Report di un Attacco ssh sulla porta 22 del serverino icb3p9 del 09/08/20!!!!!!!

[kidy]

Parte dei log:
Aug  9 09:19:57 ubuntus sshd[1527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:20:00 ubuntus sshd[1529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:20:02 ubuntus sshd[1531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:20:05 ubuntus sshd[1533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:20:08 ubuntus sshd[1535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:20:11 ubuntus sshd[1537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:20:14 ubuntus sshd[1539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:20:16 ubuntus sshd[1541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:18 ubuntus sshd[1543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:20 ubuntus sshd[1545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:20:24 ubuntus sshd[1547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:20:26 ubuntus sshd[1549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:20:29 ubuntus sshd[1551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:20:32 ubuntus sshd[1553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:35 ubuntus sshd[1555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:37 ubuntus sshd[1557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:39 ubuntus sshd[1559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:42 ubuntus sshd[1561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:45 ubuntus sshd[1563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:48 ubuntus sshd[1565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:50 ubuntus sshd[1567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:53 ubuntus sshd[1569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:55 ubuntus sshd[1571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:20:58 ubuntus sshd[1573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:00 ubuntus sshd[1575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:03 ubuntus sshd[1577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:06 ubuntus sshd[1579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:08 ubuntus sshd[1581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:11 ubuntus sshd[1583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:14 ubuntus sshd[1585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:16 ubuntus sshd[1587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:19 ubuntus sshd[1589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:22 ubuntus sshd[1591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:24 ubuntus sshd[1593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:26 ubuntus sshd[1595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:29 ubuntus sshd[1597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:31 ubuntus sshd[1599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:34 ubuntus sshd[1601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:36 ubuntus sshd[1603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:38 ubuntus sshd[1605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:40 ubuntus sshd[1607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:43 ubuntus sshd[1609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:46 ubuntus sshd[1611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:48 ubuntus sshd[1613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:50 ubuntus sshd[1615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:53 ubuntus sshd[1617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:55 ubuntus sshd[1619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:21:58 ubuntus sshd[1621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:00 ubuntus sshd[1623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:02 ubuntus sshd[1625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:04 ubuntus sshd[1627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:07 ubuntus sshd[1629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:09 ubuntus sshd[1631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:12 ubuntus sshd[1633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:14 ubuntus sshd[1635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:17 ubuntus sshd[1637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:19 ubuntus sshd[1639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:22 ubuntus sshd[1641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:24 ubuntus sshd[1643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:26 ubuntus sshd[1645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:29 ubuntus sshd[1647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:31 ubuntus sshd[1649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:34 ubuntus sshd[1651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:36 ubuntus sshd[1653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:38 ubuntus sshd[1655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:41 ubuntus sshd[1657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:44 ubuntus sshd[1659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:46 ubuntus sshd[1661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:48 ubuntus sshd[1663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:50 ubuntus sshd[1665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:53 ubuntus sshd[1667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:56 ubuntus sshd[1669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:22:58 ubuntus sshd[1671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:23:00 ubuntus sshd[1673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:03 ubuntus sshd[1675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:05 ubuntus sshd[1677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:08 ubuntus sshd[1679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:10 ubuntus sshd[1681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:12 ubuntus sshd[1683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:14 ubuntus sshd[1685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:17 ubuntus sshd[1687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:20 ubuntus sshd[1689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:22 ubuntus sshd[1691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69
Aug  9 09:23:24 ubuntus sshd[1693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:26 ubuntus sshd[1695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:29 ubuntus sshd[1697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:32 ubuntus sshd[1699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:34 ubuntus sshd[1701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:36 ubuntus sshd[1703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:39 ubuntus sshd[1705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:41 ubuntus sshd[1707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:44 ubuntus sshd[1709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:46 ubuntus sshd[1711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:49 ubuntus sshd[1713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:51 ubuntus sshd[1715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:54 ubuntus sshd[1717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:56 ubuntus sshd[1719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:23:59 ubuntus sshd[1721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:05 ubuntus sshd[1723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:07 ubuntus sshd[1725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:09 ubuntus sshd[1727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:12 ubuntus sshd[1729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:14 ubuntus sshd[1731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:17 ubuntus sshd[1733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:19 ubuntus sshd[1735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:22 ubuntus sshd[1737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:24 ubuntus sshd[1739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:27 ubuntus sshd[1741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:30 ubuntus sshd[1743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:32 ubuntus sshd[1745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:35 ubuntus sshd[1747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:37 ubuntus sshd[1749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:39 ubuntus sshd[1751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:43 ubuntus sshd[1753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:45 ubuntus sshd[1755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:48 ubuntus sshd[1757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:50 ubuntus sshd[1759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:53 ubuntus sshd[1761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root
Aug  9 09:24:56 ubuntus sshd[1763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.159.110.69  user=root

INIZIAMO BENE!!!!!!!!!!!!!!!!
Hahahahaha

[name29]

Contro attacchi del genere si potrebbe usare fail2ban

[kidy]

Si,stavo dando uno sguardo al programma,non male ,semplice e preciso,per? ora vorrei anche avere un soft..che mi avvisi in caso di attacchi!

[kidy]

Anche oggi controllando i vari log di sistema:

Aug 28 17:33:58 ubuntus sshd[19540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:00 ubuntus sshd[19540]: Failed password for root from 216.121.105.67 port 33438 ssh2
Aug 28 17:34:03 ubuntus sshd[19543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:04 ubuntus sshd[19543]: Failed password for root from 216.121.105.67 port 34016 ssh2
Aug 28 17:34:07 ubuntus sshd[19549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:08 ubuntus sshd[19549]: Failed password for root from 216.121.105.67 port 34341 ssh2
Aug 28 17:34:10 ubuntus sshd[19557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:13 ubuntus sshd[19557]: Failed password for root from 216.121.105.67 port 34663 ssh2
Aug 28 17:34:15 ubuntus sshd[19563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:16 ubuntus sshd[19563]: Failed password for root from 216.121.105.67 port 35020 ssh2
Aug 28 17:34:18 ubuntus sshd[19566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:20 ubuntus sshd[19566]: Failed password for root from 216.121.105.67 port 35353 ssh2
Aug 28 17:34:22 ubuntus sshd[19568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:25 ubuntus sshd[19568]: Failed password for root from 216.121.105.67 port 35688 ssh2
Aug 28 17:34:27 ubuntus sshd[19572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:29 ubuntus sshd[19572]: Failed password for root from 216.121.105.67 port 36023 ssh2
Aug 28 17:34:31 ubuntus sshd[19579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:33 ubuntus sshd[19579]: Failed password for root from 216.121.105.67 port 36414 ssh2
Aug 28 17:34:35 ubuntus sshd[19587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:37 ubuntus sshd[19587]: Failed password for root from 216.121.105.67 port 36712 ssh2
Aug 28 17:34:39 ubuntus sshd[19592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:41 ubuntus sshd[19592]: Failed password for root from 216.121.105.67 port 37023 ssh2
Aug 28 17:34:43 ubuntus sshd[19594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:45 ubuntus sshd[19594]: Failed password for root from 216.121.105.67 port 37341 ssh2
Aug 28 17:34:48 ubuntus sshd[19596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.105.121.216.reverse.gogrid.com  user=root
Aug 28 17:34:50 ubuntus sshd[19596]: Failed password for root from 216.121.105.67 port 37727 ssh2

Ancora:

Aug 28 16:49:23 ubuntus sshd[17463]: pam_unix(sshd:auth): check pass; user unknown
Aug 28 16:49:23 ubuntus sshd[17463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124
Aug 28 16:49:25 ubuntus sshd[17463]: Failed password for invalid user gopher from 219.150.163.124 port 64488 ssh2
Aug 28 16:49:29 ubuntus sshd[17474]: Invalid user evonne from 219.150.163.124
Aug 28 16:49:30 ubuntus sshd[17474]: pam_unix(sshd:auth): check pass; user unknown
Aug 28 16:49:30 ubuntus sshd[17474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124
Aug 28 16:49:30 ubuntus sshd[17474]: Failed password for invalid user evonne from 219.150.163.124 port 64638 ssh2
Aug 28 16:49:34 ubuntus sshd[17483]: Invalid user rain from 219.150.163.124
Aug 28 16:49:35 ubuntus sshd[17483]: pam_unix(sshd:auth): check pass; user unknown
Aug 28 16:49:35 ubuntus sshd[17483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124
Aug 28 16:49:37 ubuntus sshd[17483]: Failed password for invalid user rain from 219.150.163.124 port 1718 ssh2
Aug 28 16:49:40 ubuntus sshd[17485]: Invalid user veriano from 219.150.163.124
Aug 28 16:49:41 ubuntus sshd[17485]: pam_unix(sshd:auth): check pass; user unknown
Aug 28 16:49:41 ubuntus sshd[17485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124
Aug 28 16:49:43 ubuntus sshd[17485]: Failed password for invalid user veriano from 219.150.163.124 port 2778 ssh2
Aug 28 16:49:47 ubuntus sshd[17492]: Invalid user fabiana from 219.150.163.124
Aug 28 16:49:49 ubuntus sshd[17492]: pam_unix(sshd:auth): check pass; user unknown
Aug 28 16:49:49 ubuntus sshd[17492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124
Aug 28 16:49:49 ubuntus sshd[17492]: Failed password for invalid user fabiana from 219.150.163.124 port 3913 ssh2
Aug 28 16:49:53 ubuntus sshd[17501]: Invalid user luciano from 219.150.163.124
Aug 28 16:49:54 ubuntus sshd[17501]: pam_unix(sshd:auth): check pass; user unknown
Aug 28 16:49:55 ubuntus sshd[17501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124
Aug 28 16:49:56 ubuntus sshd[17501]: Failed password for invalid user luciano from 219.150.163.124 port 5356 ssh2
Aug 28 16:50:00 ubuntus sshd[17507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:50:02 ubuntus sshd[17507]: Failed password for root from 219.150.163.124 port 6763 ssh2
Aug 28 16:50:06 ubuntus sshd[17509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:50:08 ubuntus sshd[17509]: Failed password for root from 219.150.163.124 port 7823 ssh2
Aug 28 16:50:12 ubuntus sshd[17518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:50:14 ubuntus sshd[17518]: Failed password for root from 219.150.163.124 port 8920 ssh2
Aug 28 16:50:18 ubuntus sshd[17528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:50:20 ubuntus sshd[17528]: Failed password for root from 219.150.163.124 port 10229 ssh2
Aug 28 16:50:24 ubuntus sshd[17531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:50:26 ubuntus sshd[17531]: Failed password for root from 219.150.163.124 port 11500 ssh2
Aug 28 16:50:30 ubuntus sshd[17534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:50:32 ubuntus sshd[17534]: Failed password for root from 219.150.163.124 port 12653 ssh2
Aug 28 16:50:36 ubuntus sshd[17544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:50:38 ubuntus sshd[17544]: Failed password for root from 219.150.163.124 port 13778 ssh2
Aug 28 16:50:41 ubuntus sshd[17553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:50:44 ubuntus sshd[17553]: Failed password for root from 219.150.163.124 port 14750 ssh2
Aug 28 16:50:48 ubuntus sshd[17555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:50:50 ubuntus sshd[17555]: Failed password for root from 219.150.163.124 port 15985 ssh2
Aug 28 16:50:54 ubuntus sshd[17562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:50:56 ubuntus sshd[17562]: Failed password for root from 219.150.163.124 port 17137 ssh2
Aug 28 16:51:00 ubuntus sshd[17572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:51:02 ubuntus sshd[17572]: Failed password for root from 219.150.163.124 port 18342 ssh2
Aug 28 16:51:06 ubuntus sshd[17577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:51:08 ubuntus sshd[17577]: Failed password for root from 219.150.163.124 port 19384 ssh2
Aug 28 16:51:12 ubuntus sshd[17579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:51:13 ubuntus sshd[17579]: Failed password for root from 219.150.163.124 port 20075 ssh2
Aug 28 16:51:17 ubuntus sshd[17587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:51:19 ubuntus sshd[17587]: Failed password for root from 219.150.163.124 port 20666 ssh2
Aug 28 16:51:23 ubuntus sshd[17598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root
Aug 28 16:51:25 ubuntus sshd[17598]: Failed password for root from 219.150.163.124 port 21520 ssh2
Aug 28 16:51:29 ubuntus sshd[17601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.150.163.124  user=root

 

[BigLouis87]

Ho fatto una prova, e ho scoperto che gli ip che ti hanno attaccato sono online e hanno la ssh attiva!!
Si potrebbe tentare un contrattacco, giusto per intimorirli...

[name29]

io provvederei a mandare un mail al provider....


kidy magari cambiamo la porta di ssh




cmq kidy adesso puoi dormire tranquillo! Fail2ban fa la guardia!

[riccge]

Non so se avete letto:
http://punto-informatico.it/2387656/PI/News/ssh-violato-linux-sotto-scacco.aspx

[truthahn]

Su un server che gestisco io in una scuola era impressionante il numero di attacchi quindi nella bella slack:
ho cambiato porta all'ssh
ho creato un utente con un nome alfanumerico tipo password al quale solo ? permesso di collegarsi in ssh
poi una volta collegato uso "su" per amministrare il server.
e uso pass da paranoia.
Gi? cambiare porta ? una buona buona precauzione e quasi sicuramente gli attacchi spariscono.

[name29]

fail2ban ha gi? bannato qualcuno ....

[melazeta]

Ma con dd-wrt c'? la possibilit? di avere un file di log per eventuali intrusi che cercano di entrare nella mia rete?