System logs ?!



  • Hi , for like 2 days i activated ssh to configure pfsense with putty, it's working great, but i saw this in system logs ? those connection means that someone tryed to connect trought ssh to my pfsense machine ?? thanks

    Jan 29 06:20:28 sshd[48990]: Failed password for root from 91.205.189.15 port 40642 ssh2
    Jan 29 06:20:29 sshd[49346]: Failed password for root from 91.205.189.15 port 40740 ssh2
    Jan 29 06:20:30 sshd[49925]: Failed password for nobody from 91.205.189.15 port 40848 ssh2
    Jan 29 06:20:30 sshd[50249]: Failed password for nobody from 91.205.189.15 port 40967 ssh2
    Jan 29 06:20:31 sshd[50257]: Failed password for nobody from 91.205.189.15 port 41065 ssh2
    Jan 29 06:20:32 sshd[50517]: Failed password for root from 91.205.189.15 port 41161 ssh2



  • Yes.

    You can change ssh port, close ssh from wan or configure a VPN.



  • Your WAN firewall rules are way too permissive, don't allow SSH from the Internet.



  • You should also look at grabbing PFblocker, you can block the whole Russian Federation from spamming your box. ;)



  • @cmb:

    Your WAN firewall rules are way too permissive, don't allow SSH from the Internet.

    what I did is kept the permissions the same but changed the default SSH port, it cut down brute force attempts by 99%

    also this IP is breaking guiness world of records for brute force attempts and not a single DNSBL registered it yet…. http://ip-address-lookup-v4.com/ip/91.205.189.15


Log in to reply