Go Back   Defender Hosting Forums > PowerVPS Virtual Private Servers > Linux VPS - General

Linux VPS - General General Discussion for Linux Virtual Private Servers based on Virtuozzo by SWsoft

Reply
 
Thread Tools Display Modes

  #1  
Old 06-06-2006, 07:59 PM
soidog
Guest
 
Posts: n/a
Default Did not receive identification string from?

I don not fully understand this in var/log/secure. I someone trying to connect?
It's the first time I see this, it started today?

Jun 7 01:08:02 host sshd[32738]: Did not receive identification string from 72.20.1.250
Jun 7 01:08:59 host sshd[1955]: Did not receive identification string from 72.20.1.250
Jun 7 01:09:59 host sshd[3959]: Did not receive identification string from 72.20.1.250
Jun 7 01:10:56 host sshd[5937]: Did not receive identification string from 69.61.56.114
Jun 7 01:11:56 host sshd[7752]: Did not receive identification string from 69.61.56.114
Jun 7 01:12:55 host sshd[9633]: Did not receive identification string from 69.61.56.114
Jun 7 01:13:56 host sshd[11530]: Did not receive identification string from 69.61.56.114
Jun 7 01:14:06 host xinetd[11636]: START: imap pid=11822 from=127.0.0.1
Jun 7 01:14:57 host sshd[13545]: Did not receive identification string from 69.61.56.114
Jun 7 01:15:57 host sshd[15599]: Did not receive identification string from 69.61.56.114
Jun 7 01:16:58 host sshd[17409]: Did not receive identification string from 83.149.104.60
Jun 7 01:17:58 host sshd[17919]: Did not receive identification string from 83.149.104.60
Jun 7 01:18:59 host sshd[20136]: Did not receive identification string from 83.149.104.60
Jun 7 01:20:00 host sshd[22260]: Did not receive identification string from 72.20.1.250
Jun 7 01:20:57 host sshd[25642]: Did not receive identification string from 72.20.1.250
Jun 7 01:21:56 host sshd[27952]: Did not receive identification string from 72.20.1.250
Jun 7 01:22:31 host xinetd[11636]: START: imap pid=28636 from=127.0.0.1
Jun 7 01:22:56 host sshd[29965]: Did not receive identification string from 72.20.1.250
Jun 7 01:23:57 host sshd[31922]: Did not receive identification string from 72.20.1.250
Jun 7 01:24:56 host sshd[1634]: Did not receive identification string from 72.20.1.250
Jun 7 01:25:58 host sshd[3622]: Did not receive identification string from 195.242.215.246
Jun 7 01:26:58 host sshd[9739]: Did not receive identification string from 195.242.215.246
Jun 7 01:27:58 host sshd[13625]: Did not receive identification string from 195.242.215.246
Jun 7 01:28:55 host sshd[15426]: Did not receive identification string from 69.61.56.114
Jun 7 01:29:55 host sshd[17443]: Did not receive identification string from 69.61.56.114
Jun 7 01:30:56 host xinetd[11636]: START: imap pid=22234 from=127.0.0.1
Jun 7 01:31:00 host sshd[22292]: Did not receive identification string from 69.61.56.114
Jun 7 01:31:56 host sshd[24298]: Did not receive identification string from 69.61.56.114
Jun 7 01:32:57 host sshd[27669]: Did not receive identification string from 69.61.56.114
Jun 7 01:33:57 host sshd[29837]: Did not receive identification string from 69.61.56.114
Jun 7 01:34:56 host sshd[32136]: Did not receive identification string from 69.61.56.114
Jun 7 01:35:57 host sshd[1533]: Did not receive identification string from 69.61.56.114
Jun 7 01:36:57 host sshd[4003]: Did not receive identification string from 69.61.56.114
Jun 7 01:37:57 host sshd[5928]: Did not receive identification string from 83.149.104.60
Jun 7 01:38:57 host sshd[7919]: Did not receive identification string from 83.149.104.60
Jun 7 01:39:21 host xinetd[11636]: START: imap pid=9481 from=127.0.0.1
Jun 7 01:39:57 host sshd[11343]: Did not receive identification string from 83.149.104.60
Jun 7 01:40:58 host sshd[14104]: Did not receive identification string from 69.61.56.114
Jun 7 01:39:57 host sshd[11343]: Did not receive identification string from 83.149.104.60
Jun 7 01:40:58 host sshd[14104]: Did not receive identification string from 69.61.56.114
Jun 7 01:43:17 host sshd[18181]: Did not receive identification string from 69.61.56.114
Jun 7 01:43:58 host sshd[19591]: Did not receive identification string from 83.149.104.60
Jun 7 01:44:58 host sshd[20321]: Did not receive identification string from 83.149.104.60
Jun 7 01:46:01 host sshd[22491]: Did not receive identification string from 83.149.104.60
Jun 7 01:46:58 host sshd[24204]: Did not receive identification string from 83.149.104.60
Jun 7 01:47:45 host xinetd[11636]: START: imap pid=25795 from=127.0.0.1
Jun 7 01:47:57 host sshd[25917]: Did not receive identification string from 83.149.104.60
Jun 7 01:48:57 host sshd[28183]: Did not receive identification string from 83.149.104.60
Jun 7 01:49:58 host sshd[30390]: Did not receive identification string from 83.149.104.60
Jun 7 01:50:59 host sshd[32733]: Did not receive identification string from 83.149.104.60
Jun 7 01:51:58 host sshd[3284]: Did not receive identification string from 83.149.104.60
Jun 7 01:52:59 host sshd[4044]: Did not receive identification string from 83.149.104.60
Jun 7 01:53:57 host sshd[5831]: Did not receive identification string from 83.149.104.60
Jun 7 01:54:58 host sshd[9315]: Did not receive identification string from 83.149.104.60

SoiDog...The N00b
Reply With Quote

  #2  
Old 06-06-2006, 08:04 PM
Fred Fred is offline
Senior Member
 
Join Date: Jun 2005
Posts: 601
Fred is on a distinguished road
Default Re: Did not receive identification string from?

those are pretty normal these days...
They are from a kiddie or a bot on a hacked server that trying a lot of user and password to get access to your server...

If you have a complex password, i wouldn't be scared about them...
Also, disable root login ( if not already done... if you need help with this, i believe support can help you to be sure everything is done properly )

You can also change the ssh port... that will solve the scans for sure ...
__________________
Reply With Quote

  #3  
Old 06-06-2006, 08:07 PM
sdjl's Avatar
sdjl sdjl is offline
Senior Member
 
Join Date: Dec 2005
Location: London, UK.
Posts: 349
sdjl is on a distinguished road
Send a message via AIM to sdjl
Default Re: Did not receive identification string from?

I disable root login and change the port number and this saves me from those messages.

David
Reply With Quote

  #4  
Old 06-06-2006, 08:08 PM
Fred Fred is offline
Senior Member
 
Join Date: Jun 2005
Posts: 601
Fred is on a distinguished road
Default Re: Did not receive identification string from?

it will also save a bit of load if you consider the fact that bfd is taking some load
__________________
Reply With Quote

  #5  
Old 06-06-2006, 08:30 PM
soidog
Guest
 
Posts: n/a
Default Re: Did not receive identification string from?

I'm not running ssh on port 22 and have disabled root login.

So I'm feeling pretty secure. This appears on my new cpanel account. I have also a plesk account and have not seen this in that account.

SoiDog...The N00b
Reply With Quote

  #6  
Old 06-06-2006, 09:01 PM
Fred Fred is offline
Senior Member
 
Join Date: Jun 2005
Posts: 601
Fred is on a distinguished road
Default Re: Did not receive identification string from?

Connect to ssh on your cpanel server, write this:
grep Port /etc/ssh/sshd_config

You will see on which port it runs... By default, it runs on port 22.

And to be sure for root logins,
grep Root /etc/ssh/sshd_config
__________________
Reply With Quote

  #7  
Old 06-06-2006, 09:16 PM
soidog
Guest
 
Posts: n/a
Default Re: Did not receive identification string from?

Root login is disabled and ssh is not running on port 22.

Thanks for the help
SoiDog...The N00b
Reply With Quote

  #8  
Old 06-06-2006, 10:36 PM
airoid airoid is offline
Senior Member
 
Join Date: Nov 2005
Posts: 231
airoid is on a distinguished road
Default Re: Did not receive identification string from?

Quote:
Originally Posted by soidog
Root login is disabled and ssh is not running on port 22.

Thanks for the help
SoiDog...The N00b
Make sure to let support know you disabled root login and changed the port or they may be unable to troubleshoot critical problems in the future.
Reply With Quote

  #9  
Old 06-06-2006, 10:38 PM
Daniel's Avatar
Daniel Daniel is offline
Cookie Thief
 
Join Date: May 2006
Location: Ashburn, Virginia
Posts: 607
Daniel is on a distinguished road
Default Re: Did not receive identification string from?

Quote:
Originally Posted by airoid
Make sure to let support know you disabled root login and changed the port or they may be unable to troubleshoot critical problems in the future.
Thanks for that, was just about to suggest that. It saves us an extra step when we can just log right in.
Reply With Quote

  #10  
Old 06-06-2006, 10:43 PM
soidog
Guest
 
Posts: n/a
Default Re: Did not receive identification string from?

Ok,
Let them know now? Or wait until I need support?

SoiDog...
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -4. The time now is 08:31 PM.


vBulletin skin developed by: eXtremepixels
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright Defender Technologies Group, LLC 2006