Hi There have been a hacking attempt.... how do i avoid this... my log file says : Mar 10 03:35:42 brugtbazar sshd[23511]: reverse mapping checking getaddrinfo for ip101-74.introweb.nl [80.65.101.74] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 10 03:35:42 brugtbazar sshd[23511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.65.101.74 user=root Mar 10 03:35:44 brugtbazar sshd[23511]: Failed password for root from 80.65.101.74 port 37479 ssh2 Mar 10 03:35:44 brugtbazar sshd[23514]: reverse mapping checking getaddrinfo for ip101-74.introweb.nl [80.65.101.74] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 10 03:35:44 brugtbazar sshd[23514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.65.101.74 user=root Mar 10 03:35:46 brugtbazar sshd[23514]: Failed password for root from 80.65.101.74 port 37858 ssh2 The idiot decided first top stop at : Mar 10 03:47:15 BR
These are quite normal and nothing to really worry about if you use a long password which consists of chars in upper and lowercase and numbers. These attacks occur to internet servers all day long. You can use fail2ban to stop such attacks after a few failed login attempts by blocking the attacker automatically on network level. So he did stop quite fast, such attachs may last hours or even days.