Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sshd[14499]: Invalid user shiyang from 207.90.212.148 My log is full of these

    General pfSense Questions
    3
    8
    5.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jesse7
      last edited by

      Quick question.

      sshd[14499]: Invalid user shiyang from 207.90.212.148

      My log is full of messages exactly like this and it went on for about 5 minutes maybe more I don't know.  Each time it is a different user name but from the same ip and a new log message shows up every 3-8 seconds.

      Are they trying to connect to my Pfbox?  Anyone having any idea what it is all about.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Yeah, this is a brute force hacking attempt. Someone tries to get in via ssh by using dictionaries for user/password settings.

        1 Reply Last reply Reply Quote 0
        • S
          sullrich
          last edited by

          SSH is disallowed by default on the WAN.  Did you allow access to this somehow?

          1 Reply Last reply Reply Quote 0
          • J
            Jesse7
            last edited by

            Thought so thanks, is my first time to see stuff like this.

            I have a rule that allows all traffic,  which I setup for testing puposes just to rule that side of it out as the problem.  I wasn't exactly worried about this sort of thing.  I'm just on a basic home network with my flatmates.  But now I see someone actually trying to get in I will fix that up right away!

            It's actually funny because my login is admin and my password is only three letters all the same letter,  I might fix that up too :P.

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              sounds like a blinking invitation to every scripting kiddie out there: "come in and find out!"  ;D

              1 Reply Last reply Reply Quote 0
              • J
                Jesse7
                last edited by

                Heh yeh,  but I don't post from that IP on these boards not that anyone could get my IP from these boards so no one has any way to find me :).

                Not that anyone from here would aye??? :P

                It's probably my short password that foiled whoever heh.

                1 Reply Last reply Reply Quote 0
                • S
                  sullrich
                  last edited by

                  @Jesse7:

                  Heh yeh,  but I don't post from that IP on these boards not that anyone could get my IP from these boards so no one has any way to find me :).

                  Not that anyone from here would aye??? :P

                  It's probably my short password that foiled whoever heh.

                  Ever heard of automated random ssh scripts?  Doesn't matter who or where you are.  If you leave yourself wide open, they will find you.

                  1 Reply Last reply Reply Quote 0
                  • J
                    Jesse7
                    last edited by

                    @sullrich:

                    @Jesse7:

                    Heh yeh,  but I don't post from that IP on these boards not that anyone could get my IP from these boards so no one has any way to find me :).

                    Not that anyone from here would aye??? :P

                    It's probably my short password that foiled whoever heh.

                    Ever heard of automated random ssh scripts?  Doesn't matter who or where you are.  If you leave yourself wide open, they will find you.

                    True,  it's probably what the above was,  I have fixed those two little problems anyways.  Thanks for the tips.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.