Sshd[14499]: Invalid user shiyang from 207.90.212.148 My log is full of these

Jesse7 · Nov 22, 2005, 7:53 AM

Quick question.

sshd[14499]: Invalid user shiyang from 207.90.212.148

My log is full of messages exactly like this and it went on for about 5 minutes maybe more I don't know. Each time it is a different user name but from the same ip and a new log message shows up every 3-8 seconds.

Are they trying to connect to my Pfbox? Anyone having any idea what it is all about.

Thanks.

hoba · Nov 22, 2005, 10:12 AM

Yeah, this is a brute force hacking attempt. Someone tries to get in via ssh by using dictionaries for user/password settings.

sullrich · Nov 22, 2005, 3:55 PM

SSH is disallowed by default on the WAN. Did you allow access to this somehow?

Jesse7 · Nov 22, 2005, 7:27 PM

Thought so thanks, is my first time to see stuff like this.

I have a rule that allows all traffic, which I setup for testing puposes just to rule that side of it out as the problem. I wasn't exactly worried about this sort of thing. I'm just on a basic home network with my flatmates. But now I see someone actually trying to get in I will fix that up right away!

It's actually funny because my login is admin and my password is only three letters all the same letter, I might fix that up too :P.

hoba · Nov 22, 2005, 9:53 PM

sounds like a blinking invitation to every scripting kiddie out there: "come in and find out!" ;D

Jesse7 · Nov 22, 2005, 10:41 PM

Heh yeh, but I don't post from that IP on these boards not that anyone could get my IP from these boards so no one has any way to find me :).

Not that anyone from here would aye??? :P

It's probably my short password that foiled whoever heh.

sullrich · Nov 22, 2005, 11:33 PM

@Jesse7:

Heh yeh, but I don't post from that IP on these boards not that anyone could get my IP from these boards so no one has any way to find me :).

Not that anyone from here would aye??? :P

It's probably my short password that foiled whoever heh.

Ever heard of automated random ssh scripts? Doesn't matter who or where you are. If you leave yourself wide open, they will find you.

Jesse7 · Nov 23, 2005, 9:11 PM

@sullrich:

@Jesse7:

Heh yeh, but I don't post from that IP on these boards not that anyone could get my IP from these boards so no one has any way to find me :).

Not that anyone from here would aye??? :P

It's probably my short password that foiled whoever heh.

Ever heard of automated random ssh scripts? Doesn't matter who or where you are. If you leave yourself wide open, they will find you.

True, it's probably what the above was, I have fixed those two little problems anyways. Thanks for the tips.