zolee1
10-16-2005, 12:26 PM
Hi,
I have been getting these messages by email from my vps:
The remote system 171.64.119.43 was found to have exceeded acceptable login failures on host.europuppy.com; there was 1926 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.
Executed ban command:
/etc/apf/apf -d 171.64.119.43 {bfd.sshd}
The following are event logs from 171.64.119.43 on service sshd (all time stamps are GMT -0400):
Oct 15 18:16:26 host sshd[6491]: Failed password for invalid user Kaiser from 171.64.119.43 port 35768 ssh2 Oct 15 18:16:26 host sshd[6541]: Invalid user candy from 171.64.119.43 Oct 15 18:16:26 host sshd[6541]: Failed password for invalid user candy from 171.64.119.43 port 35816 ssh2 Oct 15 18:16:27 host sshd[6656]: Invalid user venice from 171.64.119.43 Oct 15 18:16:27 host sshd[6656]: Failed password for invalid user venice from 171.64.119.43 port 35875 ssh2 Oct 15 18:16:28 host sshd[6706]: Invalid user venice from 171.64.119.43 Oct 15 18:16:28 host sshd[6706]: Failed password for invalid user venice from 171.64.119.43 port 35934 ssh2 Oct 15 18:16:29 host sshd[6758]: Failed password for ftp from 171.64.119.43 port 36001 ssh2 Oct 15 18:16:30 host sshd[6786]: Invalid user mozilla from 171.64.119.43 Oct 15 18:16:30 host
I don't want to put the whole log in here...
I had my SSH port relocated from 22 to a 4 digit numbered port.
I have three questions:
1. What can I do to stop these attacks
2. Does the message mean that 171.64.119.43 has been banned, and can’t access our website either?
3. If yes, is it possible to ban this IP from all port but the www port?
Thanks, Zoltan
I have been getting these messages by email from my vps:
The remote system 171.64.119.43 was found to have exceeded acceptable login failures on host.europuppy.com; there was 1926 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.
Executed ban command:
/etc/apf/apf -d 171.64.119.43 {bfd.sshd}
The following are event logs from 171.64.119.43 on service sshd (all time stamps are GMT -0400):
Oct 15 18:16:26 host sshd[6491]: Failed password for invalid user Kaiser from 171.64.119.43 port 35768 ssh2 Oct 15 18:16:26 host sshd[6541]: Invalid user candy from 171.64.119.43 Oct 15 18:16:26 host sshd[6541]: Failed password for invalid user candy from 171.64.119.43 port 35816 ssh2 Oct 15 18:16:27 host sshd[6656]: Invalid user venice from 171.64.119.43 Oct 15 18:16:27 host sshd[6656]: Failed password for invalid user venice from 171.64.119.43 port 35875 ssh2 Oct 15 18:16:28 host sshd[6706]: Invalid user venice from 171.64.119.43 Oct 15 18:16:28 host sshd[6706]: Failed password for invalid user venice from 171.64.119.43 port 35934 ssh2 Oct 15 18:16:29 host sshd[6758]: Failed password for ftp from 171.64.119.43 port 36001 ssh2 Oct 15 18:16:30 host sshd[6786]: Invalid user mozilla from 171.64.119.43 Oct 15 18:16:30 host
I don't want to put the whole log in here...
I had my SSH port relocated from 22 to a 4 digit numbered port.
I have three questions:
1. What can I do to stop these attacks
2. Does the message mean that 171.64.119.43 has been banned, and can’t access our website either?
3. If yes, is it possible to ban this IP from all port but the www port?
Thanks, Zoltan