Page 1 of 1

Help with logs.

Posted: 2007/07/14 16:54:52
by slakjawd
I keep on seeing this in my secure log. I am kind of new to Linux and I understand the failed password part but what does the "does not map back to the address" part mean?


Jul 14 07:33:17 test sshd[5458]: Failed password for invalid user adita from ::ffff:83.65.141.94 port 44516 ssh2
Jul 14 07:33:17 test sshd[5459]: Received disconnect from ::ffff:83.65.141.94: 11: Bye Bye
Jul 14 07:33:18 test sshd[5460]: Invalid user adlai from ::ffff:83.65.141.94
Jul 14 07:33:18 test sshd[5461]: input_userauth_request: invalid user adlai
Jul 14 07:33:18 test sshd[5460]: Address 83.65.141.94 maps to elderew.hiweb.at, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!

Help with logs.

Posted: 2007/07/14 18:19:01
by foxb
This is automated attack.

Just move your ssh port to other number than standard 22.

This will stop the attacks.

As for the message it has different address than dns name.