Guten Tag robert rottermann, am Mittwoch, 28. Oktober 2009 um 07:57 schrieben Sie:
hoi zäme, ich hab mal die logs eines suse 11.1 (vor kurzem von 10.? upgedated) rechner angeschaut. da finde ich massenhaft meldungen in /var/log/messages von der art
Oct 24 20:46:16 alice sshd[5250]: Did not receive identification string from 222.236.47.135 Oct 24 20:52:27 alice sshd[5285]: Invalid user globus from 222.236.47.135 Oct 24 20:52:30 alice sshd[5287]: Invalid user condor from 222.236.47.135 Oct 24 20:52:32 alice sshd[5289]: Invalid user marine from 222.236.47.135 Oct 24 20:52:32 alice sshd[5291]: Invalid user tomcat from 222.236.47.135 Oct 24 20:52:34 alice sshd[5293]: Invalid user cadi from 222.236.47.135 Oct 24 20:52:35 alice sshd[5296]: Invalid user global from 222.236.47.135 Oct 24 20:52:37 alice sshd[5294]: Invalid user marine from 222.236.47.135 Oct 24 20:52:38 alice sshd[5299]: Invalid user cady from 222.236.47.135 Oct 24 20:52:38 alice sshd[5300]: Invalid user upload from 222.236.47.135
und in /var/log/warn Apr 16 05:24:56 alice sshd[7031]: error: PAM: User not known to the underlying authentication module for illegal user avye from 218.241.164.34 Apr 16 05:25:35 alice sshd[7034]: error: PAM: User not known to the underlying authentication module for illegal user avye from 66.197.211.229 Apr 16 05:26:12 alice sshd[7037]: error: PAM: User not known to the underlying authentication module for illegal user avye from 102.155.95.219.klj01-home.tm.net.my Apr 16 05:27:18 alice sshd[7040]: error: PAM: User not known to the underlying authentication module for illegal user awen from 200.87.126.118 Apr 16 05:27:21 alice sshd[7043]: error: PAM: User not known to the underlying authentication module for illegal user awen from sprint-65-160-236-155.smf.ragingwire.net Apr 16 05:28:01 alice sshd[7046]: error: PAM: User not known to the underlying authentication module for illegal user awen from 216.241.173.122 Apr 16 05:28:37 alice sshd[7049]: error: PAM: User not known to the underlying authentication module for illegal user awen from 218.91.210.100
es scheint, dass jemand einzubrechen versucht. was kann ich machen um mich dagegen zu schützen? ich nutze suses firewall und aktualisiere die sicherheitspatches regelmässig.
Entweder verlegst du den Port von SSH und/oder schaust dir mal fail2ban an. Der sperrt die IP von der das probiert wird. sebastian
gruss robert
-- Mit freundlichen Grüßen Sebastian Gödecke mailto:simpsonetti@googlemail.com -- Um die Liste abzubestellen, schicken Sie eine Mail an: opensuse-de+unsubscribe@opensuse.org Um eine Liste aller verfuegbaren Kommandos zu bekommen, schicken Sie eine Mail an: opensuse-de+help@opensuse.org