Someone trying to hack?

I was going through and monitoring the server and found lots and lots of the following in the /var/log/messages file. It *appears* to look like someone is trying to hammer the server and gain access from the paginafacil.com domain via SSH/root user? If so anyway to track this down?



Feb 9 17:28:15 StargateSG1 sshd(pam_unix)[24589]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=paginafacil.com user=root

Feb 9 17:28:18 StargateSG1 sshd(pam_unix)[24591]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=paginafacil.com user=root

Feb 9 17:28:21 StargateSG1 sshd(pam_unix)[24593]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=paginafacil.com user=root

Feb 9 17:28:24 StargateSG1 sshd(pam_unix)[24595]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=paginafacil.com user=root

yes,

i get those connections all day and night long.

i installed apf firewall side by side with BFD (brute force detection) after a number of tries and fails it bans them automatically in the firewall.

if you have good passwords you should be ok (i.e. not dictionary words or common passwords) because some of these are comprimised machines scanning ips for ssh and using a dictionary file to try to break into more.

i disabled root ssh access anyway.

apf: http://www.rfxnetworks.com/apf.php

bfd: http://www.rfxnetworks.com/bfd.php