Someone tried to SSH into my Server

[pcthuglife]

This message showed up on my Log Watch:
Failed password for invalid user root from ::ffff:82.182.93.65 port 54254 ssh2

The person tried 11 times. Any suggestions?

How would I go about reporting this person to his/her ISP?

 

[randal]

LOL 11 times. that's a joke ... make a new thread when it hits 10k from 100 different sources in one night.

 

[alien42]

Originally posted by: pcthuglife
This message showed up on my Log Watch:
Failed password for invalid user root from ::ffff:82.182.93.65 port 54254 ssh2

The person tried 11 times. Any suggestions?

How would I go about reporting this person to his/her ISP?

that is like calling the cops and saying "hey, someone knocked on my door 11 times"

 

[pcthuglife]

the point is the asshole is out there looking for vulnerable machines. just because he/she didn't put forth much effort to get into mine, doesn't mean their not an asshole who just wants to screw with people.

 

[MisterJackson]

Quick, board a plane to North Karea and kick his ass sea bass!

 

[spidey07]

Originally posted by: pcthuglife
the point is the asshole is out there looking for vulnerable machines. just because he/she didn't put forth much effort to get into mine, doesn't mean their not an asshole who just wants to screw with people.

you don't know that. maybe typed in the wrong IP.

don't worry about it until you get hundreds/1000s

 

[pcthuglife]

kick his ass sea bass!

So after I kick his ass I'll get away scott free right?
No, they'll catch up with you later on down the road and slit your throat...

don't worry about it until you get hundreds/1000s

That's cool, I've just never seen this happen to my home server before. I just wasn't sure how serious this was.

 

[spidey07]

It happens. Could just a scanner/automated password file attempt.

 

[ghostman]

Like others have said, 11 times isn't a big deal. Make sure your password is strong enough, your SSH server is patched and you're not flaunting any unnecessary services.

If the sucker is persistent, report him to his ISP (probably abuse@bostream.se).

 

[AccruedExpenditure]

Man, it must be those e-gangsta's at it again... you should be accustomed to this by now though... you live the PC-Thug Life...

 

[Jon855]

If you do not use SSH for any reason the disable that port... And you should be dropping him everytime he tries.

 

[chcarnage]

Originally posted by: MisterJackson
Quick, board a plane to North Karea and kick his ass sea bass!

The IP is from Sweden actually. Maybe he mocked Smörgåsbord or something.

 

[dowxp]

It happens all the time. I get 2-5 everyday.

 

[skyking]

What are you worried about? the tard tried to ssh in as root, which is disabled by default on a box that is set up properly .

 

[Rainsford]

I like seeing stuff like that in my logs...I'm happy I'm helping waste the time of the e-badasses of the internet. Because while they are attempting to hack into my patched SSH server that only allows key logon, they aren't bringing down Amazon.

 

[dartworth]

disable direct root login...

linky

 

[FoBoT]

Originally posted by: pcthuglife

kick his ass sea bass!

I just wasn't sure how serious this was.

is your box patched? don't worry about it

 

[Pabster]

Damn I thought I used a proxy...

 

[Pepsi90919]

that's kind of below normal. why don't you take a look at how many times SMTP is getting hit.