I was checking my logs after work today and noticed this in my message.log
almost the same thing for my ftp as well I assume someone is trying to bruteforce into ssh and ftp. I have also had some ddos like activities in my error log like this
[Mon Jun 6 20:50:12 2005] [error] could not make child process 11587 exit, attempting to continue anyway
over and over again which I read is code red ddosing is there anything I can do to prevent this?
I installed SIM to monitor httpd and restart it if the url is unaccessable but I need help solving this. Any information is appreciated
bax
Jun 8 07:08:33 idolhosting sshd(pam_unix)[7545]: check pass; user unknown
Jun 8 07:08:33 idolhosting sshd(pam_unix)[7545]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:33 idolhosting sshd(pam_unix)[7544]: check pass; user unknown
Jun 8 07:08:33 idolhosting sshd(pam_unix)[7544]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:33 idolhosting sshd(pam_unix)[7547]: check pass; user unknown
Jun 8 07:08:33 idolhosting sshd(pam_unix)[7547]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7557]: check pass; user unknown
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7557]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7556]: check pass; user unknown
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7556]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7560]: check pass; user unknown
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7560]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7546]: check pass; user unknown
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7548]: check pass; user unknown
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7548]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7546]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7565]: check pass; user unknown
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7565]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7564]: check pass; user unknown
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7564]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7563]: check pass; user unknown
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7563]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7570]: check pass; user unknown
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7570]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7572]: check pass; user unknown
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7572]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7571]: check pass; user unknown
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7571]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7576]: check pass; user unknown
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7576]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7577]: check pass; user unknown
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7577]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7578]: check pass; user unknown
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7578]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7584]: check pass; user unknown
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7584]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7586]: check pass; user unknown
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7586]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7588]: check pass; user unknown
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7588]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7592]: check pass; user unknown
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7592]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7593]: check pass; user unknown
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7593]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7594]: check pass; user unknown
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7594]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7599]: check pass; user unknown
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7599]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7598]: check pass; user unknown
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7598]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7602]: check pass; user unknown
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7602]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7605]: check pass; user unknown
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7605]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7606]: check pass; user unknown
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7606]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7607]: check pass; user unknown
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7607]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:22 idolhosting sshd(pam_unix)[7613]: check pass; user unknown
Jun 8 07:09:22 idolhosting sshd(pam_unix)[7613]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:22 idolhosting sshd(pam_unix)[7614]: check pass; user unknown
Jun 8 07:09:22 idolhosting sshd(pam_unix)[7614]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:23 idolhosting sshd(pam_unix)[7617]: check pass; user unknown
Jun 8 07:09:23 idolhosting sshd(pam_unix)[7617]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7619]: check pass; user unknown
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7619]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7620]: check pass; user unknown
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7620]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7624]: check pass; user unknown
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7624]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7627]: check pass; user unknown
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7627]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7628]: check pass; user unknown
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7628]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7631]: check pass; user unknown
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7631]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:39 idolhosting sshd(pam_unix)[7634]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:39 idolhosting sshd(pam_unix)[7635]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:39 idolhosting sshd(pam_unix)[7638]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:45 idolhosting sshd(pam_unix)[7640]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:09:45 idolhosting sshd(pam_unix)[7641]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:09:45 idolhosting sshd(pam_unix)[7644]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:09:51 idolhosting sshd(pam_unix)[7647]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:51 idolhosting sshd(pam_unix)[7649]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:51 idolhosting sshd(pam_unix)[7648]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:55 idolhosting sshd(pam_unix)[7657]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:55 idolhosting sshd(pam_unix)[7658]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:55 idolhosting sshd(pam_unix)[7659]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:10:01 idolhosting sshd(pam_unix)[7770]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:01 idolhosting sshd(pam_unix)[7771]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:01 idolhosting sshd(pam_unix)[7774]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:06 idolhosting sshd(pam_unix)[7818]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:06 idolhosting sshd(pam_unix)[7817]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:06 idolhosting sshd(pam_unix)[7821]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:13 idolhosting sshd(pam_unix)[7826]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:16 idolhosting sshd(pam_unix)[7828]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:16 idolhosting sshd(pam_unix)[7830]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:19 idolhosting sshd(pam_unix)[7833]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:25 idolhosting sshd(pam_unix)[7836]: check pass; user unknown
Jun 8 07:10:25 idolhosting sshd(pam_unix)[7836]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:10:31 idolhosting sshd(pam_unix)[7839]: check pass; user unknown
Jun 8 07:10:31 idolhosting sshd(pam_unix)[7839]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:10:35 idolhosting sshd(pam_unix)[7846]: check pass; user unknown
Jun 8 07:10:35 idolhosting sshd(pam_unix)[7846]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:10:40 idolhosting sshd(pam_unix)[7850]: check pass; user unknown
Jun 8 07:10:40 idolhosting sshd(pam_unix)[7850]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:10:46 idolhosting sshd(pam_unix)[7854]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
almost the same thing for my ftp as well I assume someone is trying to bruteforce into ssh and ftp. I have also had some ddos like activities in my error log like this
[Mon Jun 6 20:50:12 2005] [error] could not make child process 11587 exit, attempting to continue anyway
over and over again which I read is code red ddosing is there anything I can do to prevent this?
I installed SIM to monitor httpd and restart it if the url is unaccessable but I need help solving this. Any information is appreciated
bax