Netgate SG-1000 microFirewall

Author Topic: sshd[14499]: Invalid user shiyang from 207.90.212.148 My log is full of these  (Read 4284 times)

0 Members and 1 Guest are viewing this topic.

Offline Jesse7

  • Jr. Member
  • **
  • Posts: 98
  • Karma: +0/-0
    • View Profile
Quick question.

sshd[14499]: Invalid user shiyang from 207.90.212.148

My log is full of messages exactly like this and it went on for about 5 minutes maybe more I don't know.  Each time it is a different user name but from the same ip and a new log message shows up every 3-8 seconds.

Are they trying to connect to my Pfbox?  Anyone having any idea what it is all about.

Thanks.

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Yeah, this is a brute force hacking attempt. Someone tries to get in via ssh by using dictionaries for user/password settings.

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +7/-2348
    • View Profile
    • pfSense
SSH is disallowed by default on the WAN.  Did you allow access to this somehow?

Offline Jesse7

  • Jr. Member
  • **
  • Posts: 98
  • Karma: +0/-0
    • View Profile
Thought so thanks, is my first time to see stuff like this.

I have a rule that allows all traffic,  which I setup for testing puposes just to rule that side of it out as the problem.  I wasn't exactly worried about this sort of thing.  I'm just on a basic home network with my flatmates.  But now I see someone actually trying to get in I will fix that up right away!

It's actually funny because my login is admin and my password is only three letters all the same letter,  I might fix that up too :P.

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
sounds like a blinking invitation to every scripting kiddie out there: "come in and find out!;D

Offline Jesse7

  • Jr. Member
  • **
  • Posts: 98
  • Karma: +0/-0
    • View Profile
Heh yeh,  but I don't post from that IP on these boards not that anyone could get my IP from these boards so no one has any way to find me :).

Not that anyone from here would aye??? :P

It's probably my short password that foiled whoever heh.
« Last Edit: November 22, 2005, 04:41:13 pm by Jesse7 »

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +7/-2348
    • View Profile
    • pfSense
Heh yeh,  but I don't post from that IP on these boards not that anyone could get my IP from these boards so no one has any way to find me :).

Not that anyone from here would aye??? :P

It's probably my short password that foiled whoever heh.

Ever heard of automated random ssh scripts?   Doesn't matter who or where you are.  If you leave yourself wide open, they will find you.

Offline Jesse7

  • Jr. Member
  • **
  • Posts: 98
  • Karma: +0/-0
    • View Profile
Heh yeh,  but I don't post from that IP on these boards not that anyone could get my IP from these boards so no one has any way to find me :).

Not that anyone from here would aye??? :P

It's probably my short password that foiled whoever heh.

Ever heard of automated random ssh scripts?   Doesn't matter who or where you are.  If you leave yourself wide open, they will find you.


True,  it's probably what the above was,  I have fixed those two little problems anyways.  Thanks for the tips.