need some help

Baxter

Verified User
Joined
Jun 6, 2005
Messages
16
I was checking my logs after work today and noticed this in my message.log

Jun 8 07:08:33 idolhosting sshd(pam_unix)[7545]: check pass; user unknown
Jun 8 07:08:33 idolhosting sshd(pam_unix)[7545]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:33 idolhosting sshd(pam_unix)[7544]: check pass; user unknown
Jun 8 07:08:33 idolhosting sshd(pam_unix)[7544]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:33 idolhosting sshd(pam_unix)[7547]: check pass; user unknown
Jun 8 07:08:33 idolhosting sshd(pam_unix)[7547]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7557]: check pass; user unknown
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7557]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7556]: check pass; user unknown
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7556]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7560]: check pass; user unknown
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7560]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7546]: check pass; user unknown
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7548]: check pass; user unknown
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7548]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:38 idolhosting sshd(pam_unix)[7546]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7565]: check pass; user unknown
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7565]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7564]: check pass; user unknown
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7564]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7563]: check pass; user unknown
Jun 8 07:08:42 idolhosting sshd(pam_unix)[7563]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7570]: check pass; user unknown
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7570]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7572]: check pass; user unknown
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7572]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7571]: check pass; user unknown
Jun 8 07:08:49 idolhosting sshd(pam_unix)[7571]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7576]: check pass; user unknown
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7576]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7577]: check pass; user unknown
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7577]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7578]: check pass; user unknown
Jun 8 07:08:54 idolhosting sshd(pam_unix)[7578]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7584]: check pass; user unknown
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7584]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7586]: check pass; user unknown
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7586]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7588]: check pass; user unknown
Jun 8 07:09:01 idolhosting sshd(pam_unix)[7588]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7592]: check pass; user unknown
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7592]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7593]: check pass; user unknown
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7593]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7594]: check pass; user unknown
Jun 8 07:09:07 idolhosting sshd(pam_unix)[7594]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7599]: check pass; user unknown
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7599]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7598]: check pass; user unknown
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7598]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7602]: check pass; user unknown
Jun 8 07:09:12 idolhosting sshd(pam_unix)[7602]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7605]: check pass; user unknown
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7605]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7606]: check pass; user unknown
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7606]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7607]: check pass; user unknown
Jun 8 07:09:16 idolhosting sshd(pam_unix)[7607]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:22 idolhosting sshd(pam_unix)[7613]: check pass; user unknown
Jun 8 07:09:22 idolhosting sshd(pam_unix)[7613]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:22 idolhosting sshd(pam_unix)[7614]: check pass; user unknown
Jun 8 07:09:22 idolhosting sshd(pam_unix)[7614]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:23 idolhosting sshd(pam_unix)[7617]: check pass; user unknown
Jun 8 07:09:23 idolhosting sshd(pam_unix)[7617]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7619]: check pass; user unknown
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7619]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7620]: check pass; user unknown
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7620]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7624]: check pass; user unknown
Jun 8 07:09:29 idolhosting sshd(pam_unix)[7624]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7627]: check pass; user unknown
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7627]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7628]: check pass; user unknown
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7628]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7631]: check pass; user unknown
Jun 8 07:09:33 idolhosting sshd(pam_unix)[7631]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:09:39 idolhosting sshd(pam_unix)[7634]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:39 idolhosting sshd(pam_unix)[7635]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:39 idolhosting sshd(pam_unix)[7638]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:45 idolhosting sshd(pam_unix)[7640]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:09:45 idolhosting sshd(pam_unix)[7641]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:09:45 idolhosting sshd(pam_unix)[7644]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:09:51 idolhosting sshd(pam_unix)[7647]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:51 idolhosting sshd(pam_unix)[7649]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:51 idolhosting sshd(pam_unix)[7648]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:55 idolhosting sshd(pam_unix)[7657]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:55 idolhosting sshd(pam_unix)[7658]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:09:55 idolhosting sshd(pam_unix)[7659]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=root
Jun 8 07:10:01 idolhosting sshd(pam_unix)[7770]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:01 idolhosting sshd(pam_unix)[7771]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:01 idolhosting sshd(pam_unix)[7774]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:06 idolhosting sshd(pam_unix)[7818]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:06 idolhosting sshd(pam_unix)[7817]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:06 idolhosting sshd(pam_unix)[7821]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:13 idolhosting sshd(pam_unix)[7826]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:16 idolhosting sshd(pam_unix)[7828]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:16 idolhosting sshd(pam_unix)[7830]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:19 idolhosting sshd(pam_unix)[7833]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin
Jun 8 07:10:25 idolhosting sshd(pam_unix)[7836]: check pass; user unknown
Jun 8 07:10:25 idolhosting sshd(pam_unix)[7836]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:10:31 idolhosting sshd(pam_unix)[7839]: check pass; user unknown
Jun 8 07:10:31 idolhosting sshd(pam_unix)[7839]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:10:35 idolhosting sshd(pam_unix)[7846]: check pass; user unknown
Jun 8 07:10:35 idolhosting sshd(pam_unix)[7846]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:10:40 idolhosting sshd(pam_unix)[7850]: check pass; user unknown
Jun 8 07:10:40 idolhosting sshd(pam_unix)[7850]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com
Jun 8 07:10:46 idolhosting sshd(pam_unix)[7854]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=a347dns05.direcpc.com user=admin

almost the same thing for my ftp as well I assume someone is trying to bruteforce into ssh and ftp. I have also had some ddos like activities in my error log like this

[Mon Jun 6 20:50:12 2005] [error] could not make child process 11587 exit, attempting to continue anyway

over and over again which I read is code red ddosing is there anything I can do to prevent this?

I installed SIM to monitor httpd and restart it if the url is unaccessable but I need help solving this. Any information is appreciated :D

bax
 
Yes, someone is trying brute force attacks on your server.

If your important passwords are secure then you can ignore these.

If you don't want to ignore them, you can install APF firewall, which can be configured to block specific IP#s after they've hit a certain threshold.

But then you'll get the APF firewall logs, unless you turn off the logging.

Jeff
 
Back
Top