[plug] ssh worms
Brad Campbell
brad at fnarfbargle.com
Sun Apr 7 04:10:38 UTC 2013
On 06/04/13 02:57, Alexander Hartner wrote:
> Hi Brad,
>
> What are you using to monitor this ?
>
My solution is decidely low-tech :
<quote>
This email is sent by logcheck. If you no longer wish to receive
such mail, you can either deinstall the logcheck package or modify
its configuration file (/etc/logcheck/logcheck.conf).
System Events
=-=-=-=-=-=-=
Apr 4 15:02:09 srv sshd[28323]: input_userauth_request: invalid user
alexis [preauth]
Apr 4 15:56:12 srv sshd[6831]: input_userauth_request: invalid user vzx
[preauth]
Apr 4 15:56:17 srv sshd[6838]: input_userauth_request: invalid user vzy
[preauth]
Apr 4 15:56:22 srv sshd[6843]: input_userauth_request: invalid user vzz
[preauth]
</>
More information about the plug
mailing list