Is it just me or were people trying to hack my server?

server ssh connection webserver
5,913

Trying implies intent. Clearly something tried, but that it was someone is bold and probably incorrect: it's more likely a scripted attempt from a zombie running on 62.93.6.226 and 188.165.243.46 possibly connect via a botnet.

In other news, disable password auth in /etc/ssh/sshd_config and learn to use public keys.

Share:
5,913

Related videos on Youtube

user173118
Author by

user173118

Updated on September 18, 2022

Comments

  • user173118
    user173118 over 1 year

    Is this kind of hacking attempts normal for a regular non-important server? I just checked my auth.log today.

    Jul  1 15:02:22 webserver sshd[5094]: Did not receive identification string from 188.165.243.46
Jul  1 15:03:51 webserver sshd[5095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=iota10.iotanet.net  user=root
Jul  1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 15:03:54 webserver sshd[5095]: Failed password for root from 188.165.243.46 port 53281 ssh2
Jul  1 15:03:54 webserver sshd[5095]: Received disconnect from 188.165.243.46: 11: Bye Bye [preauth]
Jul  1 16:33:07 webserver sshd[5302]: Invalid user guest from 62.93.6.226
Jul  1 16:33:07 webserver sshd[5302]: input_userauth_request: invalid user guest [preauth]
Jul  1 16:33:07 webserver sshd[5302]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:07 webserver sshd[5302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:07 webserver sshd[5302]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:07 webserver sshd[5302]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:09 webserver sshd[5302]: Failed password for invalid user guest from 62.93.6.226 port 59027 ssh2
Jul  1 16:33:09 webserver sshd[5302]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:10 webserver sshd[5304]: Invalid user guest from 62.93.6.226
Jul  1 16:33:10 webserver sshd[5304]: input_userauth_request: invalid user guest [preauth]
Jul  1 16:33:10 webserver sshd[5304]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:10 webserver sshd[5304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:10 webserver sshd[5304]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:10 webserver sshd[5304]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:12 webserver sshd[5304]: Failed password for invalid user guest from 62.93.6.226 port 60980 ssh2
Jul  1 16:33:13 webserver sshd[5304]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:14 webserver sshd[5306]: Invalid user guest from 62.93.6.226
Jul  1 16:33:14 webserver sshd[5306]: input_userauth_request: invalid user guest [preauth]
Jul  1 16:33:14 webserver sshd[5306]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:14 webserver sshd[5306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:14 webserver sshd[5306]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:14 webserver sshd[5306]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:16 webserver sshd[5306]: Failed password for invalid user guest from 62.93.6.226 port 34999 ssh2
Jul  1 16:33:16 webserver sshd[5306]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:17 webserver sshd[5308]: Invalid user test from 62.93.6.226
Jul  1 16:33:17 webserver sshd[5308]: input_userauth_request: invalid user test [preauth]
Jul  1 16:33:17 webserver sshd[5308]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:17 webserver sshd[5308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:17 webserver sshd[5308]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:17 webserver sshd[5308]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:19 webserver sshd[5308]: Failed password for invalid user test from 62.93.6.226 port 36760 ssh2
Jul  1 16:33:19 webserver sshd[5308]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:20 webserver sshd[5310]: Invalid user test from 62.93.6.226
Jul  1 16:33:20 webserver sshd[5310]: input_userauth_request: invalid user test [preauth]
Jul  1 16:33:20 webserver sshd[5310]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:20 webserver sshd[5310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:20 webserver sshd[5310]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:20 webserver sshd[5310]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:22 webserver sshd[5310]: Failed password for invalid user test from 62.93.6.226 port 38595 ssh2
Jul  1 16:33:22 webserver sshd[5310]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:23 webserver sshd[5312]: Invalid user test from 62.93.6.226
Jul  1 16:33:23 webserver sshd[5312]: input_userauth_request: invalid user test [preauth]
Jul  1 16:33:23 webserver sshd[5312]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:23 webserver sshd[5312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:23 webserver sshd[5312]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:23 webserver sshd[5312]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:26 webserver sshd[5312]: Failed password for invalid user test from 62.93.6.226 port 40238 ssh2
Jul  1 16:33:26 webserver sshd[5312]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:27 webserver sshd[5314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=ftp
Jul  1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:29 webserver sshd[5314]: Failed password for ftp from 62.93.6.226 port 42089 ssh2
Jul  1 16:33:29 webserver sshd[5314]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:30 webserver sshd[5316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=ftp
Jul  1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:32 webserver sshd[5316]: Failed password for ftp from 62.93.6.226 port 43379 ssh2
Jul  1 16:33:32 webserver sshd[5316]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:33 webserver sshd[5318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=ftp
Jul  1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:35 webserver sshd[5318]: Failed password for ftp from 62.93.6.226 port 44670 ssh2
Jul  1 16:33:35 webserver sshd[5318]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:36 webserver sshd[5320]: Invalid user ftpuser from 62.93.6.226
Jul  1 16:33:36 webserver sshd[5320]: input_userauth_request: invalid user ftpuser [preauth]
Jul  1 16:33:36 webserver sshd[5320]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:36 webserver sshd[5320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:36 webserver sshd[5320]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:36 webserver sshd[5320]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:38 webserver sshd[5320]: Failed password for invalid user ftpuser from 62.93.6.226 port 46318 ssh2
Jul  1 16:33:38 webserver sshd[5320]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:39 webserver sshd[5322]: Invalid user ftpuser from 62.93.6.226
Jul  1 16:33:39 webserver sshd[5322]: input_userauth_request: invalid user ftpuser [preauth]
Jul  1 16:33:39 webserver sshd[5322]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:39 webserver sshd[5322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:39 webserver sshd[5322]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:39 webserver sshd[5322]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:41 webserver sshd[5322]: Failed password for invalid user ftpuser from 62.93.6.226 port 47653 ssh2
Jul  1 16:33:41 webserver sshd[5322]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:43 webserver sshd[5324]: Invalid user ftpuser from 62.93.6.226
Jul  1 16:33:43 webserver sshd[5324]: input_userauth_request: invalid user ftpuser [preauth]
Jul  1 16:33:43 webserver sshd[5324]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:43 webserver sshd[5324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:43 webserver sshd[5324]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:43 webserver sshd[5324]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:45 webserver sshd[5324]: Failed password for invalid user ftpuser from 62.93.6.226 port 49269 ssh2
Jul  1 16:33:45 webserver sshd[5324]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:46 webserver sshd[5326]: Invalid user library from 62.93.6.226
Jul  1 16:33:46 webserver sshd[5326]: input_userauth_request: invalid user library [preauth]
Jul  1 16:33:46 webserver sshd[5326]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:46 webserver sshd[5326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:46 webserver sshd[5326]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:46 webserver sshd[5326]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:48 webserver sshd[5326]: Failed password for invalid user library from 62.93.6.226 port 50591 ssh2
Jul  1 16:33:48 webserver sshd[5326]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:49 webserver sshd[5328]: Invalid user library from 62.93.6.226
Jul  1 16:33:49 webserver sshd[5328]: input_userauth_request: invalid user library [preauth]
Jul  1 16:33:49 webserver sshd[5328]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:49 webserver sshd[5328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:49 webserver sshd[5328]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:49 webserver sshd[5328]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:51 webserver sshd[5328]: Failed password for invalid user library from 62.93.6.226 port 51906 ssh2
Jul  1 16:33:51 webserver sshd[5328]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:52 webserver sshd[5330]: Invalid user library from 62.93.6.226
Jul  1 16:33:52 webserver sshd[5330]: input_userauth_request: invalid user library [preauth]
Jul  1 16:33:52 webserver sshd[5330]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:52 webserver sshd[5330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:52 webserver sshd[5330]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:52 webserver sshd[5330]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:54 webserver sshd[5330]: Failed password for invalid user library from 62.93.6.226 port 53246 ssh2
Jul  1 16:33:55 webserver sshd[5330]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:56 webserver sshd[5332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=mysql
Jul  1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:58 webserver sshd[5332]: Failed password for mysql from 62.93.6.226 port 54760 ssh2
Jul  1 16:33:58 webserver sshd[5332]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:59 webserver sshd[5334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=mysql
Jul  1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:34:02 webserver sshd[5334]: Failed password for mysql from 62.93.6.226 port 56357 ssh2
Jul  1 16:34:02 webserver sshd[5334]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:34:03 webserver sshd[5336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=mysql
Jul  1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:34:05 webserver sshd[5336]: Failed password for mysql from 62.93.6.226 port 58251 ssh2
Jul  1 16:34:05 webserver sshd[5336]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:34:06 webserver sshd[5338]: Invalid user support from 62.93.6.226
Jul  1 16:34:06 webserver sshd[5338]: input_userauth_request: invalid user support [preauth]
Jul  1 16:34:06 webserver sshd[5338]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:34:06 webserver sshd[5338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:34:06 webserver sshd[5338]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:34:06 webserver sshd[5338]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:34:08 webserver sshd[5338]: Failed password for invalid user support from 62.93.6.226 port 59741 ssh2
Jul  1 16:34:08 webserver sshd[5338]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:34:10 webserver sshd[5340]: Invalid user support from 62.93.6.226
Jul  1 16:34:10 webserver sshd[5340]: input_userauth_request: invalid user support [preauth]
Jul  1 16:34:10 webserver sshd[5340]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:34:10 webserver sshd[5340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:34:10 webserver sshd[5340]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:34:10 webserver sshd[5340]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:34:12 webserver sshd[5340]: Failed password for invalid user support from 62.93.6.226 port 33112 ssh2
  • Thomas Ward
    Thomas Ward almost 11 years
    @user173118 Also, I suggest you edit /etc/ssh/sshd_config and set PermitRootLogin to no, and have a separate user account who has sudo access on your server, rather than using just the root user. That will prevent someone from gaining root privs by SSH brute forcing, even if they guess your password. As well, I suggest you use SSH keys instead of password auth, and set PasswordAuthentication to no and uncomment that line, which will disable passcode authing.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Teamviewer not working (no connection)
Ubuntu server 16.04 can't ping outside IP's or domains or do updates
How do I copy files that need root access with scp?
SSH and Telnet Connection refused
Connect to remote Ubuntu Server GUI
SSH connection refused when connecting remotly
how to keep an ssh connection from closing?
Monitor active web connections on IIS 7 in real time (perhaps throttle individual IP's)?
Corrupted MAC on input. ssh_dispatch_run_fatal:message authentication code incorrect unable to ssh jupyter notebook on remote server
Permission denied (publickey,password). while using ssh to login