Hello, Am Samstag, 30. April 2005 12:17 schrieb NSK:
from /var/log/messages I see msgs like
sshd[31200]: Illegal user agata sshd[31202]: Illegal user alejandro sshd[31204]: Illegal user alice sshd[31206]: Illegal user alka
All from the same IP address in South Korea.
There are some scriptkiddies out there who try to get access via ssh. There was a thread in this list some time ago about this ("SSH attacks.", at the beginning of february) where somebody mentioned a script to block an IP after some "Illegal user" messages.
What should I do?
In general, you can ignore the messages if you have good passwords ;-) To be really sure, change SSH login to pubkey only. Regards, Christian Boltz -- ...von den vier Mitgliedern der "Nimbus Monospaced(!)"-Familie ist angeblich nur die Regular Monospaced - die anderen sind... nun ja... proportional, nur eben alle gleich proportional. =%-) [Ratti in fontlinge-devel nach Auslesen der "monospaced"-Infos]