sshd Authentication Failures LogWatch Published: Apr 07, 2006
  • Rating

    5/5

For anyone using LogWatch and is worried about sshd Authentication Failures then you need to understand that there are thousands of robots and scripts that will scan random IPs for easy login access to servers. This is nothing to worry about.

Logwatch Authentication Failures

sshd:
Authentication Failures:
unknown (202.172.251.200): 251 Time(s)
Invalid Users:
Unknown Account: 499 Time(s)

All you need to do is block the IP that’s scanning your system. You can
do this automatically by following my tutorial on Preventing Brute Force
Attacks http://www.webhostgear.com/240.html

Changing your SSH port number will sometimes help for scanners that are
not targetted but anyone can still do a port scan and run the bot on the
different port. Blocking them with your firewall is be best method.

Once BFD and APF are setup you dont’ need to worry about LogWatch
Authentication Failures anymore.

Steve

  • Rating

    5/5

Related Articles

Comments (0)

No one has commented on this page yet.

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2017 WebHostGear.com