Hi all, I am, of course, seeing the same thing. I wonder if it might be because of SuSE now being owned by novell. Admin is a typical Novell server user account. Maybe someone is trying the attacks against the SuSE servers that they were using for Novell servers. Just a thought. Dustin Hi, by me the same: ... Sep 13 14:53:25 tempi sshd[7383]: Failed password for invalid user test from 220.73.215.151 port 52864 ssh2 Sep 13 14:53:28 tempi sshd[7385]: Failed password for invalid user guest from 220.73.215.151 port 52992 ssh2 Sep 13 14:53:30 tempi sshd[7387]: Failed password for admin from 220.73.215.151 port 53128 ssh2 Sep 13 14:53:33 tempi sshd[7393]: Failed password for admin from 220.73.215.151 port 53260 ssh2 Sep 13 14:53:36 tempi sshd[7396]: Failed password for invalid user user from 220.73.215.151 port 53392 ssh2 Sep 13 14:53:39 tempi sshd[7398]: Failed password for root from 220.73.215.151 port 53539 ssh2 Sep 13 14:53:41 tempi sshd[7400]: Failed password for root from 220.73.215.151 port 53678 ssh2 Sep 13 14:53:44 tempi sshd[7406]: Failed password for root from 220.73.215.151 port 53814 ssh2 Sep 13 14:53:47 tempi sshd[7408]: Failed password for invalid user test from 220.73.215.151 port 53948 ssh2 ... what I can do, is to block the addresses and read less logs :) On Mon, 20 Sep 2004 11:40:23 -0400, suse wrote
This may not be strictly SuSE related, but what the heck: Lately, I've been getting tons of attempts to login via ssh for "guest", "test", "user", and "admin". Plenty others for root, and even one that seemed to have been a list of some script kiddie's /etc/passwd. The root ones are pretty obvious and always blocked, but I've found the others rather curious.
Does anyone running a unix server really use "guest", "test", "user", or "admin" as real accounts? Judging by the volume of attempts I'm getting, there has to be something causing this. Was a borked version of ssh server released for windows, or something? Or is this trying to connect to zombie machines? From what I understand, ssh server isn't common on windows, and those accounts certainly aren't common to unix... Anyone know what's going on here?
(I'm not worried about my machines, root is blocked by sshd and I don't have the other accounts, I'm just curious.)
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER -- STTS -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here