Brute force attacks

Hello all,

I guess I am very concerned about my log watches today. Usually I get several failed attempts from various ip addresses, nothing that I would classify as severe…. But today I found this tid bit in my log watch (See below). The question is now; is there some reporting proceedure that I should follow in reporting this address to someone, also are there any steps I can take to prevent anymore of this??

sshd:

Authentication Failures:

root (hnd01.aspwb.com ): 560 Time(s)

root (203.69.243.102 ): 1 Time(s)

Failed password for root from ::ffff:202.227.184.84 port 48570 ssh2

Failed password for root from ::ffff:202.227.184.84 port 48755 ssh2

Failed password for root from ::ffff:202.227.184.84 port 48947 ssh2

Failed password for root from ::ffff:202.227.184.84 port 49136 ssh2

Failed password for root from ::ffff:202.227.184.84 port 49341 ssh2

< Snipped because I think you see where this is going>

1 Reply

http://www.linode.com/forums/viewtopic. … torder=asc">http://www.linode.com/forums/viewtopic.php?t=1286&start=0&postdays=0&postorder=asc

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct