I keep getting an email from my dedicated server host with a bunch of fwds from an IT firm somewhere. The email is addressed to me telling me that I am receiving a warning for violating their terms of service. In the email fwds it has many log attempts of someone from my dedicated servers address attempting log in as root and doing various other activities.

How is this possible? I have changed the password for root account many times, is there any other way someone could do these attacks from my server with out being root? Can I disable all other access to the server except for root?

Plz help.

They don't need to have hacked root on your server to try to log in as root on a remote system. Someone has presumably hacked into your server as a non-root user and then tried to log in to other systems from there.

Fair enough. Work with me here though.

How can I disable every user account except root?

Before you do that, let's start with something simple. Check your /home directory. Are there any usernames there you don't recognize? There should only be the names of users that are SUPPOSED to have access, and "lost+found".

Next is something more involved: look carefully through your /var/log/auth.log and see if there are any logins from IP addresses you don't recognize.

Thanks for replying!

/home does not contain any directories I did not put there.

And for the log these entries appear to stick out.


Apr 28 13:20:23 VIP sshd[14427]: Invalid user test from 211.239.92.10
Apr 28 13:20:26 VIP sshd[14427]: (pam_unix) check pass; user unknown
Apr 28 13:20:26 VIP sshd[14427]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.92.10
Apr 28 13:20:28 VIP sshd[14427]: Failed password for invalid user test from 211.239.92.10 port 50257 ssh2
Apr 28 13:20:32 VIP sshd[14432]: Invalid user test from 211.239.92.10
Apr 28 13:20:33 VIP sshd[14432]: (pam_unix) check pass; user unknown
Apr 28 13:20:33 VIP sshd[14432]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.92.10
Apr 28 13:20:35 VIP sshd[14432]: Failed password for invalid user test from 211.239.92.10 port 50614 ssh2
Apr 28 13:20:37 VIP sshd[14435]: Invalid user test from 211.239.92.10
Apr 28 13:20:39 VIP sshd[14435]: (pam_unix) check pass; user unknown
Apr 28 13:20:39 VIP sshd[14435]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.92.10
Apr 28 13:20:41 VIP sshd[14435]: Failed password for invalid user test from 211.239.92.10 port 50925 ssh2
Apr 28 13:20:44 VIP sshd[14437]: Invalid user test from 211.239.92.10
Apr 28 13:20:45 VIP sshd[14437]: (pam_unix) check pass; user unknown
Apr 28 13:20:45 VIP sshd[14437]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.92.10
Apr 28 13:20:47 VIP sshd[14437]: Failed password for invalid user test from 211.239.92.10 port 51228 ssh2
Apr 28 13:20:49 VIP sshd[14440]: Invalid user test from 211.239.92.10
Apr 28 13:20:51 VIP sshd[14440]: (pam_unix) check pass; user unknown
Apr 28 13:20:51 VIP sshd[14440]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.92.10
Apr 28 13:20:54 VIP sshd[14440]: Failed password for invalid user test from 211.239.92.10 port 51525 ssh2
Apr 28 13:20:56 VIP sshd[14442]: Invalid user test from 211.239.92.10
Apr 28 13:20:59 VIP sshd[14442]: (pam_unix) check pass; user unknown
Apr 28 13:20:59 VIP sshd[14442]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.92.10
Apr 28 13:21:01 VIP sshd[14442]: Failed password for invalid user test from 211.239.92.10 port 51848 ssh2
Apr 28 13:21:04 VIP sshd[14444]: Invalid user test from 211.239.92.10
Apr 28 13:21:06 VIP sshd[14444]: (pam_unix) check pass; user unknown
Apr 28 13:21:06 VIP sshd[14444]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.92.10
Apr 28 13:21:08 VIP sshd[14444]: Failed password for invalid user test from 211.239.92.10 port 52234 ssh2
Apr 28 13:21:11 VIP sshd[14446]: Invalid user test from 211.239.92.10
Apr 28 13:21:12 VIP sshd[14446]: (pam_unix) check pass; user unknown
Apr 28 13:21:12 VIP sshd[14446]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.92.10
Apr 28 13:21:14 VIP sshd[14446]: Failed password for invalid user test from 211.239.92.10 port 52547 ssh2
Apr 28 13:21:16 VIP sshd[14448]: Invalid user test from 211.239.92.10
Apr 28 13:21:19 VIP sshd[14448]: (pam_unix) check pass; user unknown
Apr 28 13:21:19 VIP sshd[14448]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.92.10
Apr 28 13:21:21 VIP sshd[14448]: Failed password for invalid user test from 211.239.92.10 port 52809 ssh2
Apr 28 13:21:23 VIP sshd[14450]: Invalid user test from 211.239.92.10
Apr 28 13:21:25 VIP sshd[14450]: (pam_unix) check pass; user unknown
Apr 28 13:21:25 VIP sshd[14450]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.92.10
Apr 28 13:21:27 VIP sshd[14450]: Failed password for invalid user test from 211.239.92.10 port 53135 ssh2


There is also pages of stuff like


Apr 28 18:41:02 VIP sshd[26208]: Failed password for invalid user master from 75.147.113.234 port 9805 ssh2
Apr 28 18:41:03 VIP sshd[26210]: reverse mapping checking getaddrinfo for 75-147-113-234-philadelphia.hfc.comcastbusiness.net failed - POSSIBLE BREAKIN ATTEMPT!
Apr 28 18:41:03 VIP sshd[26210]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.147.113.234 user=root
Apr 28 18:41:05 VIP sshd[26210]: Failed password for root from 75.147.113.234 port 10000 ssh2
Apr 28 18:41:06 VIP sshd[26214]: reverse mapping checking getaddrinfo for 75-147-113-234-philadelphia.hfc.comcastbusiness.net failed - POSSIBLE BREAKIN ATTEMPT!
Apr 28 18:41:06 VIP sshd[26214]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.147.113.234 user=root
Apr 28 18:41:08 VIP sshd[26214]: Failed password for root from 75.147.113.234 port 10241 ssh2
Apr 28 18:41:09 VIP sshd[26217]: reverse mapping checking getaddrinfo for 75-147-113-234-philadelphia.hfc.comcastbusiness.net failed - POSSIBLE BREAKIN ATTEMPT!
Apr 28 18:41:09 VIP sshd[26217]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.147.113.234 user=root
Apr 28 18:41:11 VIP sshd[26217]: Failed password for root from 75.147.113.234 port 10432 ssh2
Apr 28 18:41:12 VIP sshd[26220]: reverse mapping checking getaddrinfo for 75-147-113-234-philadelphia.hfc.comcastbusiness.net failed - POSSIBLE BREAKIN ATTEMPT!
Apr 28 18:41:12 VIP sshd[26220]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.147.113.234 user=root
Apr 28 18:41:14 VIP sshd[26220]: Failed password for root from 75.147.113.234 port 10631 ssh2
Apr 28 18:41:14 VIP sshd[26223]: reverse mapping checking getaddrinfo for 75-147-113-234-philadelphia.hfc.comcastbusiness.net failed - POSSIBLE BREAKIN ATTEMPT!
Apr 28 18:41:14 VIP sshd[26223]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.147.113.234 user=root
Apr 28 18:41:17 VIP sshd[26223]: Failed password for root from 75.147.113.234 port 10819 ssh2


I don't recognize any of those IP addresses. So does this mean someone is getting in somehow?

hmmm, as there is something going on witht he box I'd
(1) reset the box - you don't know for sure if it was broken in
(2) with the new box disable root login (login as normal user and only then gain root access through it)
(3) install deny hosts
(4) audit all the other stuff you have on there

Why not just disable access from every other user account?

the log excerpts you posted show somebody, probably a script, trying to break in via SSH by a variant of a brute-force attack: trying common userIds, and either common passwords, or a series of pre-stored passwords, or prefixes.

Based *only* on the excerpts, none succeeded.

Nevertheless. This does not mean that this was the successful attack, just that this was one avenue.

The *very* first action should be to disconnect this server from the network. Just pull off the network cable.

The second action is to review the literature on how to protect a server, then go thru all programs (officially, in other words, that YOU) installed, and verify their settings re. security and access control. Write down any deviations, and write down all necessary corrections. Also, seriously consider uninstalling any service, daemon, or programme you do not use or need on this exposed server.

Then: this machine is (potentially) compromised. Your best option (for a fast return on-line) would be to format *all* local disks and re-install your O.S.

The second best option is to replace the current box by a backup (fully reconfigured for security), and go play forensics on this one.

But, right now, take it offline.

First of all. I have never seen this server in my life. For all I know it could be a VM on a Cray. It's sitting a bunker somewhere in the US. I just rent it for $x/month.

Taking it offline isn't really an option for me as I'll have no way of configuring anything on it.

So any other suggestions? Is there a way I can make my server simply time out a connection from an IP for 30 minutes if it fails to connect over 3 times or something? Or just only allow it a connection from my ip address at home?

Backup the data to your local machine, have the server resetted...

And have a look at deny host. There's a howto over at www.howtofroge.com

Why not just disable access from every other user account? Because you don't know what was going on with your machine. If it's compromised then there could be manipulated programs everywhere, e.g. backdoors. So disabling users won't help you one little bit.

See hyper_ch's posting #10 here .... that's good advice. Do as he says there. Reinstall the server and then take a good look at that "denyhosts" tutorial.

if you are in doubt whether the server was hacked, you have to think it was hacked... by not re-setting it up you might end up being liable for not taking necessary precautions.

if you are in doubt whether the server was hacked, you have to think it was hacked... by not re-setting it up you might end up being liable for not taking necessary precautions.

Ugh, you are so right.

After much bitching and whining I have decided to move to a VPS hosting solution or just shared hosting. I do not have the knowledge it takes to admin a server. Clearly ubuntu has made it easy enough to set one up, but I have no idea what is going on when it comes to checking out log files and what not.

Thanks for your advice guys.

I keep getting an email from my dedicated server host with a bunch of fwds from an IT firm somewhere. The email is addressed to me telling me that I am receiving a warning for violating their terms of service. In the email fwds it has many log attempts of someone from my dedicated servers address attempting log in as root and doing various other activities.

if you could post the e-mail (all sensitive information removed) I would like to see exactly what they're complaining about.

Sure thing. I have replaced my real ip, with <My servers IP>


Dear Serverpronto Customer,

You are being contacted because Serverpronto has received complaints concerning unacceptable uses of the IP address in the report.

**This notice does not serve as an account cancellation, but a notice that your connectivity is in jeopardy due to activity related to your server.

As a Serverpronto customer you are expected to adhere to our Acceptable Use Policies. Here is a summary of our AUP. To read in its entirety go to

http://www.infolink.com/aup

http://www.cogentco.com/htdocs/policy.php

http://www.level3.com/764.html

This Acceptable Use Policy applies to all persons and entities (collectively, "customers") using the products and services of Serverpronto and it's Internet Service Providers including Internet service, Collocation and Dedicated Servers. The policy is designed to protect the security, integrity, reliability, and privacy of both the Serverpronto network and the products and services Serverpronto offers to its customers. Serverpronto reserves the right to modify this policy at any time, effective immediately upon posting of the modification. Your use of Serverpronto's products and services constitutes your acceptance of the Acceptable Use Policy in effect at the time of your use. You are solely responsible for any and all acts and omissions that occur during or relating to your use of the service, and you agree not to engage in any unacceptable use of the service.

We have received the attached complaints about activities from the above listed IP address. The IP addresses listed either is sending UCE, is holding spamvertised content, is referenced in unsolicited emails, is performing obtrusive network scans, is atempting brute force attacks or hosting phishing sites.

This abuse violates Serverpronto's Acceptable Use Policy. Please take prompt and appropriate action to stop the network abuse. Your cooperation with this matter would be greatly appreciated.

Please respond with your plan of action to correct this violation of Serverpronto's Acceptable Use Policy.

**If you are unwilling or unable to correct the activity that is in violation of the ServerPronto AUP, you will need to cancel your account as is outlined in our terms of service. Failure to notify us of your cancellation will mean that your account will stay active regardless of the server’s connectivity and you will be liable for any and all charges related to your account.


Regards,


Direct all correspondence to
Serverpronto Abuse Team
abuse.team@infolink.com


---------- Forwarded message ----------
From: "Bob McClure Jr" <bob@bobcatos.com>
To: "abuse@infolink.com" <abuse@serverpronto.com>
Date: Thu, 24 Apr 2008 08:13:19 -0400
Subject: network abuse

I am the sysadmin and web developer for Hunter-Ed
<http://www.hunter-ed.com> and Boat-Ed <http://www.boat-ed.com>.

Our morning log analyser reported that a user on your network tried to
crack one of our servers. The log exerpts follow. Times are CST
(UTC-0600).

So far as I know, he didn't get in. May I recommend what I use:

http://www.aczoom.com/cms/blockhosts/
http://www.pettingers.org/code/SSHBlack.html

Let me know if you need any more information.

Apr 23 14:45:55 kalktest sshd[8449]: reverse mapping checking getaddrinfo for 217-175.111.65.serverpronto.com [<my servers ip>] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 23 14:45:55 kalktest sshd[8449]: Failed password for root from <my servers ip> port 58812 ssh2
Apr 23 14:45:56 kalktest sshd[8471]: reverse mapping checking getaddrinfo for 217-175.111.65.serverpronto.com [<my servers ip>] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 23 14:45:56 kalktest sshd[8471]: Failed password for root from <my servers ip> port 58903 ssh2
Apr 23 14:45:57 kalktest sshd[8503]: reverse mapping checking getaddrinfo for 217-175.111.65.serverpronto.com [<my servers ip>] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 23 14:45:57 kalktest sshd[8503]: Failed password for root from <my servers ip> port 59025 ssh2
Apr 23 14:45:58 kalktest sshd[8524]: reverse mapping checking getaddrinfo for 217-175.111.65.serverpronto.com [<my servers ip>] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 23 14:45:58 kalktest sshd[8524]: Failed password for root from <my servers ip> port 59155 ssh2

Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob@bobcatos.com http://www.bobcatos.com
He has showed you, O man, what is good. And what does the LORD require
of you? To act justly and to love mercy and to walk humbly with your
God. Micah 6:8 (NIV)


---------- Forwarded message ----------
From: <admin@noc.hpwh.net>
To: "abuse@infolink.com" <abuse@serverpronto.com>
Date: Wed, 23 Apr 2008 07:01:06 -0400
Subject: SSH hacking originating from your network!

One of your users is attempting to hack one of our Linux hosts. Please
make them stop!

Here are our logs (all times are accurate and in the PST Time Zone -
GMT-8):

Apr 16 04:14:56 seigw1 sshd[556]: Did not receive identification string
from <my servers ip>
Apr 16 04:50:23 seigw1 sshd[896]: Failed password for root from
<my servers ip> port 49521 ssh2
Apr 16 04:50:23 seigw1 sshd[900]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:50:26 seigw1 sshd[903]: Failed password for root from
<my servers ip> port 49652 ssh2
Apr 16 04:50:27 seigw1 sshd[906]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:50:30 seigw1 sshd[907]: Failed password for root from
<my servers ip> port 49802 ssh2
Apr 16 04:50:30 seigw1 sshd[910]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:50:34 seigw1 sshd[911]: Failed password for root from
<my servers ip> port 49952 ssh2
Apr 16 04:50:34 seigw1 sshd[914]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:50:38 seigw1 sshd[915]: Failed password for root from
<my servers ip> port 50096 ssh2
Apr 16 04:50:38 seigw1 sshd[918]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:50:41 seigw1 sshd[919]: Failed password for root from
<my servers ip> port 51177 ssh2
Apr 16 04:50:42 seigw1 sshd[922]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:50:45 seigw1 sshd[923]: Failed password for root from
<my servers ip> port 52258 ssh2
Apr 16 04:50:45 seigw1 sshd[926]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:50:49 seigw1 sshd[927]: Failed password for root from
<my servers ip> port 53292 ssh2
Apr 16 04:50:49 seigw1 sshd[930]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:50:53 seigw1 sshd[931]: Failed password for root from
<my servers ip> port 54307 ssh2
Apr 16 04:50:53 seigw1 sshd[934]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:50:56 seigw1 sshd[935]: Failed password for root from
<my servers ip> port 55352 ssh2
Apr 16 04:50:57 seigw1 sshd[938]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:00 seigw1 sshd[939]: Failed password for root from
<my servers ip> port 56291 ssh2
Apr 16 04:51:00 seigw1 sshd[942]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:04 seigw1 sshd[943]: Failed password for root from
<my servers ip> port 57244 ssh2
Apr 16 04:51:04 seigw1 sshd[946]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:08 seigw1 sshd[947]: Failed password for root from
<my servers ip> port 58406 ssh2
Apr 16 04:51:08 seigw1 sshd[950]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:11 seigw1 sshd[951]: Failed password for root from
<my servers ip> port 59340 ssh2
Apr 16 04:51:12 seigw1 sshd[954]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:15 seigw1 sshd[955]: Failed password for root from
<my servers ip> port 60320 ssh2
Apr 16 04:51:15 seigw1 sshd[958]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:19 seigw1 sshd[959]: Failed password for root from
<my servers ip> port 33106 ssh2
Apr 16 04:51:19 seigw1 sshd[962]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:23 seigw1 sshd[963]: Failed password for root from
<my servers ip> port 34100 ssh2
Apr 16 04:51:23 seigw1 sshd[966]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:26 seigw1 sshd[967]: Failed password for root from
<my servers ip> port 57028 ssh2
Apr 16 04:51:27 seigw1 sshd[970]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:30 seigw1 sshd[971]: Failed password for root from
<my servers ip> port 58180 ssh2
Apr 16 04:51:30 seigw1 sshd[974]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:34 seigw1 sshd[975]: Failed password for root from
<my servers ip> port 58458 ssh2
Apr 16 04:51:34 seigw1 sshd[978]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:38 seigw1 sshd[979]: Failed password for root from
<my servers ip> port 59464 ssh2
Apr 16 04:51:38 seigw1 sshd[982]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:41 seigw1 sshd[983]: Failed password for root from
<my servers ip> port 60393 ssh2
Apr 16 04:51:42 seigw1 sshd[986]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:45 seigw1 sshd[987]: Failed password for root from
<my servers ip> port 33159 ssh2
Apr 16 04:51:45 seigw1 sshd[990]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:49 seigw1 sshd[994]: Failed password for root from
<my servers ip> port 34006 ssh2
Apr 16 04:51:49 seigw1 sshd[997]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:53 seigw1 sshd[999]: Failed password for root from
<my servers ip> port 35470 ssh2
Apr 16 04:51:53 seigw1 sshd[1002]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:51:56 seigw1 sshd[1005]: Failed password for root from
<my servers ip> port 36668 ssh2
Apr 16 04:51:57 seigw1 sshd[1008]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:00 seigw1 sshd[1009]: Failed password for root from
<my servers ip> port 37591 ssh2
Apr 16 04:52:00 seigw1 sshd[1012]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:04 seigw1 sshd[1013]: Failed password for root from
<my servers ip> port 38566 ssh2
Apr 16 04:52:04 seigw1 sshd[1016]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:08 seigw1 sshd[1017]: Failed password for root from
<my servers ip> port 39509 ssh2
Apr 16 04:52:08 seigw1 sshd[1020]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:12 seigw1 sshd[1021]: Failed password for root from
<my servers ip> port 40428 ssh2
Apr 16 04:52:12 seigw1 sshd[1024]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:15 seigw1 sshd[1025]: Failed password for root from
<my servers ip> port 41354 ssh2
Apr 16 04:52:15 seigw1 sshd[1028]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:19 seigw1 sshd[1029]: Failed password for root from
<my servers ip> port 42296 ssh2
Apr 16 04:52:19 seigw1 sshd[1032]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:23 seigw1 sshd[1033]: Failed password for root from
<my servers ip> port 43213 ssh2
Apr 16 04:52:23 seigw1 sshd[1036]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:26 seigw1 sshd[1037]: Failed password for root from
<my servers ip> port 44183 ssh2
Apr 16 04:52:27 seigw1 sshd[1040]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:30 seigw1 sshd[1042]: Failed password for root from
<my servers ip> port 45403 ssh2
Apr 16 04:52:30 seigw1 sshd[1047]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:34 seigw1 sshd[1049]: Failed password for root from
<my servers ip> port 45860 ssh2
Apr 16 04:52:34 seigw1 sshd[1052]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:38 seigw1 sshd[1055]: Failed password for root from
<my servers ip> port 47566 ssh2
Apr 16 04:52:38 seigw1 sshd[1058]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:41 seigw1 sshd[1059]: Failed password for root from
<my servers ip> port 48782 ssh2
Apr 16 04:52:42 seigw1 sshd[1062]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:45 seigw1 sshd[1063]: Failed password for root from
<my servers ip> port 49814 ssh2
Apr 16 04:52:45 seigw1 sshd[1066]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:49 seigw1 sshd[1067]: Failed password for root from
<my servers ip> port 50474 ssh2
Apr 16 04:52:49 seigw1 sshd[1070]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:53 seigw1 sshd[1071]: Failed password for root from
<my servers ip> port 52248 ssh2
Apr 16 04:52:53 seigw1 sshd[1074]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:52:56 seigw1 sshd[1075]: Failed password for root from
<my servers ip> port 53563 ssh2
Apr 16 04:52:57 seigw1 sshd[1078]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:00 seigw1 sshd[1079]: Failed password for root from
<my servers ip> port 54527 ssh2
Apr 16 04:53:00 seigw1 sshd[1082]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:04 seigw1 sshd[1083]: Failed password for root from
<my servers ip> port 55345 ssh2
Apr 16 04:53:04 seigw1 sshd[1086]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:08 seigw1 sshd[1087]: Failed password for root from
<my servers ip> port 56284 ssh2
Apr 16 04:53:08 seigw1 sshd[1090]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:11 seigw1 sshd[1091]: Failed password for root from
<my servers ip> port 57214 ssh2
Apr 16 04:53:12 seigw1 sshd[1094]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:15 seigw1 sshd[1095]: Failed password for root from
<my servers ip> port 58130 ssh2
Apr 16 04:53:15 seigw1 sshd[1099]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:19 seigw1 sshd[1100]: Failed password for root from
<my servers ip> port 58995 ssh2
Apr 16 04:53:19 seigw1 sshd[1103]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:23 seigw1 sshd[1107]: Failed password for root from
<my servers ip> port 59880 ssh2
Apr 16 04:53:23 seigw1 sshd[1110]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:26 seigw1 sshd[1111]: Failed password for root from
<my servers ip> port 60759 ssh2
Apr 16 04:53:27 seigw1 sshd[1114]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:30 seigw1 sshd[1115]: Failed password for root from
<my servers ip> port 33402 ssh2
Apr 16 04:53:30 seigw1 sshd[1118]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:34 seigw1 sshd[1119]: Failed password for root from
<my servers ip> port 34038 ssh2
Apr 16 04:53:34 seigw1 sshd[1122]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:38 seigw1 sshd[1123]: Failed password for root from
<my servers ip> port 34972 ssh2
Apr 16 04:53:38 seigw1 sshd[1126]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:41 seigw1 sshd[1130]: Failed password for root from
<my servers ip> port 35999 ssh2
Apr 16 04:53:42 seigw1 sshd[1133]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:45 seigw1 sshd[1134]: Failed password for root from
<my servers ip> port 37042 ssh2
Apr 16 04:53:45 seigw1 sshd[1137]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:49 seigw1 sshd[1139]: Failed password for root from
<my servers ip> port 37690 ssh2
Apr 16 04:53:49 seigw1 sshd[1142]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:53 seigw1 sshd[1145]: Failed password for root from
<my servers ip> port 38688 ssh2
Apr 16 04:53:53 seigw1 sshd[1148]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:53:56 seigw1 sshd[1149]: Failed password for root from
<my servers ip> port 40166 ssh2
Apr 16 04:53:57 seigw1 sshd[1152]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:00 seigw1 sshd[1153]: Failed password for root from
<my servers ip> port 41102 ssh2
Apr 16 04:54:00 seigw1 sshd[1156]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:04 seigw1 sshd[1157]: Failed password for root from
<my servers ip> port 41866 ssh2
Apr 16 04:54:04 seigw1 sshd[1160]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:08 seigw1 sshd[1161]: Failed password for root from
<my servers ip> port 42957 ssh2
Apr 16 04:54:08 seigw1 sshd[1164]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:11 seigw1 sshd[1165]: Failed password for root from
<my servers ip> port 44046 ssh2
Apr 16 04:54:12 seigw1 sshd[1168]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:15 seigw1 sshd[1169]: Failed password for root from
<my servers ip> port 45300 ssh2
Apr 16 04:54:15 seigw1 sshd[1172]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:19 seigw1 sshd[1174]: Failed password for root from
<my servers ip> port 46199 ssh2
Apr 16 04:54:19 seigw1 sshd[1177]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:23 seigw1 sshd[1178]: Failed password for root from
<my servers ip> port 47232 ssh2
Apr 16 04:54:23 seigw1 sshd[1183]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:27 seigw1 sshd[1184]: Failed password for root from
<my servers ip> port 48319 ssh2
Apr 16 04:54:27 seigw1 sshd[1187]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:31 seigw1 sshd[1188]: Failed password for root from
<my servers ip> port 49419 ssh2
Apr 16 04:54:31 seigw1 sshd[1191]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:34 seigw1 sshd[1195]: Failed password for root from
<my servers ip> port 50763 ssh2
Apr 16 04:54:34 seigw1 sshd[1198]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:38 seigw1 sshd[1202]: Failed password for root from
<my servers ip> port 51801 ssh2
Apr 16 04:54:38 seigw1 sshd[1205]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:42 seigw1 sshd[1206]: Failed password for root from
<my servers ip> port 52768 ssh2
Apr 16 04:54:42 seigw1 sshd[1209]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:45 seigw1 sshd[1210]: Failed password for root from
<my servers ip> port 53640 ssh2
Apr 16 04:54:46 seigw1 sshd[1213]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:49 seigw1 sshd[1214]: Failed password for root from
<my servers ip> port 54523 ssh2
Apr 16 04:54:49 seigw1 sshd[1217]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:53 seigw1 sshd[1218]: Failed password for root from
<my servers ip> port 54967 ssh2
Apr 16 04:54:53 seigw1 sshd[1221]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:54:57 seigw1 sshd[1225]: Failed password for root from
<my servers ip> port 56058 ssh2
Apr 16 04:54:57 seigw1 sshd[1228]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:00 seigw1 sshd[1232]: Failed password for root from
<my servers ip> port 57013 ssh2
Apr 16 04:55:01 seigw1 sshd[1235]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:04 seigw1 sshd[1236]: Failed password for root from
<my servers ip> port 58179 ssh2
Apr 16 04:55:04 seigw1 sshd[1239]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:08 seigw1 sshd[1242]: Failed password for root from
<my servers ip> port 59656 ssh2
Apr 16 04:55:08 seigw1 sshd[1245]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:12 seigw1 sshd[1246]: Failed password for root from
<my servers ip> port 60037 ssh2
Apr 16 04:55:12 seigw1 sshd[1249]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:15 seigw1 sshd[1250]: Failed password for root from
<my servers ip> port 60512 ssh2
Apr 16 04:55:16 seigw1 sshd[1253]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:19 seigw1 sshd[1254]: Failed password for root from
<my servers ip> port 60977 ssh2
Apr 16 04:55:19 seigw1 sshd[1257]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:23 seigw1 sshd[1258]: Failed password for root from
<my servers ip> port 33140 ssh2
Apr 16 04:55:23 seigw1 sshd[1262]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:27 seigw1 sshd[1265]: Failed password for root from
<my servers ip> port 33487 ssh2
Apr 16 04:55:27 seigw1 sshd[1268]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:30 seigw1 sshd[1269]: Failed password for root from
<my servers ip> port 33842 ssh2
Apr 16 04:55:31 seigw1 sshd[1272]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:34 seigw1 sshd[1273]: Failed password for root from
<my servers ip> port 34198 ssh2
Apr 16 04:55:34 seigw1 sshd[1276]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:38 seigw1 sshd[1278]: Failed password for root from
<my servers ip> port 34572 ssh2
Apr 16 04:55:38 seigw1 sshd[1281]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:42 seigw1 sshd[1284]: Failed password for root from
<my servers ip> port 34928 ssh2
Apr 16 04:55:42 seigw1 sshd[1287]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:46 seigw1 sshd[1288]: Failed password for root from
<my servers ip> port 35290 ssh2
Apr 16 04:55:46 seigw1 sshd[1291]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:49 seigw1 sshd[1292]: Failed password for root from
<my servers ip> port 35659 ssh2
Apr 16 04:55:49 seigw1 sshd[1295]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:53 seigw1 sshd[1296]: Failed password for root from
<my servers ip> port 36014 ssh2
Apr 16 04:55:53 seigw1 sshd[1299]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:55:57 seigw1 sshd[1301]: Failed password for root from
<my servers ip> port 36374 ssh2
Apr 16 04:55:57 seigw1 sshd[1304]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:00 seigw1 sshd[1307]: Failed password for root from
<my servers ip> port 36742 ssh2
Apr 16 04:56:01 seigw1 sshd[1310]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:04 seigw1 sshd[1314]: Failed password for root from
<my servers ip> port 37096 ssh2
Apr 16 04:56:04 seigw1 sshd[1317]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:08 seigw1 sshd[1318]: Failed password for root from
<my servers ip> port 37449 ssh2
Apr 16 04:56:08 seigw1 sshd[1321]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:12 seigw1 sshd[1322]: Failed password for root from
<my servers ip> port 37770 ssh2
Apr 16 04:56:12 seigw1 sshd[1325]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:15 seigw1 sshd[1326]: Failed password for root from
<my servers ip> port 38077 ssh2
Apr 16 04:56:16 seigw1 sshd[1329]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:19 seigw1 sshd[1330]: Failed password for root from
<my servers ip> port 38376 ssh2
Apr 16 04:56:19 seigw1 sshd[1333]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:23 seigw1 sshd[1334]: Failed password for root from
<my servers ip> port 38677 ssh2
Apr 16 04:56:23 seigw1 sshd[1337]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:27 seigw1 sshd[1338]: Failed password for root from
<my servers ip> port 53105 ssh2
Apr 16 04:56:27 seigw1 sshd[1341]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:30 seigw1 sshd[1342]: Failed password for root from
<my servers ip> port 53413 ssh2
Apr 16 04:56:31 seigw1 sshd[1345]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:34 seigw1 sshd[1346]: Failed password for root from
<my servers ip> port 53704 ssh2
Apr 16 04:56:34 seigw1 sshd[1349]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:38 seigw1 sshd[1350]: Failed password for root from
<my servers ip> port 53992 ssh2
Apr 16 04:56:38 seigw1 sshd[1353]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:42 seigw1 sshd[1354]: Failed password for root from
<my servers ip> port 54243 ssh2
Apr 16 04:56:42 seigw1 sshd[1357]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:45 seigw1 sshd[1358]: Failed password for root from
<my servers ip> port 54504 ssh2
Apr 16 04:56:46 seigw1 sshd[1361]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:49 seigw1 sshd[1362]: Failed password for root from
<my servers ip> port 54744 ssh2
Apr 16 04:56:49 seigw1 sshd[1365]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:53 seigw1 sshd[1366]: Failed password for root from
<my servers ip> port 54998 ssh2
Apr 16 04:56:53 seigw1 sshd[1369]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:56:57 seigw1 sshd[1370]: Failed password for root from
<my servers ip> port 55236 ssh2
Apr 16 04:56:57 seigw1 sshd[1373]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:00 seigw1 sshd[1374]: Failed password for root from
<my servers ip> port 55472 ssh2
Apr 16 04:57:01 seigw1 sshd[1377]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:02 seigw1 sshd[1378]: Invalid user admin from
<my servers ip>
Apr 16 04:57:04 seigw1 sshd[1378]: Failed password for invalid user
admin from <my servers ip> port 55732 ssh2
Apr 16 04:57:04 seigw1 sshd[1381]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:06 seigw1 sshd[1382]: Invalid user admin from
<my servers ip>
Apr 16 04:57:08 seigw1 sshd[1382]: Failed password for invalid user
admin from <my servers ip> port 55985 ssh2
Apr 16 04:57:08 seigw1 sshd[1385]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:09 seigw1 sshd[1386]: Invalid user admin from
<my servers ip>
Apr 16 04:57:12 seigw1 sshd[1386]: Failed password for invalid user
admin from <my servers ip> port 56217 ssh2
Apr 16 04:57:12 seigw1 sshd[1389]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:13 seigw1 sshd[1390]: Invalid user admin from
<my servers ip>
Apr 16 04:57:16 seigw1 sshd[1390]: Failed password for invalid user
admin from <my servers ip> port 56452 ssh2
Apr 16 04:57:16 seigw1 sshd[1393]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:17 seigw1 sshd[1397]: Invalid user admin from
<my servers ip>
Apr 16 04:57:19 seigw1 sshd[1397]: Failed password for invalid user
admin from <my servers ip> port 56696 ssh2
Apr 16 04:57:19 seigw1 sshd[1400]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:21 seigw1 sshd[1402]: Invalid user admin from
<my servers ip>
Apr 16 04:57:23 seigw1 sshd[1402]: Failed password for invalid user
admin from <my servers ip> port 56923 ssh2
Apr 16 04:57:23 seigw1 sshd[1405]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:24 seigw1 sshd[1408]: Invalid user askim from
<my servers ip>
Apr 16 04:57:27 seigw1 sshd[1408]: Failed password for invalid user
askim from <my servers ip> port 57159 ssh2
Apr 16 04:57:27 seigw1 sshd[1411]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:28 seigw1 sshd[1415]: Invalid user askim from
<my servers ip>
Apr 16 04:57:31 seigw1 sshd[1415]: Failed password for invalid user
askim from <my servers ip> port 57392 ssh2
Apr 16 04:57:31 seigw1 sshd[1418]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:32 seigw1 sshd[1426]: Invalid user ozy from <my servers ip>
Apr 16 04:57:34 seigw1 sshd[1426]: Failed password for invalid user ozy
from <my servers ip> port 57623 ssh2
Apr 16 04:57:34 seigw1 sshd[1429]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:36 seigw1 sshd[1433]: Invalid user ozy from <my servers ip>
Apr 16 04:57:38 seigw1 sshd[1433]: Failed password for invalid user ozy
from <my servers ip> port 57875 ssh2
Apr 16 04:57:38 seigw1 sshd[1436]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:39 seigw1 sshd[1442]: Invalid user postgres from
<my servers ip>
Apr 16 04:57:42 seigw1 sshd[1442]: Failed password for invalid user
postgres from <my servers ip> port 58105 ssh2
Apr 16 04:57:42 seigw1 sshd[1445]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:43 seigw1 sshd[1446]: Invalid user postgres from
<my servers ip>
Apr 16 04:57:46 seigw1 sshd[1446]: Failed password for invalid user
postgres from <my servers ip> port 58341 ssh2
Apr 16 04:57:46 seigw1 sshd[1449]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:47 seigw1 sshd[1453]: Invalid user postgres from
<my servers ip>
Apr 16 04:57:49 seigw1 sshd[1453]: Failed password for invalid user
postgres from <my servers ip> port 58584 ssh2
Apr 16 04:57:49 seigw1 sshd[1456]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:51 seigw1 sshd[1458]: Invalid user postgres from
<my servers ip>
Apr 16 04:57:53 seigw1 sshd[1458]: Failed password for invalid user
postgres from <my servers ip> port 58832 ssh2
Apr 16 04:57:53 seigw1 sshd[1461]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:54 seigw1 sshd[1464]: Invalid user postgres from
<my servers ip>
Apr 16 04:57:57 seigw1 sshd[1464]: Failed password for invalid user
postgres from <my servers ip> port 59057 ssh2
Apr 16 04:57:57 seigw1 sshd[1467]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:57:58 seigw1 sshd[1468]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:01 seigw1 sshd[1468]: Failed password for invalid user
postgres from <my servers ip> port 59307 ssh2
Apr 16 04:58:01 seigw1 sshd[1471]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:02 seigw1 sshd[1472]: Invalid user post from <my servers ip>
Apr 16 04:58:04 seigw1 sshd[1472]: Failed password for invalid user post
from <my servers ip> port 59540 ssh2
Apr 16 04:58:04 seigw1 sshd[1475]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:06 seigw1 sshd[1476]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:08 seigw1 sshd[1476]: Failed password for invalid user
postgres from <my servers ip> port 59776 ssh2
Apr 16 04:58:08 seigw1 sshd[1479]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:09 seigw1 sshd[1480]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:12 seigw1 sshd[1480]: Failed password for invalid user
postgres from <my servers ip> port 59994 ssh2
Apr 16 04:58:12 seigw1 sshd[1483]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:13 seigw1 sshd[1484]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:16 seigw1 sshd[1484]: Failed password for invalid user
postgres from <my servers ip> port 60210 ssh2
Apr 16 04:58:16 seigw1 sshd[1487]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:17 seigw1 sshd[1489]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:19 seigw1 sshd[1489]: Failed password for invalid user
postgres from <my servers ip> port 60408 ssh2
Apr 16 04:58:19 seigw1 sshd[1492]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:21 seigw1 sshd[1498]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:23 seigw1 sshd[1498]: Failed password for invalid user
postgres from <my servers ip> port 60611 ssh2
Apr 16 04:58:23 seigw1 sshd[1501]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:24 seigw1 sshd[1502]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:27 seigw1 sshd[1502]: Failed password for invalid user
postgres from <my servers ip> port 60829 ssh2
Apr 16 04:58:27 seigw1 sshd[1505]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:28 seigw1 sshd[1506]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:31 seigw1 sshd[1506]: Failed password for invalid user
postgres from <my servers ip> port 32818 ssh2
Apr 16 04:58:31 seigw1 sshd[1509]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:32 seigw1 sshd[1510]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:34 seigw1 sshd[1510]: Failed password for invalid user
postgres from <my servers ip> port 33030 ssh2
Apr 16 04:58:35 seigw1 sshd[1513]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:36 seigw1 sshd[1514]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:38 seigw1 sshd[1514]: Failed password for invalid user
postgres from <my servers ip> port 33231 ssh2
Apr 16 04:58:38 seigw1 sshd[1517]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:40 seigw1 sshd[1518]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:42 seigw1 sshd[1518]: Failed password for invalid user
postgres from <my servers ip> port 33421 ssh2
Apr 16 04:58:42 seigw1 sshd[1521]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:44 seigw1 sshd[1525]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:46 seigw1 sshd[1525]: Failed password for invalid user
postgres from <my servers ip> port 33616 ssh2
Apr 16 04:58:46 seigw1 sshd[1528]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:47 seigw1 sshd[1529]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:50 seigw1 sshd[1529]: Failed password for invalid user
postgres from <my servers ip> port 33813 ssh2
Apr 16 04:58:50 seigw1 sshd[1532]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:51 seigw1 sshd[1533]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:53 seigw1 sshd[1533]: Failed password for invalid user
postgres from <my servers ip> port 34000 ssh2
Apr 16 04:58:54 seigw1 sshd[1536]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:55 seigw1 sshd[1537]: Invalid user postgres from
<my servers ip>
Apr 16 04:58:57 seigw1 sshd[1537]: Failed password for invalid user
postgres from <my servers ip> port 34203 ssh2
Apr 16 04:58:57 seigw1 sshd[1540]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:58:59 seigw1 sshd[1541]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:01 seigw1 sshd[1541]: Failed password for invalid user
postgres from <my servers ip> port 34404 ssh2
Apr 16 04:59:01 seigw1 sshd[1544]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:02 seigw1 sshd[1545]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:05 seigw1 sshd[1545]: Failed password for invalid user
postgres from <my servers ip> port 34614 ssh2
Apr 16 04:59:05 seigw1 sshd[1548]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:06 seigw1 sshd[1549]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:09 seigw1 sshd[1549]: Failed password for invalid user
postgres from <my servers ip> port 34818 ssh2
Apr 16 04:59:09 seigw1 sshd[1552]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:10 seigw1 sshd[1553]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:12 seigw1 sshd[1553]: Failed password for invalid user
postgres from <my servers ip> port 35016 ssh2
Apr 16 04:59:13 seigw1 sshd[1556]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:14 seigw1 sshd[1561]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:17 seigw1 sshd[1561]: Failed password for invalid user
postgres from <my servers ip> port 35220 ssh2
Apr 16 04:59:17 seigw1 sshd[1564]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:18 seigw1 sshd[1567]: Invalid user sql from <my servers ip>
Apr 16 04:59:20 seigw1 sshd[1567]: Failed password for invalid user sql
from <my servers ip> port 35430 ssh2
Apr 16 04:59:20 seigw1 sshd[1570]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:22 seigw1 sshd[1571]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:24 seigw1 sshd[1571]: Failed password for invalid user
postgres from <my servers ip> port 35617 ssh2
Apr 16 04:59:24 seigw1 sshd[1574]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:25 seigw1 sshd[1575]: Invalid user sql from <my servers ip>
Apr 16 04:59:28 seigw1 sshd[1575]: Failed password for invalid user sql
from <my servers ip> port 35823 ssh2
Apr 16 04:59:28 seigw1 sshd[1578]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:29 seigw1 sshd[1582]: Invalid user sql from <my servers ip>
Apr 16 04:59:32 seigw1 sshd[1582]: Failed password for invalid user sql
from <my servers ip> port 36016 ssh2
Apr 16 04:59:32 seigw1 sshd[1585]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:33 seigw1 sshd[1589]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:35 seigw1 sshd[1589]: Failed password for invalid user
postgres from <my servers ip> port 36207 ssh2
Apr 16 04:59:35 seigw1 sshd[1592]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:37 seigw1 sshd[1593]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:39 seigw1 sshd[1593]: Failed password for invalid user
postgres from <my servers ip> port 36396 ssh2
Apr 16 04:59:39 seigw1 sshd[1596]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:40 seigw1 sshd[1597]: Invalid user postmaster from
<my servers ip>
Apr 16 04:59:43 seigw1 sshd[1597]: Failed password for invalid user
postmaster from <my servers ip> port 36577 ssh2
Apr 16 04:59:43 seigw1 sshd[1600]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:44 seigw1 sshd[1601]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:47 seigw1 sshd[1601]: Failed password for invalid user
postgres from <my servers ip> port 36773 ssh2
Apr 16 04:59:47 seigw1 sshd[1604]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:48 seigw1 sshd[1605]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:50 seigw1 sshd[1605]: Failed password for invalid user
postgres from <my servers ip> port 36952 ssh2
Apr 16 04:59:50 seigw1 sshd[1608]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:52 seigw1 sshd[1612]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:54 seigw1 sshd[1612]: Failed password for invalid user
postgres from <my servers ip> port 37139 ssh2
Apr 16 04:59:54 seigw1 sshd[1615]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:55 seigw1 sshd[1619]: Invalid user postgres from
<my servers ip>
Apr 16 04:59:58 seigw1 sshd[1619]: Failed password for invalid user
postgres from <my servers ip> port 37324 ssh2
Apr 16 04:59:58 seigw1 sshd[1622]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 04:59:59 seigw1 sshd[1623]: Invalid user postgres from
<my servers ip>
Apr 16 05:00:02 seigw1 sshd[1623]: Failed password for invalid user
postgres from <my servers ip> port 37511 ssh2
Apr 16 05:00:02 seigw1 sshd[1626]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 05:00:03 seigw1 sshd[1632]: Invalid user postgres from
<my servers ip>
Apr 16 05:00:05 seigw1 sshd[1632]: Failed password for invalid user
postgres from <my servers ip> port 37700 ssh2
Apr 16 05:00:05 seigw1 sshd[1636]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 05:00:07 seigw1 sshd[1637]: Invalid user postgres from
<my servers ip>
Apr 16 05:00:09 seigw1 sshd[1637]: Failed password for invalid user
postgres from <my servers ip> port 37899 ssh2
Apr 16 05:00:09 seigw1 sshd[1640]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 05:00:10 seigw1 sshd[1641]: Invalid user postgres from
<my servers ip>
Apr 16 05:00:13 seigw1 sshd[1641]: Failed password for invalid user
postgres from <my servers ip> port 38092 ssh2
Apr 16 05:00:13 seigw1 sshd[1644]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 05:00:14 seigw1 sshd[1645]: Invalid user postgres from
<my servers ip>
Apr 16 05:00:17 seigw1 sshd[1645]: Failed password for invalid user
postgres from <my servers ip> port 38298 ssh2
Apr 16 05:00:17 seigw1 sshd[1648]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 05:00:18 seigw1 sshd[1649]: Invalid user postgres from
<my servers ip>
Apr 16 05:00:20 seigw1 sshd[1649]: Failed password for invalid user
postgres from <my servers ip> port 38494 ssh2
Apr 16 05:00:20 seigw1 sshd[1652]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 16 05:00:22 seigw1 sshd[1653]: Invalid user console from
<my servers ip>
Apr 16 05:00:24 seigw1 sshd[1653]: Failed password for invalid user
console from <my servers ip> port 38697 ssh2
Apr 16 05:00:24 seigw1 sshd[1656]: Received disconnect from
<my servers ip>: 11: Bye Bye


---------- Forwarded message ----------
From: "webmaster" <webmaster@dexweb.net>
To: <sysadm@infolink.com>
Date: Tue, 22 Apr 2008 20:44:42 -0400
Subject: Attack on Server 65.111.168.58

Dear Administrator



We have become aware of a prolonged, structured and wilful attack on one of our servers, by IP <my servers ip> which resolves to Serverpronto.com, Please take ALL necessary steps to stop this attack and prevent future attacks.



Your co-operation would be appreciated, please respond with the actions you are taking and the results of these measures.



Regards



Webmaster@dexweb.net





Typical example of log



Apr 23 00:06:14 (none) sshd[21513]: Failed password for root from <my servers ip> port 45825 ssh2

Apr 23 00:06:14 (none) sshd[21515]: Failed password for root from <my servers ip> port 41421 ssh2

Apr 23 00:06:14 (none) sshd[21517]: reverse mapping checking getaddrinfo for 217-175.111.65.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!

Apr 23 00:06:15 (none) sshd[21519]: reverse mapping checking getaddrinfo for 217-175.111.65.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!

Apr 23 00:06:15 (none) sshd[21517]: Failed password for root from <my servers ip> port 45870 ssh2

Apr 23 00:06:15 (none) sshd[21519]: Failed password for root from <my servers ip> port 41467 ssh2

Apr 23 00:06:15 (none) sshd[21521]: reverse mapping checking getaddrinfo for 217-175.111.65.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!

Apr 23 00:06:15 (none) sshd[21524]: reverse mapping checking getaddrinfo for 217-175.111.65.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!

Apr 23 00:06:15 (none) sshd[21521]: Failed password for root from <my servers ip> port 45919 ssh2

Apr 23 00:06:15 (none) sshd[21524]: Failed password for root from <my servers ip> port 41512 ssh2

Apr 23 00:06:15 (none) sshd[21527]: reverse mapping checking getaddrinfo for 217-175.111.65.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!

Apr 23 00:06:16 (none) sshd[21527]: Failed password for root from <my servers ip> port 45965 ssh2

Apr 23 00:06:16 (none) sshd[21529]: reverse mapping checking getaddrinfo for 217-175.111.65.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!

Apr 23 00:06:16 (none) sshd[21529]: Failed password for root from <my servers ip> port 46004 ssh2

Apr 23 00:06:17 (none) sshd[21531]: reverse mapping checking getaddrinfo for 217-175.111.65.serverpronto.com failed - POSSIBLE BREAKIN ATTEMPT!

Apr 23 00:06:17 (none) sshd[21531]: Failed password for root from <my servers ip> port 46051 ssh2




---------- Forwarded message ----------
From: "Help Desk" <HelpDesk@selectron.com>
To: "abuse@infolink.com" <abuse@serverpronto.com>
Date: Tue, 22 Apr 2008 18:00:16 -0400
Subject: SSH hacking originating from your network!

One of your users is attempting to hack one of our Linux hosts. Please
make them stop.

Here are our logs (all times are accurate and in the PST Time Zone -
GMT-8):

Apr 15 07:03:29 bend sshd[16149]: Did not receive identification string
from <my servers ip>
Apr 15 07:07:56 bend sshd[16154]: Failed password for root from
<my servers ip> port 43448 ssh2
Apr 15 07:07:56 bend sshd[16157]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:07:59 bend sshd[16158]: Failed password for root from
<my servers ip> port 43731 ssh2
Apr 15 07:08:00 bend sshd[16161]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:03 bend sshd[16162]: Failed password for root from
<my servers ip> port 43900 ssh2
Apr 15 07:08:03 bend sshd[16165]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:07 bend sshd[16166]: Failed password for root from
<my servers ip> port 44091 ssh2
Apr 15 07:08:07 bend sshd[16169]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:10 bend sshd[16170]: Failed password for root from
<my servers ip> port 44289 ssh2
Apr 15 07:08:10 bend sshd[16173]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:14 bend sshd[16174]: Failed password for root from
<my servers ip> port 44477 ssh2
Apr 15 07:08:14 bend sshd[16177]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:17 bend sshd[16178]: Failed password for root from
<my servers ip> port 44668 ssh2
Apr 15 07:08:18 bend sshd[16181]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:21 bend sshd[16182]: Failed password for root from
<my servers ip> port 44853 ssh2
Apr 15 07:08:21 bend sshd[16185]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:25 bend sshd[16186]: Failed password for root from
<my servers ip> port 45054 ssh2
Apr 15 07:08:25 bend sshd[16189]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:28 bend sshd[16190]: Failed password for root from
<my servers ip> port 45253 ssh2
Apr 15 07:08:28 bend sshd[16193]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:32 bend sshd[16194]: Failed password for root from
<my servers ip> port 45446 ssh2
Apr 15 07:08:32 bend sshd[16197]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:36 bend sshd[16198]: Failed password for root from
<my servers ip> port 45640 ssh2
Apr 15 07:08:36 bend sshd[16201]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:39 bend sshd[16202]: Failed password for root from
<my servers ip> port 45831 ssh2
Apr 15 07:08:39 bend sshd[16205]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:43 bend sshd[16206]: Failed password for root from
<my servers ip> port 46031 ssh2
Apr 15 07:08:43 bend sshd[16209]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:46 bend sshd[16210]: Failed password for root from
<my servers ip> port 46223 ssh2
Apr 15 07:08:46 bend sshd[16213]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:50 bend sshd[16214]: Failed password for root from
<my servers ip> port 46417 ssh2
Apr 15 07:08:50 bend sshd[16217]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:54 bend sshd[16218]: Failed password for root from
<my servers ip> port 46611 ssh2
Apr 15 07:08:54 bend sshd[16221]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:08:57 bend sshd[16222]: Failed password for root from
<my servers ip> port 46803 ssh2
Apr 15 07:08:57 bend sshd[16225]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:01 bend sshd[16226]: Failed password for root from
<my servers ip> port 46996 ssh2
Apr 15 07:09:01 bend sshd[16229]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:04 bend sshd[16230]: Failed password for root from
<my servers ip> port 47190 ssh2
Apr 15 07:09:05 bend sshd[16233]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:08 bend sshd[16234]: Failed password for root from
<my servers ip> port 47376 ssh2
Apr 15 07:09:08 bend sshd[16237]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:12 bend sshd[16238]: Failed password for root from
<my servers ip> port 47560 ssh2
Apr 15 07:09:12 bend sshd[16241]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:15 bend sshd[16242]: Failed password for root from
<my servers ip> port 47751 ssh2
Apr 15 07:09:15 bend sshd[16245]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:19 bend sshd[16246]: Failed password for root from
<my servers ip> port 47943 ssh2
Apr 15 07:09:19 bend sshd[16249]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:23 bend sshd[16250]: Failed password for root from
<my servers ip> port 48133 ssh2
Apr 15 07:09:23 bend sshd[16253]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:26 bend sshd[16254]: Failed password for root from
<my servers ip> port 48322 ssh2
Apr 15 07:09:26 bend sshd[16257]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:30 bend sshd[16258]: Failed password for root from
<my servers ip> port 48506 ssh2
Apr 15 07:09:30 bend sshd[16261]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:33 bend sshd[16262]: Failed password for root from
<my servers ip> port 48705 ssh2
Apr 15 07:09:34 bend sshd[16265]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:37 bend sshd[16266]: Failed password for root from
<my servers ip> port 48899 ssh2
Apr 15 07:09:37 bend sshd[16269]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:41 bend sshd[16270]: Failed password for root from
<my servers ip> port 49079 ssh2
Apr 15 07:09:41 bend sshd[16273]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:44 bend sshd[16274]: Failed password for root from
<my servers ip> port 49263 ssh2
Apr 15 07:09:44 bend sshd[16277]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:48 bend sshd[16278]: Failed password for root from
<my servers ip> port 49448 ssh2
Apr 15 07:09:48 bend sshd[16281]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:51 bend sshd[16282]: Failed password for root from
<my servers ip> port 49639 ssh2
Apr 15 07:09:52 bend sshd[16285]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:55 bend sshd[16286]: Failed password for root from
<my servers ip> port 49841 ssh2
Apr 15 07:09:55 bend sshd[16289]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:09:59 bend sshd[16290]: Failed password for root from
<my servers ip> port 50047 ssh2
Apr 15 07:09:59 bend sshd[16293]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:02 bend sshd[16294]: Failed password for root from
<my servers ip> port 50228 ssh2
Apr 15 07:10:02 bend sshd[16297]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:06 bend sshd[16300]: Failed password for root from
<my servers ip> port 50413 ssh2
Apr 15 07:10:06 bend sshd[16303]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:10 bend sshd[16304]: Failed password for root from
<my servers ip> port 50605 ssh2
Apr 15 07:10:10 bend sshd[16307]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:13 bend sshd[16308]: Failed password for root from
<my servers ip> port 50785 ssh2
Apr 15 07:10:13 bend sshd[16311]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:17 bend sshd[16312]: Failed password for root from
<my servers ip> port 50968 ssh2
Apr 15 07:10:17 bend sshd[16315]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:20 bend sshd[16316]: Failed password for root from
<my servers ip> port 51151 ssh2
Apr 15 07:10:21 bend sshd[16319]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:24 bend sshd[16320]: Failed password for root from
<my servers ip> port 51329 ssh2
Apr 15 07:10:24 bend sshd[16323]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:28 bend sshd[16324]: Failed password for root from
<my servers ip> port 51511 ssh2
Apr 15 07:10:28 bend sshd[16327]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:31 bend sshd[16328]: Failed password for root from
<my servers ip> port 51687 ssh2
Apr 15 07:10:31 bend sshd[16331]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:35 bend sshd[16332]: Failed password for root from
<my servers ip> port 51863 ssh2
Apr 15 07:10:35 bend sshd[16335]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:38 bend sshd[16336]: Failed password for root from
<my servers ip> port 52035 ssh2
Apr 15 07:10:39 bend sshd[16339]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:42 bend sshd[16340]: Failed password for root from
<my servers ip> port 52207 ssh2
Apr 15 07:10:42 bend sshd[16343]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:46 bend sshd[16344]: Failed password for root from
<my servers ip> port 52379 ssh2
Apr 15 07:10:46 bend sshd[16347]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:49 bend sshd[16348]: Failed password for root from
<my servers ip> port 52536 ssh2
Apr 15 07:10:49 bend sshd[16351]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:53 bend sshd[16352]: Failed password for root from
<my servers ip> port 52691 ssh2
Apr 15 07:10:53 bend sshd[16355]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:10:57 bend sshd[16356]: Failed password for root from
<my servers ip> port 52841 ssh2
Apr 15 07:10:57 bend sshd[16359]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:00 bend sshd[16360]: Failed password for root from
<my servers ip> port 52986 ssh2
Apr 15 07:11:00 bend sshd[16363]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:04 bend sshd[16364]: Failed password for root from
<my servers ip> port 53139 ssh2
Apr 15 07:11:04 bend sshd[16367]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:07 bend sshd[16368]: Failed password for root from
<my servers ip> port 53286 ssh2
Apr 15 07:11:08 bend sshd[16371]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:11 bend sshd[16372]: Failed password for root from
<my servers ip> port 53436 ssh2
Apr 15 07:11:11 bend sshd[16375]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:15 bend sshd[16376]: Failed password for root from
<my servers ip> port 53587 ssh2
Apr 15 07:11:15 bend sshd[16379]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:18 bend sshd[16380]: Failed password for root from
<my servers ip> port 53736 ssh2
Apr 15 07:11:18 bend sshd[16383]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:22 bend sshd[16384]: Failed password for root from
<my servers ip> port 53885 ssh2
Apr 15 07:11:22 bend sshd[16387]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:25 bend sshd[16388]: Failed password for root from
<my servers ip> port 38204 ssh2
Apr 15 07:11:26 bend sshd[16391]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:29 bend sshd[16392]: Failed password for root from
<my servers ip> port 38356 ssh2
Apr 15 07:11:29 bend sshd[16395]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:33 bend sshd[16396]: Failed password for root from
<my servers ip> port 38499 ssh2
Apr 15 07:11:33 bend sshd[16399]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:36 bend sshd[16400]: Failed password for root from
<my servers ip> port 38643 ssh2
Apr 15 07:11:36 bend sshd[16403]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:40 bend sshd[16404]: Failed password for root from
<my servers ip> port 38786 ssh2
Apr 15 07:11:40 bend sshd[16407]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:44 bend sshd[16408]: Failed password for root from
<my servers ip> port 38918 ssh2
Apr 15 07:11:44 bend sshd[16411]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:47 bend sshd[16412]: Failed password for root from
<my servers ip> port 39053 ssh2
Apr 15 07:11:47 bend sshd[16415]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:51 bend sshd[16416]: Failed password for root from
<my servers ip> port 39181 ssh2
Apr 15 07:11:51 bend sshd[16419]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:54 bend sshd[16420]: Failed password for root from
<my servers ip> port 39314 ssh2
Apr 15 07:11:54 bend sshd[16423]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:11:58 bend sshd[16424]: Failed password for root from
<my servers ip> port 39452 ssh2
Apr 15 07:11:58 bend sshd[16427]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:02 bend sshd[16428]: Failed password for root from
<my servers ip> port 39578 ssh2
Apr 15 07:12:02 bend sshd[16431]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:05 bend sshd[16432]: Failed password for root from
<my servers ip> port 39708 ssh2
Apr 15 07:12:05 bend sshd[16435]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:09 bend sshd[16436]: Failed password for root from
<my servers ip> port 39838 ssh2
Apr 15 07:12:09 bend sshd[16439]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:12 bend sshd[16440]: Failed password for root from
<my servers ip> port 39963 ssh2
Apr 15 07:12:13 bend sshd[16443]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:16 bend sshd[16444]: Failed password for root from
<my servers ip> port 40096 ssh2
Apr 15 07:12:16 bend sshd[16447]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:20 bend sshd[16448]: Failed password for root from
<my servers ip> port 40222 ssh2
Apr 15 07:12:20 bend sshd[16451]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:23 bend sshd[16452]: Failed password for root from
<my servers ip> port 40353 ssh2
Apr 15 07:12:23 bend sshd[16455]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:27 bend sshd[16456]: Failed password for root from
<my servers ip> port 40480 ssh2
Apr 15 07:12:27 bend sshd[16459]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:31 bend sshd[16460]: Failed password for root from
<my servers ip> port 40608 ssh2
Apr 15 07:12:31 bend sshd[16463]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:34 bend sshd[16464]: Failed password for root from
<my servers ip> port 40733 ssh2
Apr 15 07:12:34 bend sshd[16467]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:38 bend sshd[16468]: Failed password for root from
<my servers ip> port 40867 ssh2
Apr 15 07:12:38 bend sshd[16471]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:41 bend sshd[16472]: Failed password for root from
<my servers ip> port 40991 ssh2
Apr 15 07:12:41 bend sshd[16475]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:45 bend sshd[16476]: Failed password for root from
<my servers ip> port 41122 ssh2
Apr 15 07:12:45 bend sshd[16479]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:49 bend sshd[16480]: Failed password for root from
<my servers ip> port 41252 ssh2
Apr 15 07:12:49 bend sshd[16483]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:52 bend sshd[16484]: Failed password for root from
<my servers ip> port 41375 ssh2
Apr 15 07:12:52 bend sshd[16487]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:56 bend sshd[16488]: Failed password for root from
<my servers ip> port 41506 ssh2
Apr 15 07:12:56 bend sshd[16491]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:12:59 bend sshd[16492]: Failed password for root from
<my servers ip> port 41633 ssh2
Apr 15 07:13:00 bend sshd[16495]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:03 bend sshd[16496]: Failed password for root from
<my servers ip> port 41759 ssh2
Apr 15 07:13:03 bend sshd[16499]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:04 bend sshd[16500]: Invalid user admin from <my servers ip>
Apr 15 07:13:07 bend sshd[16500]: Failed password for invalid user admin
from <my servers ip> port 41880 ssh2
Apr 15 07:13:07 bend sshd[16503]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:08 bend sshd[16504]: Invalid user admin from <my servers ip>
Apr 15 07:13:10 bend sshd[16504]: Failed password for invalid user admin
from <my servers ip> port 42001 ssh2
Apr 15 07:13:10 bend sshd[16507]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:12 bend sshd[16508]: Invalid user admin from <my servers ip>
Apr 15 07:13:14 bend sshd[16508]: Failed password for invalid user admin
from <my servers ip> port 42130 ssh2
Apr 15 07:13:14 bend sshd[16511]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:15 bend sshd[16512]: Invalid user admin from <my servers ip>
Apr 15 07:13:17 bend sshd[16512]: Failed password for invalid user admin
from <my servers ip> port 42257 ssh2
Apr 15 07:13:18 bend sshd[16515]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:19 bend sshd[16516]: Invalid user admin from <my servers ip>
Apr 15 07:13:21 bend sshd[16516]: Failed password for invalid user admin
from <my servers ip> port 42381 ssh2
Apr 15 07:13:21 bend sshd[16519]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:22 bend sshd[16520]: Invalid user admin from <my servers ip>
Apr 15 07:13:25 bend sshd[16520]: Failed password for invalid user admin
from <my servers ip> port 42512 ssh2
Apr 15 07:13:25 bend sshd[16523]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:26 bend sshd[16524]: Invalid user askim from <my servers ip>
Apr 15 07:13:28 bend sshd[16524]: Failed password for invalid user askim
from <my servers ip> port 42645 ssh2
Apr 15 07:13:28 bend sshd[16527]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:30 bend sshd[16528]: Invalid user askim from <my servers ip>
Apr 15 07:13:32 bend sshd[16528]: Failed password for invalid user askim
from <my servers ip> port 42777 ssh2
Apr 15 07:13:32 bend sshd[16531]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:33 bend sshd[16532]: Invalid user ozy from <my servers ip>
Apr 15 07:13:36 bend sshd[16532]: Failed password for invalid user ozy
from <my servers ip> port 42903 ssh2
Apr 15 07:13:36 bend sshd[16535]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:37 bend sshd[16536]: Invalid user ozy from <my servers ip>
Apr 15 07:13:39 bend sshd[16536]: Failed password for invalid user ozy
from <my servers ip> port 43033 ssh2
Apr 15 07:13:39 bend sshd[16539]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:40 bend sshd[16540]: Invalid user postgres from
<my servers ip>
Apr 15 07:13:43 bend sshd[16540]: Failed password for invalid user
postgres from <my servers ip> port 43153 ssh2
Apr 15 07:13:43 bend sshd[16543]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:44 bend sshd[16544]: Invalid user postgres from
<my servers ip>
Apr 15 07:13:46 bend sshd[16544]: Failed password for invalid user
postgres from <my servers ip> port 43281 ssh2
Apr 15 07:13:47 bend sshd[16547]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:48 bend sshd[16548]: Invalid user postgres from
<my servers ip>
Apr 15 07:13:50 bend sshd[16548]: Failed password for invalid user
postgres from <my servers ip> port 43407 ssh2
Apr 15 07:13:50 bend sshd[16551]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:51 bend sshd[16552]: Invalid user postgres from
<my servers ip>
Apr 15 07:13:54 bend sshd[16552]: Failed password for invalid user
postgres from <my servers ip> port 43532 ssh2
Apr 15 07:13:54 bend sshd[16555]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:55 bend sshd[16556]: Invalid user postgres from
<my servers ip>
Apr 15 07:13:57 bend sshd[16556]: Failed password for invalid user
postgres from <my servers ip> port 43657 ssh2
Apr 15 07:13:57 bend sshd[16559]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:13:59 bend sshd[16560]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:01 bend sshd[16560]: Failed password for invalid user
postgres from <my servers ip> port 43780 ssh2
Apr 15 07:14:01 bend sshd[16563]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:02 bend sshd[16564]: Invalid user post from <my servers ip>
Apr 15 07:14:04 bend sshd[16564]: Failed password for invalid user post
from <my servers ip> port 43902 ssh2
Apr 15 07:14:05 bend sshd[16567]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:06 bend sshd[16568]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:08 bend sshd[16568]: Failed password for invalid user
postgres from <my servers ip> port 44024 ssh2
Apr 15 07:14:08 bend sshd[16571]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:09 bend sshd[16572]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:12 bend sshd[16572]: Failed password for invalid user
postgres from <my servers ip> port 44141 ssh2
Apr 15 07:14:12 bend sshd[16575]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:13 bend sshd[16576]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:15 bend sshd[16576]: Failed password for invalid user
postgres from <my servers ip> port 44267 ssh2
Apr 15 07:14:15 bend sshd[16579]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:17 bend sshd[16580]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:19 bend sshd[16580]: Failed password for invalid user
postgres from <my servers ip> port 44382 ssh2
Apr 15 07:14:19 bend sshd[16583]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:20 bend sshd[16584]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:23 bend sshd[16584]: Failed password for invalid user
postgres from <my servers ip> port 44512 ssh2
Apr 15 07:14:23 bend sshd[16587]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:24 bend sshd[16588]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:26 bend sshd[16588]: Failed password for invalid user
postgres from <my servers ip> port 44635 ssh2
Apr 15 07:14:26 bend sshd[16591]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:27 bend sshd[16592]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:30 bend sshd[16592]: Failed password for invalid user
postgres from <my servers ip> port 44763 ssh2
Apr 15 07:14:30 bend sshd[16595]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:31 bend sshd[16596]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:33 bend sshd[16596]: Failed password for invalid user
postgres from <my servers ip> port 44885 ssh2
Apr 15 07:14:34 bend sshd[16599]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:35 bend sshd[16600]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:37 bend sshd[16600]: Failed password for invalid user
postgres from <my servers ip> port 45008 ssh2
Apr 15 07:14:37 bend sshd[16603]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:38 bend sshd[16604]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:41 bend sshd[16604]: Failed password for invalid user
postgres from <my servers ip> port 45142 ssh2
Apr 15 07:14:41 bend sshd[16607]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:42 bend sshd[16608]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:44 bend sshd[16608]: Failed password for invalid user
postgres from <my servers ip> port 45267 ssh2
Apr 15 07:14:45 bend sshd[16611]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:46 bend sshd[16612]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:48 bend sshd[16612]: Failed password for invalid user
postgres from <my servers ip> port 45394 ssh2
Apr 15 07:14:48 bend sshd[16615]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:49 bend sshd[16616]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:52 bend sshd[16616]: Failed password for invalid user
postgres from <my servers ip> port 45529 ssh2
Apr 15 07:14:52 bend sshd[16619]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:53 bend sshd[16620]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:55 bend sshd[16620]: Failed password for invalid user
postgres from <my servers ip> port 45659 ssh2
Apr 15 07:14:55 bend sshd[16623]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:14:57 bend sshd[16624]: Invalid user postgres from
<my servers ip>
Apr 15 07:14:59 bend sshd[16624]: Failed password for invalid user
postgres from <my servers ip> port 45781 ssh2
Apr 15 07:14:59 bend sshd[16627]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:00 bend sshd[16628]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:02 bend sshd[16628]: Failed password for invalid user
postgres from <my servers ip> port 45900 ssh2
Apr 15 07:15:03 bend sshd[16631]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:04 bend sshd[16634]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:06 bend sshd[16634]: Failed password for invalid user
postgres from <my servers ip> port 46018 ssh2
Apr 15 07:15:06 bend sshd[16637]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:07 bend sshd[16638]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:10 bend sshd[16638]: Failed password for invalid user
postgres from <my servers ip> port 46143 ssh2
Apr 15 07:15:10 bend sshd[16641]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:11 bend sshd[16642]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:13 bend sshd[16642]: Failed password for invalid user
postgres from <my servers ip> port 46267 ssh2
Apr 15 07:15:13 bend sshd[16645]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:15 bend sshd[16646]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:17 bend sshd[16646]: Failed password for invalid user
postgres from <my servers ip> port 46388 ssh2
Apr 15 07:15:17 bend sshd[16649]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:18 bend sshd[16650]: Invalid user sql from <my servers ip>
Apr 15 07:15:21 bend sshd[16650]: Failed password for invalid user sql
from <my servers ip> port 46505 ssh2
Apr 15 07:15:21 bend sshd[16653]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:22 bend sshd[16654]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:24 bend sshd[16654]: Failed password for invalid user
postgres from <my servers ip> port 46632 ssh2
Apr 15 07:15:24 bend sshd[16657]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:25 bend sshd[16658]: Invalid user sql from <my servers ip>
Apr 15 07:15:28 bend sshd[16658]: Failed password for invalid user sql
from <my servers ip> port 46760 ssh2
Apr 15 07:15:28 bend sshd[16661]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:29 bend sshd[16662]: Invalid user sql from <my servers ip>
Apr 15 07:15:31 bend sshd[16662]: Failed password for invalid user sql
from <my servers ip> port 46880 ssh2
Apr 15 07:15:32 bend sshd[16665]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:33 bend sshd[16666]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:35 bend sshd[16666]: Failed password for invalid user
postgres from <my servers ip> port 47014 ssh2
Apr 15 07:15:35 bend sshd[16669]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:36 bend sshd[16670]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:39 bend sshd[16670]: Failed password for invalid user
postgres from <my servers ip> port 47134 ssh2
Apr 15 07:15:39 bend sshd[16673]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:40 bend sshd[16674]: Invalid user postmaster from
<my servers ip>
Apr 15 07:15:42 bend sshd[16674]: Failed password for invalid user
postmaster from <my servers ip> port 47254 ssh2
Apr 15 07:15:42 bend sshd[16677]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:43 bend sshd[16678]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:46 bend sshd[16678]: Failed password for invalid user
postgres from <my servers ip> port 47379 ssh2
Apr 15 07:15:46 bend sshd[16681]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:47 bend sshd[16682]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:49 bend sshd[16682]: Failed password for invalid user
postgres from <my servers ip> port 47498 ssh2
Apr 15 07:15:50 bend sshd[16685]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:51 bend sshd[16686]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:53 bend sshd[16686]: Failed password for invalid user
postgres from <my servers ip> port 47623 ssh2
Apr 15 07:15:53 bend sshd[16689]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:54 bend sshd[16690]: Invalid user postgres from
<my servers ip>
Apr 15 07:15:57 bend sshd[16690]: Failed password for invalid user
postgres from <my servers ip> port 47744 ssh2
Apr 15 07:15:57 bend sshd[16693]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:15:58 bend sshd[16694]: Invalid user postgres from
<my servers ip>
Apr 15 07:16:00 bend sshd[16694]: Failed password for invalid user
postgres from <my servers ip> port 47866 ssh2
Apr 15 07:16:00 bend sshd[16697]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:16:02 bend sshd[16698]: Invalid user postgres from
<my servers ip>
Apr 15 07:16:04 bend sshd[16698]: Failed password for invalid user
postgres from <my servers ip> port 47983 ssh2
Apr 15 07:16:04 bend sshd[16701]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:16:05 bend sshd[16702]: Invalid user postgres from
<my servers ip>
Apr 15 07:16:08 bend sshd[16702]: Failed password for invalid user
postgres from <my servers ip> port 48101 ssh2
Apr 15 07:16:08 bend sshd[16705]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:16:09 bend sshd[16706]: Invalid user postgres from
<my servers ip>
Apr 15 07:16:11 bend sshd[16706]: Failed password for invalid user
postgres from <my servers ip> port 48228 ssh2
Apr 15 07:16:11 bend sshd[16709]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:16:12 bend sshd[16710]: Invalid user postgres from
<my servers ip>
Apr 15 07:16:15 bend sshd[16710]: Failed password for invalid user
postgres from <my servers ip> port 48366 ssh2
Apr 15 07:16:15 bend sshd[16713]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:16:16 bend sshd[16714]: Invalid user postgres from
<my servers ip>
Apr 15 07:16:18 bend sshd[16714]: Failed password for invalid user
postgres from <my servers ip> port 48507 ssh2
Apr 15 07:16:19 bend sshd[16717]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:16:20 bend sshd[16718]: Invalid user postgres from
<my servers ip>
Apr 15 07:16:22 bend sshd[16718]: Failed password for invalid user
postgres from <my servers ip> port 48639 ssh2
Apr 15 07:16:22 bend sshd[16721]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:16:23 bend sshd[16722]: Invalid user postgres from
<my servers ip>
Apr 15 07:16:26 bend sshd[16722]: Failed password for invalid user
postgres from <my servers ip> port 33715 ssh2
Apr 15 07:16:26 bend sshd[16725]: Received disconnect from
<my servers ip>: 11: Bye Bye
Apr 15 07:16:27 bend sshd[16726]: Invalid user console from
<my servers ip>
Apr 15 07:16:29 bend sshd[16726]: Failed password for invalid user
console from <my servers ip> port 33849 ssh2
Apr 15 07:16:29 bend sshd[16729]: Received disconnect from
<my servers ip>: 11: Bye Bye


---------- Forwarded message ----------
From: "Kevin" <kevingeo@gmail.com>
To: "abuse@infolink.com" <abuse@serverpronto.com>
Date: Tue, 22 Apr 2008 17:08:57 -0400
Subject: serverpronto dedicated host <my servers ip> is trying to brute force SSH access to my host

Hi,

I have the serverpronto dedicated host 65.111.168.215 . In the last
24 hours, <my servers ip> has been trying to brute force access to my
host via SSH. It appears that this machine has tried to login to my
machine 1880 times between Apr 21 22:09:31 and Apr 22 16:44:13 EDT.

The logs related to this IP are here:

http://games.coders.net/breakin-attempt.txt

A short snippet from the top of the log:

Apr 21 22:09:29 beta sshd[17712]: Address <my servers ip> maps to
217-175.111.65.serverpronto.com, but this does not map back to the
address - POSSIBLE BREAK-IN ATTEMPT! Apr 21 22:09:29 beta sshd[17712]:
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=<my servers ip> user=root Apr 21 22:09:31 beta
sshd[17712]: Failed password for root from <my servers ip> port 38997
ssh2 Apr 21 22:09:31 beta sshd[17718]: Address <my servers ip> maps to
217-175.111.65.serverpronto.com, but this does not map back to the
address - POSSIBLE BREAK-IN ATTEMPT! Apr 21 22:09:31 beta sshd[17718]:
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=<my servers ip> user=root Apr 21 22:09:32 beta
sshd[17718]: Failed password for root from <my servers ip> port 39821
ssh2 Apr 21 22:09:32 beta sshd[17720]: Address <my servers ip> maps to
217-175.111.65.serverpronto.com, but this does not map back to the
address - POSSIBLE BREAK-IN ATTEMPT! Apr 21 22:09:32 beta sshd[17720]:
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=<my servers ip> user=root Apr 21 22:09:34 beta
sshd[17720]: Failed password for root from <my servers ip> port 39999
ssh2 Apr 21 22:09:34 beta sshd[17723]: Address <my servers ip> maps to
217-175.111.65.serverpronto.com, but this does not map back to the
address - POSSIBLE BREAK-IN ATTEMPT! Apr 21 22:09:34 beta sshd[17723]:
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=<my servers ip> user=root Apr 21 22:09:36 beta
sshd[17723]: Failed password for root from <my servers ip> port 40219
ssh2 Apr 21 22:09:36 beta sshd[17726]: Address <my servers ip> maps to
217-175.111.65.serverpronto.com, but this does not map back to the
address - POSSIBLE BREAK-IN ATTEMPT! Apr 21 22:09:36 beta sshd[17726]:
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=<my servers ip> user=root Apr 21 22:09:38 beta
sshd[17726]: Failed password for root from <my servers ip> port 40447
ssh2 Apr 21 22:09:38 beta sshd[17731]: Address <my servers ip> maps to
217-175.111.65.serverpronto.com, but this does not map back to the
address - POSSIBLE BREAK-IN ATTEMPT! Apr 21 22:09:38 beta sshd[17731]:
(pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=<my servers ip> user=root

Thanks,
Kevin


---------- Forwarded message ----------
From: "Ulrich Frey" <u.frey@onex.de>
To: "abuse@infolink.com" <abuse@serverpronto.com>
Date: Tue, 22 Apr 2008 13:33:45 -0400
Subject: Illegal ssh login attempts

Hello,

has this server been hacked:

Apr 20 14:32:33 robin sshd[24305]: Invalid user admin from <my servers ip>
Apr 20 14:32:35 robin sshd[24307]: Invalid user admin from <my servers ip>
Apr 20 14:32:36 robin sshd[24309]: Invalid user admin from <my servers ip>
Apr 20 14:32:37 robin sshd[24311]: Invalid user admin from <my servers ip>
Apr 20 14:32:39 robin sshd[24313]: Invalid user admin from <my servers ip>
Apr 20 14:32:40 robin sshd[24315]: Invalid user admin from <my servers ip>
Apr 20 14:32:41 robin sshd[24317]: Invalid user askim from <my servers ip>
Apr 20 14:32:42 robin sshd[24319]: Invalid user askim from <my servers ip>
Apr 20 14:32:47 robin sshd[24321]: Invalid user ozy from <my servers ip>
Apr 20 14:32:48 robin sshd[24323]: Invalid user ozy from <my servers ip>
Apr 20 14:33:02 robin sshd[24337]: Invalid user post from <my servers ip>
Apr 20 14:33:27 robin sshd[24377]: Invalid user sql from <my servers ip>
Apr 20 14:33:29 robin sshd[24381]: Invalid user sql from <my servers ip>
Apr 20 14:33:31 robin sshd[24383]: Invalid user sql from <my servers ip>
Apr 20 14:33:35 robin sshd[24389]: Invalid user postmaster from <my servers ip>
Apr 20 14:33:50 robin sshd[24411]: Invalid user console from <my servers ip>

Times are CEST

--
mit freundlichen grüssen
ulrich frey.
__________________________________________________ __________________
onex(r) - professional it-services tel: +49 7031 675071
it-dienstleistungen, beratung, fax: +49 7031 675072
hard-/softwareverkauf und -leasing mobil: +49 178 7238557
ulrich frey email: u.frey@onex.de
tannenstrasse 3 web: http://www.onex.de/
71088 holzgerlingen_____________________Umsatzsteuer-ID: DE185611998


---------- Forwarded message ----------
From: "Forooz Saedi" <forooz.saedi@nag.co.uk>
To: "abuse@infolink.com" <abuse@serverpronto.com>, "netadm" <netadm@serverpronto.com>
Date: Mon, 21 Apr 2008 08:22:59 -0400
Subject: UNAUTHORIZED!!!/THIS MUST STOP NOW!!!


Hello,

There were attempts to access our server from IP <my servers ip>
registered under your organisation (see below for details),our
timezone is GMT+1 (BST).
Please investigate and stop this intrusion. Any feedback on the
subject will be appreciated.


F. Saedi (System administrator, NAG Ltd.)




=============================

Sure thing. I have replaced my real ip, with <My servers IP>

Thanks,

hggdh was pretty much spot on with his/her post, it would be interesting to see how it was compromised though.

Who is hggdh?

Who is hggdh?

http://ubuntuforums.org/showpost.php?p=4841384&postcount=8

:)

It's unfortunately quite normal for exposed SSH servers to have brute force account + password guessing attempts at compromising them. What you want to look for is output from:
grep "Accepted password" /var/log/auth.log
to see if anyone is actually getting in. Unfortunately, if they are in and have installed a root kit, there might not be anything logged.

Reinstalling the server might be a good move, if that's an option. Make sure that any services running are fully patched; that's typically the way bad guys try to get in. Particularly anything based on PHP.

I can't find the Deny Host tutorial on howtoforge.com, could someone please link it to me.

I found that someone managed to gain entry into my machine using the name admin. I have disabled that account on my server now. I think Webmin created that user...

searching for "denyhosts" returns it quite simply... and how long did you search for it?

searching for "denyhosts" returns it quite simply... and how long did you search for it?

Oh it's one word. That might make a difference. I looked for about 15 minutes. But the word deny and hosts where never beside each other in the matches. I'll go try again. Thanks.

Update.

I have read the guide located here: http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts

Followed the instructions word for word (lots of copy pasta) and my server appears to be running still. We'll see how it works out.