Honestly, I would forward the logfile that you got that from, with non-pertinent info removed of course, to abuse@xxxxxxxxx The reason I say this is because of the following information: 130.120.81.14 Record Type: IP Address OrgName: RIPE Network Coordination Centre OrgID: RIPE Address: Singel 258 Address: 1016 AB City: Amsterdam StateProv: PostalCode: Country: NL ReferralServer: whois://whois.ripe.net:43 NetRange: 130.120.0.0 - 130.120.255.255 CIDR: 130.120.0.0/16 NetName: RIPE-ERX-130-120-0-0 NetHandle: NET-130-120-0-0-1 Parent: NET-130-0-0-0-0 NetType: Early Registrations, Transferred to RIPE NCC Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois RegDate: 2003-11-12 Updated: 2004-03-02 Which I obtained from a whois query. No guarantee that anything will become of the report but it's always better to be safe than sorry. On Sat, 2004-07-17 at 12:40, Jonathan T. Steadman wrote: > Sorry this is yet another lame question, but I am new to hosting web > server ect. just kinda experimenting actually and in my logs i came > across some garbage (its at the bottom of this email) what do you do > about this? Just let it be? inform ISP? wait and see if it is more > continuous? dont know the proper thing to do i guess just making sure > with you guys. > > Jul 17 14:42:24 localhost sshd[6746]: Illegal user test from > 130.120.81.14 > Jul 17 14:42:26 localhost sshd[6746]: Failed password for illegal user > test from 130.120.81.14 port 48692 ssh2 > Jul 17 14:42:27 localhost sshd[6748]: Illegal user guest from > 130.120.81.14 > Jul 17 14:42:30 localhost sshd[6748]: Failed password for illegal user > guest from 130.120.81.14 port 48753 ssh2 > Jul 17 14:42:31 localhost sshd[6750]: Illegal user admin from > 130.120.81.14 > Jul 17 14:42:33 localhost sshd[6750]: Failed password for illegal user > admin from 130.120.81.14 port 48807 ssh2 > Jul 17 14:42:34 localhost sshd[6752]: Illegal user admin from > 130.120.81.14 > Jul 17 14:42:37 localhost sshd[6752]: Failed password for illegal user > admin from 130.120.81.14 port 48849 ssh2 > Jul 17 14:42:38 localhost sshd[6754]: Illegal user user from > 130.120.81.14 > Jul 17 14:42:40 localhost sshd[6754]: Failed password for illegal user > user from 130.120.81.14 port 48879 ssh2 > Jul 17 14:42:43 localhost sshd[6756]: Failed password for root from > 130.120.81.14 port 48900 ssh2 > Jul 17 14:42:47 localhost sshd[6758]: Failed password for root from > 130.120.81.14 port 48913 ssh2 > Jul 17 14:42:50 localhost sshd[6760]: Failed password for root from > 130.120.81.14 port 48924 ssh2 > Jul 17 14:42:51 localhost sshd[6762]: Illegal user test from > 130.120.81.14 > Jul 17 14:42:54 localhost sshd[6762]: Failed password for illegal user > test from 130.120.81.14 port 48931 ssh2 -- Thanks, Tom Sapp http://www.sappsworld.com
