Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
W
W
WebDev2016-10-12 10:54:33
SSH
WebDev, 2016-10-12 10:54:33

Does this look like brute force?

Oct 12 08:56:38 CentOS-71-64-minimal sshd[28606]: Failed password for root from 116.31.116.49 port 33660 ssh2
Oct 12 09:03:49 CentOS-71-64-minimal sshd[28751]: Connection closed by 116.31.116.49 [preauth]
Oct 12 09:05:59 CentOS-71-64-minimal sshd[28779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.49  user=root
Oct 12 09:05:59 CentOS-71-64-minimal sshd[28779]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:06:01 CentOS-71-64-minimal sshd[28779]: Failed password for root from 116.31.116.49 port 25309 ssh2
Oct 12 09:06:01 CentOS-71-64-minimal sshd[28779]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:06:04 CentOS-71-64-minimal sshd[28779]: Failed password for root from 116.31.116.49 port 25309 ssh2
Oct 12 09:06:17 CentOS-71-64-minimal sshd[28801]: Invalid user carter from 220.226.2.130
Oct 12 09:06:17 CentOS-71-64-minimal sshd[28801]: input_userauth_request: invalid user carter [preauth]
Oct 12 09:06:17 CentOS-71-64-minimal sshd[28801]: pam_unix(sshd:auth): check pass; user unknown
Oct 12 09:06:17 CentOS-71-64-minimal sshd[28801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.226.2.130
Oct 12 09:06:19 CentOS-71-64-minimal sshd[28801]: Failed password for invalid user carter from 220.226.2.130 port 48649 ssh2
Oct 12 09:06:20 CentOS-71-64-minimal sshd[28801]: pam_unix(sshd:auth): check pass; user unknown
Oct 12 09:06:23 CentOS-71-64-minimal sshd[28801]: Failed password for invalid user carter from 220.226.2.130 port 48649 ssh2
Oct 12 09:06:23 CentOS-71-64-minimal sshd[28801]: pam_unix(sshd:auth): check pass; user unknown
Oct 12 09:06:25 CentOS-71-64-minimal sshd[28801]: Failed password for invalid user carter from 220.226.2.130 port 48649 ssh2
Oct 12 09:06:25 CentOS-71-64-minimal sshd[28801]: Connection closed by 220.226.2.130 [preauth]
Oct 12 09:06:25 CentOS-71-64-minimal sshd[28801]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.226.2.130
Oct 12 09:11:40 CentOS-71-64-minimal sshd[28844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.49  user=root
Oct 12 09:11:40 CentOS-71-64-minimal sshd[28844]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:11:42 CentOS-71-64-minimal sshd[28844]: Failed password for root from 116.31.116.49 port 14492 ssh2
Oct 12 09:11:49 CentOS-71-64-minimal sshd[28844]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:11:51 CentOS-71-64-minimal sshd[28844]: Failed password for root from 116.31.116.49 port 14492 ssh2
Oct 12 09:11:51 CentOS-71-64-minimal sshd[28844]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:11:53 CentOS-71-64-minimal sshd[28844]: Failed password for root from 116.31.116.49 port 14492 ssh2
Oct 12 09:11:54 CentOS-71-64-minimal sshd[28844]: Received disconnect from 116.31.116.49: 11:  [preauth]
Oct 12 09:11:54 CentOS-71-64-minimal sshd[28844]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.49  user=root
Oct 12 09:33:41 CentOS-71-64-minimal sshd[29149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.49  user=root
Oct 12 09:33:41 CentOS-71-64-minimal sshd[29149]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:33:43 CentOS-71-64-minimal sshd[29149]: Failed password for root from 116.31.116.49 port 41582 ssh2
Oct 12 09:33:44 CentOS-71-64-minimal sshd[29149]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:34:19 CentOS-71-64-minimal sshd[29186]: Accepted password for root from 31.192.157.29 port 11463 ssh2
Oct 12 09:34:19 CentOS-71-64-minimal sshd[29186]: pam_unix(sshd:session): session opened for user root by (uid=0)
Oct 12 09:40:36 CentOS-71-64-minimal sshd[29332]: Did not receive identification string from 113.108.21.16
Oct 12 09:40:44 CentOS-71-64-minimal sshd[29304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.49  user=root
Oct 12 09:40:44 CentOS-71-64-minimal sshd[29304]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 12 09:40:45 CentOS-71-64-minimal sshd[29304]: Failed password for root from 116.31.116.49 port 31961 ssh2
Oct 12 09:47:10 CentOS-71-64-minimal sshd[29395]: Connection closed by 116.31.116.49 [preauth]

The whole nginx log is in this. What is it? Brute force?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vladimir Kuts, 2016-10-12
@kirill-93

So you have the sshd log. What does nginx have to do with it?
Yes, this is the usual brute force by bots. The fastest way is to run through the list of the most common accounts and passwords, and switch to another victim.
Move the ssh port to a non-standard one, and screw some fail2ban

Report
P
Pavel, 2016-10-13
@pbt39

do you know about fail2ban ?

Similar questions
G
GSnick2016-12-23 19:23:07
Similar to xshell/putty for mac? 1Reply
D
dexdev2017-01-14 17:26:11
How to use OpenSSL version 1.0.1 in ubuntu 16.04 if 1.0.2 is embedded? 1Reply
E
exxagw2017-01-16 02:41:02
How to restart nodejs? 2Reply
I
iBird Rose2019-06-11 01:37:43
Artifacts and display offset in htop? 1Reply
_
_umr2017-01-20 17:23:38
How to correctly end shh session in DigitalOcean? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question