Is it just me or were people trying to hack my server?
5,913
Trying implies intent. Clearly something tried, but that it was someone is bold and probably incorrect: it's more likely a scripted attempt from a zombie running on 62.93.6.226
and 188.165.243.46
possibly connect via a botnet.
In other news, disable password auth in /etc/ssh/sshd_config
and learn to use public keys.
Related videos on Youtube
Author by
user173118
Updated on September 18, 2022Comments
-
user173118 over 1 year
Is this kind of hacking attempts normal for a regular non-important server? I just checked my auth.log today.
Jul 1 15:02:22 webserver sshd[5094]: Did not receive identification string from 188.165.243.46 Jul 1 15:03:51 webserver sshd[5095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=iota10.iotanet.net user=root Jul 1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user Jul 1 15:03:54 webserver sshd[5095]: Failed password for root from 188.165.243.46 port 53281 ssh2 Jul 1 15:03:54 webserver sshd[5095]: Received disconnect from 188.165.243.46: 11: Bye Bye [preauth] Jul 1 16:33:07 webserver sshd[5302]: Invalid user guest from 62.93.6.226 Jul 1 16:33:07 webserver sshd[5302]: input_userauth_request: invalid user guest [preauth] Jul 1 16:33:07 webserver sshd[5302]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:07 webserver sshd[5302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:07 webserver sshd[5302]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:07 webserver sshd[5302]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:09 webserver sshd[5302]: Failed password for invalid user guest from 62.93.6.226 port 59027 ssh2 Jul 1 16:33:09 webserver sshd[5302]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:10 webserver sshd[5304]: Invalid user guest from 62.93.6.226 Jul 1 16:33:10 webserver sshd[5304]: input_userauth_request: invalid user guest [preauth] Jul 1 16:33:10 webserver sshd[5304]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:10 webserver sshd[5304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:10 webserver sshd[5304]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:10 webserver sshd[5304]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:12 webserver sshd[5304]: Failed password for invalid user guest from 62.93.6.226 port 60980 ssh2 Jul 1 16:33:13 webserver sshd[5304]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:14 webserver sshd[5306]: Invalid user guest from 62.93.6.226 Jul 1 16:33:14 webserver sshd[5306]: input_userauth_request: invalid user guest [preauth] Jul 1 16:33:14 webserver sshd[5306]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:14 webserver sshd[5306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:14 webserver sshd[5306]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:14 webserver sshd[5306]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:16 webserver sshd[5306]: Failed password for invalid user guest from 62.93.6.226 port 34999 ssh2 Jul 1 16:33:16 webserver sshd[5306]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:17 webserver sshd[5308]: Invalid user test from 62.93.6.226 Jul 1 16:33:17 webserver sshd[5308]: input_userauth_request: invalid user test [preauth] Jul 1 16:33:17 webserver sshd[5308]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:17 webserver sshd[5308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:17 webserver sshd[5308]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:17 webserver sshd[5308]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:19 webserver sshd[5308]: Failed password for invalid user test from 62.93.6.226 port 36760 ssh2 Jul 1 16:33:19 webserver sshd[5308]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:20 webserver sshd[5310]: Invalid user test from 62.93.6.226 Jul 1 16:33:20 webserver sshd[5310]: input_userauth_request: invalid user test [preauth] Jul 1 16:33:20 webserver sshd[5310]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:20 webserver sshd[5310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:20 webserver sshd[5310]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:20 webserver sshd[5310]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:22 webserver sshd[5310]: Failed password for invalid user test from 62.93.6.226 port 38595 ssh2 Jul 1 16:33:22 webserver sshd[5310]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:23 webserver sshd[5312]: Invalid user test from 62.93.6.226 Jul 1 16:33:23 webserver sshd[5312]: input_userauth_request: invalid user test [preauth] Jul 1 16:33:23 webserver sshd[5312]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:23 webserver sshd[5312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:23 webserver sshd[5312]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:23 webserver sshd[5312]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:26 webserver sshd[5312]: Failed password for invalid user test from 62.93.6.226 port 40238 ssh2 Jul 1 16:33:26 webserver sshd[5312]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:27 webserver sshd[5314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de user=ftp Jul 1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user Jul 1 16:33:29 webserver sshd[5314]: Failed password for ftp from 62.93.6.226 port 42089 ssh2 Jul 1 16:33:29 webserver sshd[5314]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:30 webserver sshd[5316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de user=ftp Jul 1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user Jul 1 16:33:32 webserver sshd[5316]: Failed password for ftp from 62.93.6.226 port 43379 ssh2 Jul 1 16:33:32 webserver sshd[5316]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:33 webserver sshd[5318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de user=ftp Jul 1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user Jul 1 16:33:35 webserver sshd[5318]: Failed password for ftp from 62.93.6.226 port 44670 ssh2 Jul 1 16:33:35 webserver sshd[5318]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:36 webserver sshd[5320]: Invalid user ftpuser from 62.93.6.226 Jul 1 16:33:36 webserver sshd[5320]: input_userauth_request: invalid user ftpuser [preauth] Jul 1 16:33:36 webserver sshd[5320]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:36 webserver sshd[5320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:36 webserver sshd[5320]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:36 webserver sshd[5320]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:38 webserver sshd[5320]: Failed password for invalid user ftpuser from 62.93.6.226 port 46318 ssh2 Jul 1 16:33:38 webserver sshd[5320]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:39 webserver sshd[5322]: Invalid user ftpuser from 62.93.6.226 Jul 1 16:33:39 webserver sshd[5322]: input_userauth_request: invalid user ftpuser [preauth] Jul 1 16:33:39 webserver sshd[5322]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:39 webserver sshd[5322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:39 webserver sshd[5322]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:39 webserver sshd[5322]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:41 webserver sshd[5322]: Failed password for invalid user ftpuser from 62.93.6.226 port 47653 ssh2 Jul 1 16:33:41 webserver sshd[5322]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:43 webserver sshd[5324]: Invalid user ftpuser from 62.93.6.226 Jul 1 16:33:43 webserver sshd[5324]: input_userauth_request: invalid user ftpuser [preauth] Jul 1 16:33:43 webserver sshd[5324]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:43 webserver sshd[5324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:43 webserver sshd[5324]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:43 webserver sshd[5324]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:45 webserver sshd[5324]: Failed password for invalid user ftpuser from 62.93.6.226 port 49269 ssh2 Jul 1 16:33:45 webserver sshd[5324]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:46 webserver sshd[5326]: Invalid user library from 62.93.6.226 Jul 1 16:33:46 webserver sshd[5326]: input_userauth_request: invalid user library [preauth] Jul 1 16:33:46 webserver sshd[5326]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:46 webserver sshd[5326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:46 webserver sshd[5326]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:46 webserver sshd[5326]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:48 webserver sshd[5326]: Failed password for invalid user library from 62.93.6.226 port 50591 ssh2 Jul 1 16:33:48 webserver sshd[5326]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:49 webserver sshd[5328]: Invalid user library from 62.93.6.226 Jul 1 16:33:49 webserver sshd[5328]: input_userauth_request: invalid user library [preauth] Jul 1 16:33:49 webserver sshd[5328]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:49 webserver sshd[5328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:49 webserver sshd[5328]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:49 webserver sshd[5328]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:51 webserver sshd[5328]: Failed password for invalid user library from 62.93.6.226 port 51906 ssh2 Jul 1 16:33:51 webserver sshd[5328]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:52 webserver sshd[5330]: Invalid user library from 62.93.6.226 Jul 1 16:33:52 webserver sshd[5330]: input_userauth_request: invalid user library [preauth] Jul 1 16:33:52 webserver sshd[5330]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:33:52 webserver sshd[5330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:33:52 webserver sshd[5330]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:52 webserver sshd[5330]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:54 webserver sshd[5330]: Failed password for invalid user library from 62.93.6.226 port 53246 ssh2 Jul 1 16:33:55 webserver sshd[5330]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:56 webserver sshd[5332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de user=mysql Jul 1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user Jul 1 16:33:58 webserver sshd[5332]: Failed password for mysql from 62.93.6.226 port 54760 ssh2 Jul 1 16:33:58 webserver sshd[5332]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:33:59 webserver sshd[5334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de user=mysql Jul 1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user Jul 1 16:34:02 webserver sshd[5334]: Failed password for mysql from 62.93.6.226 port 56357 ssh2 Jul 1 16:34:02 webserver sshd[5334]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:34:03 webserver sshd[5336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de user=mysql Jul 1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user Jul 1 16:34:05 webserver sshd[5336]: Failed password for mysql from 62.93.6.226 port 58251 ssh2 Jul 1 16:34:05 webserver sshd[5336]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:34:06 webserver sshd[5338]: Invalid user support from 62.93.6.226 Jul 1 16:34:06 webserver sshd[5338]: input_userauth_request: invalid user support [preauth] Jul 1 16:34:06 webserver sshd[5338]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:34:06 webserver sshd[5338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:34:06 webserver sshd[5338]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:34:06 webserver sshd[5338]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:34:08 webserver sshd[5338]: Failed password for invalid user support from 62.93.6.226 port 59741 ssh2 Jul 1 16:34:08 webserver sshd[5338]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth] Jul 1 16:34:10 webserver sshd[5340]: Invalid user support from 62.93.6.226 Jul 1 16:34:10 webserver sshd[5340]: input_userauth_request: invalid user support [preauth] Jul 1 16:34:10 webserver sshd[5340]: pam_unix(sshd:auth): check pass; user unknown Jul 1 16:34:10 webserver sshd[5340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de Jul 1 16:34:10 webserver sshd[5340]: pam_winbind(sshd:auth): getting password (0x00000388) Jul 1 16:34:10 webserver sshd[5340]: pam_winbind(sshd:auth): pam_get_item returned a password Jul 1 16:34:12 webserver sshd[5340]: Failed password for invalid user support from 62.93.6.226 port 33112 ssh2
-
Admin almost 11 years
-
-
Thomas Ward almost 11 years@user173118 Also, I suggest you edit
/etc/ssh/sshd_config
and setPermitRootLogin
tono
, and have a separate user account who has sudo access on your server, rather than using just the root user. That will prevent someone from gaining root privs by SSH brute forcing, even if they guess your password. As well, I suggest you use SSH keys instead of password auth, and setPasswordAuthentication
tono
and uncomment that line, which will disable passcode authing.