Answer the question
In order to leave comments, you need to log in
Does this look like brute force?
Oct 12 08:56:38 CentOS-71-64-minimal sshd[28606]: Failed password for root from 116.31.116.49 port 33660 ssh2
Oct 12 09:03:49 CentOS-71-64-minimal sshd[28751]: Connection closed by 116.31.116.49 [preauth]
Oct 12 09:05:59 CentOS-71-64-minimal sshd[28779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.49 user=root
Oct 12 09:05:59 CentOS-71-64-minimal sshd[28779]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:06:01 CentOS-71-64-minimal sshd[28779]: Failed password for root from 116.31.116.49 port 25309 ssh2
Oct 12 09:06:01 CentOS-71-64-minimal sshd[28779]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:06:04 CentOS-71-64-minimal sshd[28779]: Failed password for root from 116.31.116.49 port 25309 ssh2
Oct 12 09:06:17 CentOS-71-64-minimal sshd[28801]: Invalid user carter from 220.226.2.130
Oct 12 09:06:17 CentOS-71-64-minimal sshd[28801]: input_userauth_request: invalid user carter [preauth]
Oct 12 09:06:17 CentOS-71-64-minimal sshd[28801]: pam_unix(sshd:auth): check pass; user unknown
Oct 12 09:06:17 CentOS-71-64-minimal sshd[28801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.226.2.130
Oct 12 09:06:19 CentOS-71-64-minimal sshd[28801]: Failed password for invalid user carter from 220.226.2.130 port 48649 ssh2
Oct 12 09:06:20 CentOS-71-64-minimal sshd[28801]: pam_unix(sshd:auth): check pass; user unknown
Oct 12 09:06:23 CentOS-71-64-minimal sshd[28801]: Failed password for invalid user carter from 220.226.2.130 port 48649 ssh2
Oct 12 09:06:23 CentOS-71-64-minimal sshd[28801]: pam_unix(sshd:auth): check pass; user unknown
Oct 12 09:06:25 CentOS-71-64-minimal sshd[28801]: Failed password for invalid user carter from 220.226.2.130 port 48649 ssh2
Oct 12 09:06:25 CentOS-71-64-minimal sshd[28801]: Connection closed by 220.226.2.130 [preauth]
Oct 12 09:06:25 CentOS-71-64-minimal sshd[28801]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.226.2.130
Oct 12 09:11:40 CentOS-71-64-minimal sshd[28844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.49 user=root
Oct 12 09:11:40 CentOS-71-64-minimal sshd[28844]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:11:42 CentOS-71-64-minimal sshd[28844]: Failed password for root from 116.31.116.49 port 14492 ssh2
Oct 12 09:11:49 CentOS-71-64-minimal sshd[28844]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:11:51 CentOS-71-64-minimal sshd[28844]: Failed password for root from 116.31.116.49 port 14492 ssh2
Oct 12 09:11:51 CentOS-71-64-minimal sshd[28844]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:11:53 CentOS-71-64-minimal sshd[28844]: Failed password for root from 116.31.116.49 port 14492 ssh2
Oct 12 09:11:54 CentOS-71-64-minimal sshd[28844]: Received disconnect from 116.31.116.49: 11: [preauth]
Oct 12 09:11:54 CentOS-71-64-minimal sshd[28844]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.49 user=root
Oct 12 09:33:41 CentOS-71-64-minimal sshd[29149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.49 user=root
Oct 12 09:33:41 CentOS-71-64-minimal sshd[29149]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:33:43 CentOS-71-64-minimal sshd[29149]: Failed password for root from 116.31.116.49 port 41582 ssh2
Oct 12 09:33:44 CentOS-71-64-minimal sshd[29149]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:34:19 CentOS-71-64-minimal sshd[29186]: Accepted password for root from 31.192.157.29 port 11463 ssh2
Oct 12 09:34:19 CentOS-71-64-minimal sshd[29186]: pam_unix(sshd:session): session opened for user root by (uid=0)
Oct 12 09:40:36 CentOS-71-64-minimal sshd[29332]: Did not receive identification string from 113.108.21.16
Oct 12 09:40:44 CentOS-71-64-minimal sshd[29304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.49 user=root
Oct 12 09:40:44 CentOS-71-64-minimal sshd[29304]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:40:45 CentOS-71-64-minimal sshd[29304]: Failed password for root from 116.31.116.49 port 31961 ssh2
Oct 12 09:47:10 CentOS-71-64-minimal sshd[29395]: Connection closed by 116.31.116.49 [preauth]
Answer the question
In order to leave comments, you need to log in
So you have the sshd log. What does nginx have to do with it?
Yes, this is the usual brute force by bots. The fastest way is to run through the list of the most common accounts and passwords, and switch to another victim.
Move the ssh port to a non-standard one, and screw some fail2ban
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question