Date: Tue, 19 Nov 2013 09:14:59 +0100 From: Marko =?UTF-8?B?Q3VwYcSH?= <marko.cupac@mimar.rs> To: freebsd-stable@freebsd.org Subject: login failures Message-ID: <20131119091459.3084ad63d079615a0ce31d18@mimar.rs>
next in thread | raw e-mail | index | archive | help
I am getting a-mail with security run output from one of my 9.2-RELEASE servers whose primary role is mysql server: sql1.kappastar.com login failures: Nov 18 02:11:09 sql1 sshd[58619]: Invalid user this-is-not-an-attack from 188.95.234.6 Nov 18 02:11:17 sql1 sshd[58621]: Invalid user this-is-not-an-attack from 188.95.234.6 Nov 18 04:54:10 sql1 sshd [59190]: reverse mapping checking getaddrinfo for 189.26.255.11.static.gvt.net.br [189.26.255.11] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 18 04:54:10 sql1 sshd[59190]: Invalid user info from 189.26.255.11 Nov 18 21:18:05 sql1 sshd[60883]: reverse mapping checking getaddrinfo for 210.213.119.53.pldt.net [210.213.119.53] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 18 21:18:09 sql1 sshd[60885]: reverse mapping checking getaddrinfo for 210.213.119.53.pldt.net [210.213.119.53] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 18 21:18:16 sql1 sshd[60887]: reverse mapping checking getaddrinfo for 210.213.119.53.pldt.net [210.213.119.53] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 18 23:05:39 sql1 sshd[61075]: Invalid user ____ from 208.83.31.22 However, I do not see anything in auth.log. Also, this should not happen at all as this host is in DMZ behind the firewall which does not allow ssh connections to it. How should I start troubleshooting this? --=20 Marko Cupa=C4=87
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131119091459.3084ad63d079615a0ce31d18>