#1  
Old 12th May 2007, 19:50
cruz cruz is offline
Senior Member
 
Join Date: Apr 2007
Posts: 365
Thanks: 51
Thanked 2 Times in 2 Posts
Default log files

Is this someone trying to get into my server or is this normal. I have had some logs like this a few times.
HTML Code:
**Unmatched Entries**
 pam_succeed_if(sshd:auth): error retrieving information about user susan : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user library : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user willie : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user steve : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user agent : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user john : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user xgridcontroller : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user tony : 3 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user rfmngr : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user appserver : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user test : 7 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user george : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user webmaster : 3 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user arthur : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user alfred : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user clamav : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user beny : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user visitor : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user search : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user frank : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user id : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user irc : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user samba : 3 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user kathi : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user cyrusimap : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user ali : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user securityagent : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user aron : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user username : 2 time(s)
 Exiting on signal 15 : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user alias : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user jabber : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user radiomail : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user amanda : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user cyrus : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user newsletter : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user steven : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user webpop : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user anita : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user andi : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user dany : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user pgsql : 2 time(s)
--More--
No one I know. There are more, but I just posted a few of them.
Reply With Quote
Sponsored Links
  #2  
Old 13th May 2007, 18:55
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Yes, it seems someone is trying a brute-force attack.
These tutorials might be interesting for you: http://www.howtoforge.com/fail2ban_debian_etch
http://www.howtoforge.com/preventing...with_denyhosts
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 14th May 2007, 22:57
cruz cruz is offline
Senior Member
 
Join Date: Apr 2007
Posts: 365
Thanks: 51
Thanked 2 Times in 2 Posts
Default programs for blocking bruteforec

Will this work for centos5? It is saying the install is for debian. Is that the same as cent0s5, and are the files in the same places?Sorry I am new to Linux and do not know the diff.
Reply With Quote
  #4  
Old 15th May 2007, 14:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
 
Default

CentOS is different from Debian, so you will have to make some changes to the tutorials (unfortunately I don't know which ones because I haven't tried them on CentOS).
One difference, for example, is that CentOS uses yum instead of apt-get to install packages, so where I use
Code:
apt-get install package
you'd use
Code:
yum install package
(the package names might also differ slightly).
The locations should more or less be the same.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPconfig log files in /var/log todvard Installation/Configuration 4 3rd May 2010 19:07
Big client log files Jorem Installation/Configuration 2 13th November 2007 09:52
Webalizer log file and vhost log files hans2512 Installation/Configuration 5 25th March 2007 19:16
No ftp login for ispconfig-webuser agri Installation/Configuration 12 19th March 2007 10:06
Network questions regarding Ubuntu Server lubod Installation/Configuration 7 3rd January 2007 18:53


All times are GMT +2. The time now is 17:38.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.