Hi everyone,
I'm sorry if a similar post already exists, i can't find it.
I've just recieved a mail from OVH because someone complain about my personal VPS :
They send me this log :IP is continually attempting to hack ssh passwords on a server of mine. It is being done to such an extent that it should be caught by your internal detection system. Please disable whatever you have using that IP. The IP is reported as abusive on multiple sites and is considered malicious with 100% confidence. Please disable it immediately
I don't know what to do. I checked a lot of things, i've installed clamscan and rkhunter, but i dont know what i'm looking for...Mar 23 16:17:43 server sshd[29480]: Invalid user kirinuki from XX.XXX.XX.XX
Mar 23 16:17:43 server sshd[29480]: Failed password for invalid user kirinuki from XX.XXX.XX.XX port 49984 ssh2
Mar 23 16:17:43 server sshd[29480]: Received disconnect from XX.XXX.XX.XX port 49984:11: Bye Bye [preauth]
Mar 23 16:17:43 server sshd[29480]: Disconnected from XX.XXX.XX.XX port 49984 [preauth]
Thanks in advance!
Bookmarks