Jonathan T. Steadman wrote:
...and in my logs i came across some garbage (its at the bottom of this email) what do you do about this? Just let it be? inform ISP? wait and see if it is more continuous? dont know the proper thing to do i guess just making sure with you guys.
Jul 17 14:42:24 localhost sshd[6746]: Illegal user test from
130.120.81.14
It's originating from a machine in France, or at least the IP is (the person could be sitting in your basement, and using a machine in France for that matter.) Whether you want to take it up with Centre Interuniversitaire de Calcul de Toulouse, who owns that IP range, is up to you, but chances are nothing will come of it.
My approach to things like this is to check for repeat occurrences. If I get repeats, I stick the IP in hosts.deny and let them have it. And if I found out they're using an entire range of IPs, that entire range will get blocked as well. For example, I have absolutely no problem what so ever blocking the entire network belonging to Media Dream Land (69.42.96.0/19), who are just a big ass spamming network. You can all start flaming me now.
-- W | I haven't lost my mind; it's backed up on tape somewhere. +-------------------------------------------------------------------- Ashley M. Kirchner <mailto:ashley@xxxxxxxxxx> . 303.442.6410 x130 IT Director / SysAdmin / WebSmith . 800.441.3873 x130 Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6 http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
