WebHostGear.com - the hosting resource for professionalshosting tutorials hosting howto webhost guide server managementMarch 20, 2006
server management, apache tutorials, hosting tutorials, cpanel, server security
Home | Blog |Hosting Forums | Most Popular | Top Rated | Search | Archive | RSS Syndicate | Contact Us | Site Map

Advanced Search
Search Forums

Categories:
Hire an ExpertHire an Expert
Hosting BlogBlog
ArticlesArticles
Hosting TutorialsHosting Tutorials
Cpanel TutorialsCpanel Tutorials
Server SecurityServer Security
InterviewsInterviews
ReviewsReviews
Web Host NewsWeb Hosting News
ForumsHosting Forums
ProjectsProjects

Special Offer:

Site Related:
Submit hosting articleSubmit Article
AdvertiseAdvertise
About UsAbout Us
WebhostGear PartnersPartners
SyndicateRSS Syndicate
Write for usWrite for us
Recommend UsRecommend Us
DisclaimerDisclaimer
Contact UsContact Us
Site MapSite Map

Free Newsletter:

Subscribe to our free newsletter and receive, tutorials, reviews and more all related to the hosting industry.
E-mail Address:

First Name:




Web Hosting Blog, Hosting Blog and updates in the hosting world.

Hosting Blog

sshd Authentication Failures LogWatch

For anyone using LogWatch and is worried about sshd Authentication
Failures then you need to understand that there are thousands of robots
and scripts that will scan random IPs for easy login access to servers.
This is nothing to worry about.

Logwatch Authentication Failures

sshd:
Authentication Failures:
unknown (202.172.251.200): 251 Time(s)
Invalid Users:
Unknown Account: 499 Time(s)

All you need to do is block the IP that’s scanning your system. You can
do this automatically by following my tutorial on Preventing Brute Force
Attacks http://www.webhostgear.com/240.html

Changing your SSH port number will sometimes help for scanners that are
not targetted but anyone can still do a port scan and run the bot on the
different port. Blocking them with your firewall is be best method.

Once BFD and APF are setup you dont’ need to worry about LogWatch
Authentication Failures anymore.

Steve

This entry was posted on Friday, April 7th, 2006 at 10:17 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “sshd Authentication Failures LogWatch”

  1. Marco Says:
    May 25th, 2006 at 6:20 pm

    Hello, I prefer to use TCPWrappers,
    Enter to your server, then
    vi /etc/hosts.allow
    Insert sshd: your IP or your ISP, for ex. : .aol.com, (don’t forget the period at the begin) the file looks :
    sshd:aaa.bbb.ccc.ddd,.aol.com,
    Save the file and then edit /etc/hosts.deny
    Insert the following text,
    sshd:ALL,
    Save the file and logout.
    After a time you can see in /var/log/secure
    the refused connections.
    Note, if you have Dynamic IP don’t forget to put your ISP!

    Marco

Leave a Reply