[plug] ssh worms

Brad Campbell brad at fnarfbargle.com
Sun Apr 7 04:10:38 UTC 2013


On 06/04/13 02:57, Alexander Hartner wrote:
> Hi Brad,
>
> What are you using to monitor this ?
>

My solution is decidely low-tech :

<quote>
This email is sent by logcheck. If you no longer wish to receive
such mail, you can either deinstall the logcheck package or modify
its configuration file (/etc/logcheck/logcheck.conf).

System Events
=-=-=-=-=-=-=
Apr  4 15:02:09 srv sshd[28323]: input_userauth_request: invalid user 
alexis [preauth]
Apr  4 15:56:12 srv sshd[6831]: input_userauth_request: invalid user vzx 
[preauth]
Apr  4 15:56:17 srv sshd[6838]: input_userauth_request: invalid user vzy 
[preauth]
Apr  4 15:56:22 srv sshd[6843]: input_userauth_request: invalid user vzz 
[preauth]

</>


More information about the plug mailing list