Thanks for the info on where to look. I hadn't looked at these logs before, but I'm getting scanned quite a bit as well. All the scans seem to originate from the same few IP addresses: 128.104.8.231 202.6.75.195 81.15.119.11 64.246.32.92 212.4.172.123 The user accounts they try to log in as are: test guest admin root I would definitely suggest updating any/all passwords on your systems if they are dictionary based. The scans start about ten days ago for my system. Obviously, the script-kiddies found a new toy. We can probably expect more of this junk in the future. -Mike > -----Original Message----- > From: Steven Stern [mailto:subscribed-lists@xxxxxxxxxxxxx] > Sent: Wednesday, August 4, 2004 02:37 PM > To: 'For users of Fedora Core releases' > Subject: Re: MORE SSH Hacking: heads-up > > On Wed, 4 Aug 2004 10:25:05 -0400, jeem machine <jmachine@xxxxxxxxx> wrote: > > >On Wed, 04 Aug 2004 08:25:36 -0500, Steven Stern > ><subscribed-lists@xxxxxxxxxxxxx> wrote: > >> On Tue, 03 Aug 2004 21:40:18 -0700, Ow Mun Heng <Ow.Mun.Heng@xxxxxxx> wrote: > >> > >> My logs from last night: > >> > >> Failed logins from these: > >> guest/password from ::ffff:143.107.235.116: 1 Time(s) > >> guest/password from ::ffff:211.105.46.30: 1 Time(s) > >> test/password from ::ffff:143.107.235.116: 1 Time(s) > >> test/password from ::ffff:211.105.46.30: 1 Time(s) > >> > >> Illegal users from these: > >> guest/none from ::ffff:143.107.235.116: 1 Time(s) > >> guest/none from ::ffff:211.105.46.30: 1 Time(s) > >> guest/password from ::ffff:143.107.235.116: 1 Time(s) > >> guest/password from ::ffff:211.105.46.30: 1 Time(s) > >> test/none from ::ffff:143.107.235.116: 1 Time(s) > >> test/none from ::ffff:211.105.46.30: 1 Time(s) > >> test/password from ::ffff:143.107.235.116: 1 Time(s) > >> test/password from ::ffff:211.105.46.30: 1 Time(s) > >> > > > >> > >Which logs are you looking at. I would like to check my system > > > The snipped above comes from the nightly logwatch run, mailed to root. > Logwatch searches through /var/log/secure* > > -- > Steve > > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
