can someone explain what is this

[bengji]

im getting this in my email evryday on the logwach is someone try to hack my server how can prevent this attack... thax,,

evryday email:


################### LogWatch 4.3.2 (02/18/03) ####################
Processing Initiated: Sun May 14 04:02:04 2006
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: *********.com
################################################################

--------------------- Named Begin ------------------------

**Unmatched Entries**
client 216.47.160.12 error sending response: host unreachable: 1
Time(s)
client 64.15.129.77 error sending response: host unreachable: 1
Time(s)

---------------------- Named End -------------------------


--------------------- pam_unix Begin ------------------------

sshd:
Invalid Users:
Unknown Account: 627 Time(s)
Authentication Failures:
ftp (backbone.oops.net.br ): 3 Time(s)
mail (crops.spectrumanalytic.com ): 1 Time(s)
adm (backbone.oops.net.br ): 3 Time(s)
games (backbone.oops.net.br ): 3 Time(s)
unknown (backbone.oops.net.br ): 279 Time(s)
unknown (221.158.91.46 ): 35 Time(s)
rpm (backbone.oops.net.br ): 2 Time(s)
news (backbone.oops.net.br ): 3 Time(s)
mysql (backbone.oops.net.br ): 5 Time(s)
mysql (221.158.91.46 ): 2 Time(s)
unknown (202.152.39.28 ): 7 Time(s)
operator (backbone.oops.net.br ): 2 Time(s)
mail (backbone.oops.net.br ): 3 Time(s)
unknown (211.221.246.22 ): 228 Time(s)
sshd (backbone.oops.net.br ): 2 Time(s)
ident (backbone.oops.net.br ): 3 Time(s)
nobody (backbone.oops.net.br ): 3 Time(s)
mysql (crops.spectrumanalytic.com ): 1 Time(s)
unknown (crops.spectrumanalytic.com ): 78 Time(s)


---------------------- pam_unix End -------------------------


--------------------- Connections (secure-log) Begin
------------------------


**Unmatched Entries**
userhelper[21031]: pam_timestamp: updated timestamp file
`/var/run/sudo/root/unknown'
userhelper[21034]: running '/usr/sbin/up2date --nox -u' with root
privileges on behalf of 'root'

---------------------- Connections (secure-log) End
-------------------------


--------------------- SSHD Begin ------------------------


Failed logins from these:
Aaliyah/password from 201.54.174.254: 2 Time(s)
Aaron/password from 201.54.174.254: 2 Time(s)
Aba/password from 201.54.174.254: 2 Time(s)
Abel/password from 201.54.174.254: 2 Time(s)
Exit/password from 201.54.174.254: 1 Time(s)
Ionut/password from 201.54.174.254: 2 Time(s)
Jewel/password from 201.54.174.254: 2 Time(s)
Zmeu/password from 201.54.174.254: 2 Time(s)
adam/password from 201.54.174.254: 3 Time(s)
add/password from 201.54.174.254: 2 Time(s)
adine/password from 202.152.39.28: 1 Time(s)
adine/password from 216.29.108.68: 1 Time(s)
adm/password from 201.54.174.254: 3 Time(s)
admin/password from 201.54.174.254: 21 Time(s)
admin/password from 202.152.39.28: 1 Time(s)
admin/password from 216.29.108.68: 1 Time(s)
admin/password from 221.158.91.46: 4 Time(s)
admin1/password from 211.221.246.22: 33 Time(s)
administrator/password from 202.152.39.28: 1 Time(s)
administrator/password from 216.29.108.68: 1 Time(s)
admins/password from 201.54.174.254: 4 Time(s)
adrian/password from 201.54.174.254: 2 Time(s)
adrian/password from 221.158.91.46: 2 Time(s)
ahmed/password from 216.29.108.68: 1 Time(s)
alan/password from 201.54.174.254: 3 Time(s)
alan/password from 216.29.108.68: 1 Time(s)
alan/password from 221.158.91.46: 2 Time(s)
albert/password from 216.29.108.68: 1 Time(s)
alberto/password from 216.29.108.68: 1 Time(s)
alex/password from 201.54.174.254: 3 Time(s)
alex/password from 216.29.108.68: 1 Time(s)
alfred/password from 216.29.108.68: 1 Time(s)
ali/password from 216.29.108.68: 1 Time(s)
alice/password from 216.29.108.68: 1 Time(s)
alicia/password from 221.158.91.46: 1 Time(s)
alina/password from 201.54.174.254: 1 Time(s)
allan/password from 216.29.108.68: 1 Time(s)
amanda/password from 201.54.174.254: 2 Time(s)
Illegal user administrator from 202.152.39.28
Illegal user jack from 202.152.39.28
Illegal user marvin from 202.152.39.28
Illegal user andres from 202.152.39.28
Illegal user barbara from 202.152.39.28
Illegal user adine from 202.152.39.28

---------------------- SSHD End -------------------------



------------------ Disk Space --------------------

Filesystem Size Used Avail Use% Mounted on
/dev/hda3 75G 18G 53G 26% /
/dev/hda1 99M 15M 79M 16% /boot
none 497M 0 497M 0% /dev/shm
/usr/tmpDSK 485M 9.2M 451M 3% /tmp
/tmp 485M 9.2M 451M 3% /var/tmp


###################### LogWatch End #########################

[Lyttek]

aside from disabling SSH, which you don't really want to do, is to change the port number from 22 to something else. This won't prevent the attacks, but make it less likely they'll find the right port.

It is, unfortunately, a normal occurance.

[bengji]

i have another problem now.. i changed the port 12345 but b4 i did that i forgot to enable that port on the apf firewall now im locked out of ssh..

do u know how can i get to ssh is ther anyway i can disable or change the port through whm... i dont know wat to do...

[avijit]

Contact the NOC support so that they can either add the port to your firewall or can change the sshd back to the regular one. Unless they do that for you locally, none can ssh into the server.

As far as preventing the bruteforcing goes, you need to install APF/BFD and tweak them as per the rule you want.

[rhenderson]

i have another problem now.. i changed the port 12345 but b4 i did that i forgot to enable that port on the apf firewall now im locked out of ssh..

do u know how can i get to ssh is ther anyway i can disable or change the port through whm... i dont know wat to do...

Well at least the potential hacker is locked out as well
(Hope you get that fixed)

I have BFD installed and it works well, but after changing our port number we have only had 1 attempt in the last year. We left BFD running "just in case" but is has not had much work.

For future reference you could see Chirpy and get the File Manager/Console ($15) and if you had it installed you could have editted the ssh conf file or the apf file via WHM and unlocked yourself. A thought for a backup plan for "next time".

Good luck