2011-09-22, 06:11 PM
I found a log file that kind of worries me, it's not my website log file but /var/log/secure. Is this something to worry about? Looks like someone is trying to break in:
(and I got quite a few more ip's trying to do the same thing or something similar)
Sep 18 03:46:12 localhost sshd[9004]: Received disconnect from 96.44.148.170: 11: Bye Bye
Sep 18 03:46:41 localhost sshd[9005]: Address 96.44.148.170 maps to 96.44.148.170.static.quadranet.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sep 18 03:46:41 localhost sshd[9005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.44.148.170 user=root
Sep 18 03:46:43 localhost sshd[9005]: Failed password for root from 96.44.148.170 port 60604 ssh2
Sep 18 03:46:43 localhost sshd[9006]: Received disconnect from 96.44.148.170: 11: Bye Bye
Sep 18 03:47:11 localhost sshd[9007]: Address 96.44.148.170 maps to 96.44.148.170.static.quadranet.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sep 18 03:47:11 localhost sshd[9007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.44.148.170 user=root
Sep 18 03:47:12 localhost sshd[9007]: Failed password for root from 96.44.148.170 port 35961 ssh2
Sep 18 03:47:12 localhost sshd[9008]: Received disconnect from 96.44.148.170: 11: Bye Bye
Sep 18 03:47:41 localhost sshd[9009]: Address 96.44.148.170 maps to 96.44.148.170.static.quadranet.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sep 18 03:47:41 localhost sshd[9009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.44.148.170 user=root
Sep 18 03:47:43 localhost sshd[9009]: Failed password for root from 96.44.148.170 port 39572 ssh2
Sep 18 03:47:43 localhost sshd[9010]: Received disconnect from 96.44.148.170: 11: Bye Bye
Sep 18 03:48:12 localhost sshd[9011]: Address 96.44.148.170 maps to 96.44.148.170.static.quadranet.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sep 18 03:48:12 localhost sshd[9011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.44.148.170 user=root
Sep 18 03:48:14 localhost sshd[9011]: Failed password for root from 96.44.148.170 port 43168 ssh2
Sep 18 03:48:14 localhost sshd[9012]: Received disconnect from 96.44.148.170: 11: Bye Bye
Sep 18 03:48:42 localhost sshd[9013]: Address 96.44.148.170 maps to 96.44.148.170.static.quadranet.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sep 18 03:48:42 localhost sshd[9013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.44.148.170 user=root
Sep 18 03:48:44 localhost sshd[9013]: Failed password for root from 96.44.148.170 port 46797 ssh2
Sep 18 03:48:44 localhost sshd[9014]: Received disconnect from 96.44.148.170: 11: Bye Bye
Sep 18 03:49:13 localhost sshd[9015]: Address 96.44.148.170 maps to 96.44.148.170.static.quadranet.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sep 18 03:49:13 localhost sshd[9015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.44.148.170 user=root
Sep 18 03:49:14 localhost sshd[9015]: Failed password for root from 96.44.148.170 port 50417 ssh2
Sep 18 03:49:15 localhost sshd[9016]: Received disconnect from 96.44.148.170: 11: Bye Bye
Sep 18 03:49:44 localhost sshd[9017]: Address 96.44.148.170 maps to 96.44.148.170.static.quadranet.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sep 18 03:49:44 localhost sshd[9017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.44.148.170 user=root
Sep 18 03:49:46 localhost sshd[9017]: Failed password for root from 96.44.148.170 port 54091 ssh2
Sep 18 03:49:46 localhost sshd[9018]: Received disconnect from 96.44.148.170: 11: Bye Bye