I'm getting hundreds of ssh login attempts everyday, even if the service is disabled in Management > System settings, and no IP is allowed in the list.
I tryied to connect myself, but couldnt.
So my guess is the IP block has been bypassed somehow.
Also that the server wasnt disabled even tho I told it to disable SSH.
2011:08:20-08:18:13 fire1 sshd[30258]: reverse mapping checking getaddrinfo for static-216-186-224-214.knology.net [216.186.224.214] failed - POSSIBLE BREAK-IN ATTEMPT!
2011:08:20-08:18:13 fire1 sshd[30258]: Failed password for root from 216.186.224.214 port 51564 ssh2
2011:08:20-08:18:13 fire1 sshd[30258]: Failed password for root from 216.186.224.214 port 51564 ssh2
2011:08:20-08:18:14 fire1 sshd[30258]: Failed password for root from 216.186.224.214 port 51564 ssh2
2011:08:20-08:18:15 fire1 sshd[30268]: reverse mapping checking getaddrinfo for static-216-186-224-214.knology.net [216.186.224.214] failed - POSSIBLE BREAK-IN ATTEMPT!
2011:08:20-08:18:15 fire1 sshd[30268]: Failed password for root from 216.186.224.214 port 16273 ssh2
2011:08:20-08:18:15 fire1 sshd[30268]: Failed password for root from 216.186.224.214 port 16273 ssh2
2011:08:20-08:18:16 fire1 sshd[30268]: Failed password for root from 216.186.224.214 port 16273 ssh2
2011:08:20-08:18:17 fire1 sshd[30277]: reverse mapping checking getaddrinfo for static-216-186-224-214.knology.net [216.186.224.214] failed - POSSIBLE BREAK-IN ATTEMPT!
2011:08:20-08:18:17 fire1 sshd[30277]: Failed password for root from 216.186.224.214 port 29023 ssh2
2011:08:20-08:18:17 fire1 sshd[30277]: Failed password for root from 216.186.224.214 port 29023 ssh2
2011:08:20-08:18:18 fire1 sshd[30277]: Failed password for root from 216.186.224.214 port 29023 ssh2
2011:08:20-08:18:19 fire1 sshd[30285]: reverse mapping checking getaddrinfo for static-216-186-224-214.knology.net [216.186.224.214] failed - POSSIBLE BREAK-IN ATTEMPT!
2011:08:20-08:18:19 fire1 sshd[30285]: Failed password for root from 216.186.224.214 port 36335 ssh2
2011:08:20-08:18:20 fire1 sshd[30285]: Failed password for root from 216.186.224.214 port 36335 ssh2
2011:08:20-08:18:20 fire1 sshd[30285]: Failed password for root from 216.186.224.214 port 36335 ssh2
2011:08:20-08:18:21 fire1 sshd[30293]: reverse mapping checking getaddrinfo for static-216-186-224-214.knology.net [216.186.224.214] failed - POSSIBLE BREAK-IN ATTEMPT!
2011:08:20-08:18:21 fire1 sshd[30293]: Failed password for root from 216.186.224.214 port 4739 ssh2
2011:08:20-08:18:22 fire1 sshd[30293]: Failed password for root from 216.186.224.214 port 4739 ssh2
2011:08:20-08:18:22 fire1 sshd[30293]: Failed password for root from 216.186.224.214 port 4739 ssh2
2011:08:20-08:18:23 fire1 sshd[30301]: reverse mapping checking getaddrinfo for static-216-186-224-214.knology.net [216.186.224.214] failed - POSSIBLE BREAK-IN ATTEMPT!
2011:08:20-08:18:23 fire1 sshd[30301]: Failed password for root from 216.186.224.214 port 41788 ssh2
2011:08:20-08:18:24 fire1 sshd[30301]: Failed password for root from 216.186.224.214 port 41788 ssh2
2011:08:20-08:18:24 fire1 sshd[30301]: Failed password for root from 216.186.224.214 port 41788 ssh2
2011:08:20-08:18:25 fire1 sshd[30310]: reverse mapping checking getaddrinfo for static-216-186-224-214.knology.net [216.186.224.214] failed - POSSIBLE BREAK-IN ATTEMPT!
2011:08:20-08:18:25 fire1 sshd[30310]: Failed password for root from 216.186.224.214 port 37957 ssh2
2011:08:20-08:18:26 fire1 sshd[30310]: Failed password for root from 216.186.224.214 port 37957 ssh2
2011:08:20-08:18:26 fire1 sshd[30310]: Failed password for root from 216.186.224.214 port 37957 ssh2
2011:08:20-08:18:27 fire1 sshd[30318]: reverse mapping checking getaddrinfo for static-216-186-224-214.knology.net [216.186.224.214] failed - POSSIBLE BREAK-IN ATTEMPT!
2011:08:20-08:18:27 fire1 sshd[30318]: Failed password for root from 216.186.224.214 port 53159 ssh2
2011:08:20-08:18:28 fire1 sshd[30318]: Failed password for root from 216.186.224.214 port 53159 ssh2
2011:08:20-08:18:28 fire1 sshd[30318]: Failed password for root from 216.186.224.214 port 53159 ssh2
2011:08:20-08:18:29 fire1 sshd[30326]: reverse mapping checking getaddrinfo for static-216-186-224-214.knology.net [216.186.224.214] failed - POSSIBLE BREAK-IN ATTEMPT!
2011:08:20-08:18:30 fire1 sshd[30326]: Failed password for root from 216.186.224.214 port 63244 ssh2
2011:08:20-13:23:45 fire1 sshd[7611]: Failed password for root from 49.212.78.16 port 47730 ssh2
2011:08:20-13:23:47 fire1 sshd[7622]: Failed password for root from 49.212.78.16 port 48492 ssh2
2011:08:20-13:23:50 fire1 sshd[7629]: Failed password for root from 49.212.78.16 port 49038 ssh2
2011:08:20-13:23:52 fire1 sshd[7642]: Failed password for root from 49.212.78.16 port 49439 ssh2
2011:08:20-13:23:55 fire1 sshd[7650]: Failed password for root from 49.212.78.16 port 50077 ssh2
2011:08:20-13:23:57 fire1 sshd[7658]: Failed password for root from 49.212.78.16 port 50523 ssh2
2011:08:20-13:23:59 fire1 sshd[7664]: Failed password for root from 49.212.78.16 port 51142 ssh2
2011:08:20-13:24:02 fire1 sshd[7668]: Failed password for root from 49.212.78.16 port 51697 ssh2
2011:08:20-13:24:20 fire1 sshd[7675]: Did not receive identification string from 49.212.78.16
I could just go in console and kill ssh proccess, but it doesnt feel right, since I think there is a security lack in the system. it has been happening since i installed it in 8.101 and now I'm on 8.201
This thread was automatically locked due to age.