From last night's LogWatch:
--------------------------------------------------------------------------
sshd:
Invalid Users:
Unknown Account: 7 Time(s)
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=johnstongrain.com : 2 Time(s)
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=smms-mriley09d.chemistry.uq.edu.au : 2 Time(s)
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=211.117.191.70 : 1 Time(s)
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=216.97.110.1 : 1 Time(s)
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=ccia-062-204-197-193.uned.es : 1 Time(s)
su:
Sessions Opened:
brian(uid=500) -> root: 1 Time(s)
------------------------------------------------------------------------
Ok, guys- what do we do with this? Should we be writing down the
addresses from which these attempts were made? They're probably all
'stooge' addresses, I know, but it might help authorities to know what
other machines have been compromised...
I'll go save the log somewhere...
------------------------------------------------------------------------
--
------------------------------------------------------------------------
Brian FahrlÃnder Christian, Conservative, and Technomad
Evansville, IN http://www.fahrlander.net
ICQ 5119262
AIM: WheelDweller
------------------------------------------------------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part
