Thunderbite
Verified User
- Joined
- Sep 30, 2008
- Messages
- 24
Hi all,
Since yesterday there are happening a bunch of strange things on my server... first of all my DirectAdmin error log get flooded with these messages:
2008:11:19-10:47:46: removing old lock: ./data/users/mark/reseller.allocation.lock
2008:11:19-16:04:17: removing old lock: ./data/users/mark/user.conf.lock
2008:11:19-16:04:41: removing old lock: ./data/admin/login.hist.lock
2008:11:19-16:04:43: removing old lock: ./data/admin/login.hist.lock
2008:11:19-16:08:00: removing old lock: ./data/users/mark/user.conf.lock
2008:11:19-16:08:04: removing old lock: ./data/users/mark/user.conf.lock
2008:11:19-16:08:52: removing old lock: ./data/admin/login.hist.lock
2008:11:19-16:10:36: removing old lock: ./data/users/mark/user.conf.lock
2008:11:19-16:12:44: removing old lock: ./data/users/mark/user.conf.lock
2008:11:19-16:34:10: removing old lock: ./data/users/mark/user.usage.lock
Then second of all the System messages log gets flooded with this:
Nov 19 17:58:06 server1 sshd[38242]: error: PAM: authentication error for illegal user apache from 200.21.190.84
Nov 19 17:58:06 server1 sshd[38243]: error: PAM: authentication error for illegal user apache from 200.21.190.84
Nov 19 18:01:45 server1 sshd[38928]: error: PAM: authentication error for illegal user apache from 194.228.118.57
Nov 19 18:01:45 server1 sshd[38929]: error: PAM: authentication error for illegal user apache from 194.228.118.57
Nov 19 18:05:15 server1 sshd[39451]: error: PAM: authentication error for illegal user apache from 23.red-80-24-4.staticip.rima-tde.net
Nov 19 18:05:15 server1 sshd[39452]: error: PAM: authentication error for illegal user apache from 23.red-80-24-4.staticip.rima-tde.net
Nov 19 18:08:44 server1 sshd[39603]: error: PAM: unknown user for illegal user at from ns.realtrade.lv
Nov 19 18:08:44 server1 sshd[39602]: error: PAM: unknown user for illegal user at from ns.realtrade.lv
Nov 19 18:12:10 server1 sshd[39997]: error: PAM: unknown user for illegal user at from 90.190.110.51
Nov 19 18:12:10 server1 sshd[39998]: error: PAM: unknown user for illegal user at from 90.190.110.51
I understand that those are trying to hack in to my ssh right? When i turn the ssh connection off the messages stop also flooding my log.
2 questions:
1. The first directadmin log errors what can cause all these messages?
2. What do you suggest to extra secure the ssh connections?
Thanks for everybody's effort and time
Since yesterday there are happening a bunch of strange things on my server... first of all my DirectAdmin error log get flooded with these messages:
2008:11:19-10:47:46: removing old lock: ./data/users/mark/reseller.allocation.lock
2008:11:19-16:04:17: removing old lock: ./data/users/mark/user.conf.lock
2008:11:19-16:04:41: removing old lock: ./data/admin/login.hist.lock
2008:11:19-16:04:43: removing old lock: ./data/admin/login.hist.lock
2008:11:19-16:08:00: removing old lock: ./data/users/mark/user.conf.lock
2008:11:19-16:08:04: removing old lock: ./data/users/mark/user.conf.lock
2008:11:19-16:08:52: removing old lock: ./data/admin/login.hist.lock
2008:11:19-16:10:36: removing old lock: ./data/users/mark/user.conf.lock
2008:11:19-16:12:44: removing old lock: ./data/users/mark/user.conf.lock
2008:11:19-16:34:10: removing old lock: ./data/users/mark/user.usage.lock
Then second of all the System messages log gets flooded with this:
Nov 19 17:58:06 server1 sshd[38242]: error: PAM: authentication error for illegal user apache from 200.21.190.84
Nov 19 17:58:06 server1 sshd[38243]: error: PAM: authentication error for illegal user apache from 200.21.190.84
Nov 19 18:01:45 server1 sshd[38928]: error: PAM: authentication error for illegal user apache from 194.228.118.57
Nov 19 18:01:45 server1 sshd[38929]: error: PAM: authentication error for illegal user apache from 194.228.118.57
Nov 19 18:05:15 server1 sshd[39451]: error: PAM: authentication error for illegal user apache from 23.red-80-24-4.staticip.rima-tde.net
Nov 19 18:05:15 server1 sshd[39452]: error: PAM: authentication error for illegal user apache from 23.red-80-24-4.staticip.rima-tde.net
Nov 19 18:08:44 server1 sshd[39603]: error: PAM: unknown user for illegal user at from ns.realtrade.lv
Nov 19 18:08:44 server1 sshd[39602]: error: PAM: unknown user for illegal user at from ns.realtrade.lv
Nov 19 18:12:10 server1 sshd[39997]: error: PAM: unknown user for illegal user at from 90.190.110.51
Nov 19 18:12:10 server1 sshd[39998]: error: PAM: unknown user for illegal user at from 90.190.110.51
I understand that those are trying to hack in to my ssh right? When i turn the ssh connection off the messages stop also flooding my log.
2 questions:
1. The first directadmin log errors what can cause all these messages?
2. What do you suggest to extra secure the ssh connections?
Thanks for everybody's effort and time
