Did not receive identification string from?

#1 06-06-2006, 07:59 PM

I don not fully understand this in var/log/secure. I someone trying to connect?
It's the first time I see this, it started today?

Jun 7 01:08:02 host sshd[32738]: Did not receive identification string from 72.20.1.250
Jun 7 01:08:59 host sshd[1955]: Did not receive identification string from 72.20.1.250
Jun 7 01:09:59 host sshd[3959]: Did not receive identification string from 72.20.1.250
Jun 7 01:10:56 host sshd[5937]: Did not receive identification string from 69.61.56.114
Jun 7 01:11:56 host sshd[7752]: Did not receive identification string from 69.61.56.114
Jun 7 01:12:55 host sshd[9633]: Did not receive identification string from 69.61.56.114
Jun 7 01:13:56 host sshd[11530]: Did not receive identification string from 69.61.56.114
Jun 7 01:14:06 host xinetd[11636]: START: imap pid=11822 from=127.0.0.1
Jun 7 01:14:57 host sshd[13545]: Did not receive identification string from 69.61.56.114
Jun 7 01:15:57 host sshd[15599]: Did not receive identification string from 69.61.56.114
Jun 7 01:16:58 host sshd[17409]: Did not receive identification string from 83.149.104.60
Jun 7 01:17:58 host sshd[17919]: Did not receive identification string from 83.149.104.60
Jun 7 01:18:59 host sshd[20136]: Did not receive identification string from 83.149.104.60
Jun 7 01:20:00 host sshd[22260]: Did not receive identification string from 72.20.1.250
Jun 7 01:20:57 host sshd[25642]: Did not receive identification string from 72.20.1.250
Jun 7 01:21:56 host sshd[27952]: Did not receive identification string from 72.20.1.250
Jun 7 01:22:31 host xinetd[11636]: START: imap pid=28636 from=127.0.0.1
Jun 7 01:22:56 host sshd[29965]: Did not receive identification string from 72.20.1.250
Jun 7 01:23:57 host sshd[31922]: Did not receive identification string from 72.20.1.250
Jun 7 01:24:56 host sshd[1634]: Did not receive identification string from 72.20.1.250
Jun 7 01:25:58 host sshd[3622]: Did not receive identification string from 195.242.215.246
Jun 7 01:26:58 host sshd[9739]: Did not receive identification string from 195.242.215.246
Jun 7 01:27:58 host sshd[13625]: Did not receive identification string from 195.242.215.246
Jun 7 01:28:55 host sshd[15426]: Did not receive identification string from 69.61.56.114
Jun 7 01:29:55 host sshd[17443]: Did not receive identification string from 69.61.56.114
Jun 7 01:30:56 host xinetd[11636]: START: imap pid=22234 from=127.0.0.1
Jun 7 01:31:00 host sshd[22292]: Did not receive identification string from 69.61.56.114
Jun 7 01:31:56 host sshd[24298]: Did not receive identification string from 69.61.56.114
Jun 7 01:32:57 host sshd[27669]: Did not receive identification string from 69.61.56.114
Jun 7 01:33:57 host sshd[29837]: Did not receive identification string from 69.61.56.114
Jun 7 01:34:56 host sshd[32136]: Did not receive identification string from 69.61.56.114
Jun 7 01:35:57 host sshd[1533]: Did not receive identification string from 69.61.56.114
Jun 7 01:36:57 host sshd[4003]: Did not receive identification string from 69.61.56.114
Jun 7 01:37:57 host sshd[5928]: Did not receive identification string from 83.149.104.60
Jun 7 01:38:57 host sshd[7919]: Did not receive identification string from 83.149.104.60
Jun 7 01:39:21 host xinetd[11636]: START: imap pid=9481 from=127.0.0.1
Jun 7 01:39:57 host sshd[11343]: Did not receive identification string from 83.149.104.60
Jun 7 01:40:58 host sshd[14104]: Did not receive identification string from 69.61.56.114
Jun 7 01:39:57 host sshd[11343]: Did not receive identification string from 83.149.104.60
Jun 7 01:40:58 host sshd[14104]: Did not receive identification string from 69.61.56.114
Jun 7 01:43:17 host sshd[18181]: Did not receive identification string from 69.61.56.114
Jun 7 01:43:58 host sshd[19591]: Did not receive identification string from 83.149.104.60
Jun 7 01:44:58 host sshd[20321]: Did not receive identification string from 83.149.104.60
Jun 7 01:46:01 host sshd[22491]: Did not receive identification string from 83.149.104.60
Jun 7 01:46:58 host sshd[24204]: Did not receive identification string from 83.149.104.60
Jun 7 01:47:45 host xinetd[11636]: START: imap pid=25795 from=127.0.0.1
Jun 7 01:47:57 host sshd[25917]: Did not receive identification string from 83.149.104.60
Jun 7 01:48:57 host sshd[28183]: Did not receive identification string from 83.149.104.60
Jun 7 01:49:58 host sshd[30390]: Did not receive identification string from 83.149.104.60
Jun 7 01:50:59 host sshd[32733]: Did not receive identification string from 83.149.104.60
Jun 7 01:51:58 host sshd[3284]: Did not receive identification string from 83.149.104.60
Jun 7 01:52:59 host sshd[4044]: Did not receive identification string from 83.149.104.60
Jun 7 01:53:57 host sshd[5831]: Did not receive identification string from 83.149.104.60
Jun 7 01:54:58 host sshd[9315]: Did not receive identification string from 83.149.104.60

SoiDog...The N00b

Fred · #2 06-06-2006, 08:04 PM

those are pretty normal these days...
They are from a kiddie or a bot on a hacked server that trying a lot of user and password to get access to your server...

If you have a complex password, i wouldn't be scared about them...
Also, disable root login ( if not already done... if you need help with this, i believe support can help you to be sure everything is done properly )

You can also change the ssh port... that will solve the scans for sure ...

sdjl · #3 06-06-2006, 08:07 PM

I disable root login and change the port number and this saves me from those messages.

David

Fred · #4 06-06-2006, 08:08 PM

it will also save a bit of load if you consider the fact that bfd is taking some load

#5 06-06-2006, 08:30 PM

I'm not running ssh on port 22 and have disabled root login.

So I'm feeling pretty secure. This appears on my new cpanel account. I have also a plesk account and have not seen this in that account.

SoiDog...The N00b

Fred · #6 06-06-2006, 09:01 PM

Connect to ssh on your cpanel server, write this:
grep Port /etc/ssh/sshd_config

You will see on which port it runs... By default, it runs on port 22.

And to be sure for root logins,
grep Root /etc/ssh/sshd_config

#7 06-06-2006, 09:16 PM

Root login is disabled and ssh is not running on port 22.

Thanks for the help
SoiDog...The N00b

airoid · #8 06-06-2006, 10:36 PM

Quote:

Originally Posted by soidog

Root login is disabled and ssh is not running on port 22.

Thanks for the help
SoiDog...The N00b

Make sure to let support know you disabled root login and changed the port or they may be unable to troubleshoot critical problems in the future.

Daniel · #9 06-06-2006, 10:38 PM

Quote:

Originally Posted by airoid

Make sure to let support know you disabled root login and changed the port or they may be unable to troubleshoot critical problems in the future.

Thanks for that, was just about to suggest that. It saves us an extra step when we can just log right in.

#10 06-06-2006, 10:43 PM

Ok,
Let them know now? Or wait until I need support?

SoiDog...