid user ts3 from ::ffff:84.38.67.96 port 58793 ssh2
Dec 11 03:37:24 mx1 sshd[6345]: Received disconnect from ::ffff:84.38.67.96: 11: Bye Bye
Dec 11 11:37:30 mx1 sshd[6354]: Invalid user ts3 from ::ffff:84.38.67.96
Dec 11 03:37:30 mx1 sshd[6355]: input_userauth_request: invalid user ts3
Dec 11 03:37:30 mx1 sshd[6355]: Failed keyboard-interactive for invalid user ts3 from ::ffff:84.38.67.96 port 58986 ssh2
Dec 11 11:37:33 mx1 sshd[6354]: Failed password for invalid user ts3 from ::ffff:84.38.67.96 port 58986 ssh2
Dec 11 03:37:33 mx1 sshd[6355]: Failed password for invalid user ts3 from ::ffff:84.38.67.96 port 58986 ssh2
Dec 11 03:37:33 mx1 sshd[6355]: Received disconnect from ::ffff:84.38.67.96: 11: Bye Bye
Dec 11 11:37:40 mx1 sshd[6364]: Invalid user ts from ::ffff:84.38.67.96
Dec 11 03:37:40 mx1 sshd[6365]: input_userauth_request: invalid user ts
Dec 11 03:37:40 mx1 sshd[6365]: Failed keyboard-interactive for invalid user ts from ::ffff:84.38.67.96 port 59187 ssh2
Dec 11 11:37:42 mx1 sshd[6364]: Failed password for invalid user ts from ::ffff:84.38.67.96 port 59187 ssh2
Dec 11 03:37:42 mx1 sshd[6365]: Failed password for invalid user ts from ::ffff:84.38.67.96 port 59187 ssh2
Dec 11 03:37:43 mx1 sshd[6365]: Received disconnect from ::ffff:84.38.67.96: 11: Bye Bye
Dec 11 11:37:49 mx1 sshd[6378]: Invalid user ts from ::ffff:84.38.67.96
Dec 11 03:37:49 mx1 sshd[6379]: input_userauth_request: invalid user ts
Dec 11 03:37:49 mx1 sshd[6379]: Failed keyboard-interactive for invalid user ts from ::ffff:84.38.67.96 port 59376 ssh2
Dec 11 11:37:52 mx1 sshd[6378]: Failed password for invalid user ts from ::ffff:84.38.67.96 port 59376 ssh2
Dec 11 03:37:52 mx1 sshd[6379]: Failed password for invalid user ts from ::ffff:84.38.67.96 port 59376 ssh2
Dec 11 03:37:52 mx1 sshd[6379]: Received disconnect from ::ffff:84.38.67.96: 11: Bye Bye
Dec 11 11:37:59 mx1 sshd[6389]: Invalid user tweety from ::ffff:84.38.67.96
Dec 11 03:37:59 mx1 sshd[6390]: input_userauth_request: invalid user tweety
Dec 11 03:37:59 mx1 sshd[6390]: Failed keyboard-interactive for invalid user tweety from ::ffff:84.38.67.96 port 59566 ssh2
Dec 11 11:38:01 mx1 sshd[6389]: Failed password for invalid user tweety from ::ffff:84.38.67.96 port 59566 ssh2
Dec 11 03:38:01 mx1 sshd[6390]: Failed password for invalid user tweety from ::ffff:84.38.67.96 port 59566 ssh2

majun
Posts: 140
Joined: 2010/03/11 11:33:59

Re: Others than admin trying to access our server

Postby majun » 2010/12/17 13:38:35

Is your server accessible directly from the Internet? If so then that's absolutely normal. It's a dictionary attack performed by bots trying to find passwordless users or users with username=password on your server. As long as you don't have neither you're fine.

User avatar
toracat
Forum Moderator
Posts: 7230
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Others than admin trying to access our server

Postby toracat » 2010/12/17 16:43:32

You can find some hints on how to secure SSH in this CentOS wiki:

http://wiki.centos.org/HowTos/Network/SecuringSSH