[Logwatch] Under attack...

Jim Douglas jdz99 at hotmail.com
Thu Feb 15 09:33:36 MST 2007


I am under attack and was hoping someone help asses if there was a 
successful break in or not...and the best course of action.

When it says "Illegal users from:" does this mean they were successful in 
loggin onto my server?

I have these entried in my log file,

sshd:
    Authentication Failures:
       unknown (24.214.208.54): 317 Time(s)
       root (24.214.208.54): 38 Time(s)
       unknown (125.22.244.88): 23 Time(s)
       mail (24.214.208.54): 2 Time(s)
       ftp (125.22.244.88): 1 Time(s)
       ftp (24.214.208.54): 1 Time(s)
       operator (24.214.208.54): 1 Time(s)
       postfix (125.22.244.88): 1 Time(s)
       root (125.22.244.88): 1 Time(s)
       root (127.0.0.1): 1 Time(s)
       tomcat (125.22.244.88): 1 Time(s)
    Invalid Users:
       Unknown Account: 340 Time(s)


---------------------- pam_unix End -------------------------

--------------------- SSHD Begin ------------------------

Failed logins from:
    24.214.208.54 (user-24-214-208-54.knology.net): 42 times
    125.22.244.88 (dsl-TN-static-088.244.22.125.airtelbroadband.in): 4 times
    127.0.0.1 (localhost.localdomain): 1 time

Illegal users from:
    24.214.208.54 (user-24-214-208-54.knology.net): 317 times
    125.22.244.88 (dsl-TN-static-088.244.22.125.airtelbroadband.in): 23 
times

Users logging in through sshd:
    nx:
       216.229.21.70 (ip-26-39-21-70.hqglobal.net): 2 times
    root:
       127.0.0.1 (localhost.localdomain): 2 times

Received disconnect:
    11: Bye Bye : 385 Time(s)

---------------------- SSHD End -------------------------

Thanks,
Jim

_________________________________________________________________
Invite your Hotmail contacts to join your friends list with Windows Live 
Spaces 
http://clk.atdmt.com/MSN/go/msnnkwsp0070000001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us



More information about the Logwatch mailing list