Mac_Hack
05.04.2010, 22:46
Hallo Community,
Ich bin wieder mal stark von euch abhängig (:D) und zur zeit etwas ratlos.
Ich habe gerade eben die Logs meines vServer (Debian 64-bit) überprüft und seeeehr viele komische Einträge gefunden.
Hier mal ein kleiner ausschnitt:
Apr 5 02:02:00 sshd[15548]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:02:00 sshd[15548]: Did not receive identification string from 219.134.191.203
Apr 5 02:09:09 CRON[18333]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 5 02:09:24 CRON[18333]: pam_unix(cron:session): session closed for user root
Apr 5 02:09:46 sshd[23611]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:09:47 sshd[23611]: Invalid user staff from 219.134.191.203
Apr 5 02:09:47 sshd[23611]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 02:09:47 sshd[23611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.134.191.203
Apr 5 02:09:49 sshd[23611]: Failed password for invalid user staff from 219.134.191.203 port 43784 ssh2
Apr 5 02:09:50 sshd[23705]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:09:51 sshd[23705]: Invalid user sales from 219.134.191.203
Apr 5 02:09:51 sshd[23705]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 02:09:51 sshd[23705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.134.191.203
Apr 5 02:09:53 sshd[23705]: Failed password for invalid user sales from 219.134.191.203 port 43891 ssh2
Apr 5 02:09:53 sshd[23799]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:09:55 sshd[23799]: Invalid user recruit from 219.134.191.203
Apr 5 02:09:55 sshd[23799]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 02:09:55 sshd[23799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.134.191.203
Apr 5 02:09:57 sshd[23799]: Failed password for invalid user recruit from 219.134.191.203 port 43932 ssh2
Apr 5 02:09:57 sshd[23904]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:09:59 sshd[23904]: Invalid user alias from 219.134.191.203
Apr 5 02:09:59 sshd[23904]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 02:09:59 sshd[23904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.134.191.203
Apr 5 02:10:00 sshd[23904]: Failed password for invalid user alias from 219.134.191.203 port 44043 ssh2
Apr 5 02:10:01 sshd[24556]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:10:03 sshd[24556]: Invalid user office from 219.134.191.203
Apr 5 02:10:03 sshd[24556]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 02:10:03 sshd[24556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.134.191.203
Apr 5 02:10:05 sshd[24556]: Failed password for invalid user office from 219.134.191.203 port 44112 ssh2
Apr 5 02:10:05 sshd[28605]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:10:07 sshd[28605]: Invalid user samba from 219.134.191.203
Das ganze begann am Apr 5 02:02:00 und geht bis Apr 5 15:22:47
Das war der letzte unbekannte Log
Apr 5 15:22:47 sshd[28235]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 15:22:54 sshd[28235]: Invalid user students from 110.172.156.2
Apr 5 15:22:54 sshd[28235]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 15:22:54 sshd[28235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.172.156.2
Apr 5 15:22:57 sshd[28235]: Failed password for invalid user students from 110.172.156.2 port 43591 ssh2
Ich habe jetzt den Port für SSH geändert. Wollte trotzdem wissen ob man noch was machen kann?
Ich bin wieder mal stark von euch abhängig (:D) und zur zeit etwas ratlos.
Ich habe gerade eben die Logs meines vServer (Debian 64-bit) überprüft und seeeehr viele komische Einträge gefunden.
Hier mal ein kleiner ausschnitt:
Apr 5 02:02:00 sshd[15548]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:02:00 sshd[15548]: Did not receive identification string from 219.134.191.203
Apr 5 02:09:09 CRON[18333]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 5 02:09:24 CRON[18333]: pam_unix(cron:session): session closed for user root
Apr 5 02:09:46 sshd[23611]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:09:47 sshd[23611]: Invalid user staff from 219.134.191.203
Apr 5 02:09:47 sshd[23611]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 02:09:47 sshd[23611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.134.191.203
Apr 5 02:09:49 sshd[23611]: Failed password for invalid user staff from 219.134.191.203 port 43784 ssh2
Apr 5 02:09:50 sshd[23705]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:09:51 sshd[23705]: Invalid user sales from 219.134.191.203
Apr 5 02:09:51 sshd[23705]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 02:09:51 sshd[23705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.134.191.203
Apr 5 02:09:53 sshd[23705]: Failed password for invalid user sales from 219.134.191.203 port 43891 ssh2
Apr 5 02:09:53 sshd[23799]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:09:55 sshd[23799]: Invalid user recruit from 219.134.191.203
Apr 5 02:09:55 sshd[23799]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 02:09:55 sshd[23799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.134.191.203
Apr 5 02:09:57 sshd[23799]: Failed password for invalid user recruit from 219.134.191.203 port 43932 ssh2
Apr 5 02:09:57 sshd[23904]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:09:59 sshd[23904]: Invalid user alias from 219.134.191.203
Apr 5 02:09:59 sshd[23904]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 02:09:59 sshd[23904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.134.191.203
Apr 5 02:10:00 sshd[23904]: Failed password for invalid user alias from 219.134.191.203 port 44043 ssh2
Apr 5 02:10:01 sshd[24556]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:10:03 sshd[24556]: Invalid user office from 219.134.191.203
Apr 5 02:10:03 sshd[24556]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 02:10:03 sshd[24556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.134.191.203
Apr 5 02:10:05 sshd[24556]: Failed password for invalid user office from 219.134.191.203 port 44112 ssh2
Apr 5 02:10:05 sshd[28605]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 02:10:07 sshd[28605]: Invalid user samba from 219.134.191.203
Das ganze begann am Apr 5 02:02:00 und geht bis Apr 5 15:22:47
Das war der letzte unbekannte Log
Apr 5 15:22:47 sshd[28235]: error writing /proc/self/oom_adj: Operation not permitted
Apr 5 15:22:54 sshd[28235]: Invalid user students from 110.172.156.2
Apr 5 15:22:54 sshd[28235]: pam_unix(sshd:auth): check pass; user unknown
Apr 5 15:22:54 sshd[28235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.172.156.2
Apr 5 15:22:57 sshd[28235]: Failed password for invalid user students from 110.172.156.2 port 43591 ssh2
Ich habe jetzt den Port für SSH geändert. Wollte trotzdem wissen ob man noch was machen kann?