PaulDotCom mailing list archives

Ssh break in attempt

From: cgkades at gmail.com (Brett)
Date: Wed, 10 Mar 2010 15:49:19 -0800

I realized I haven't checked my logs on my new server ( bad me ). But  
I figured I wouldn't find anything, it's only my personal server. I  
checked the logs today to find thousands of login attempts. Most tried  
to brute my root password, though I don't have a root user. There were  
a bunch of user name attempts for what looked like a name dictionary  
attack. Some were from busness static ip's and there were even some  
from perdu.edu

Now for my questions. What should I look for to find out if they  
actually got in? Parse the auth log for those ip's for a successfull  
login? I also run a web server on that machine, is there something I  
can look for to see If they got into that? Also is there any recourse  
I have? Or should I just let it go and harden my server even more?

Sent from my iPhone

Current thread:

Ssh break in attempt Brett (Mar 10)
- Ssh break in attempt Jody & Jennifer McCluggage (Mar 10)
- Ssh break in attempt Matt Erasmus (Mar 10)
  - Ssh break in attempt Dimitrios Kapsalis (Mar 11)
    - Ssh break in attempt Brett (Mar 11)
    - Ssh break in attempt Joshua Smith (Mar 11)
    - Ssh break in attempt Jody & Jennifer McCluggage (Mar 11)
    - Ssh break in attempt PJ McGarvey (Mar 12)
- Ssh break in attempt Robert Miller (Mar 11)
- <Possible follow-ups>
- Ssh break in attempt iamnowonmai (Mar 10)