Logwatch report

[acegames]

Hello I received a log watch report this morning and found all these entries from the same ip , can anyone explain what it is please :

**Unmatched Entries**
Invalid user rfmngr from ::ffff:200.248.97.3
input_userauth_request: invalid user rfmngr
Failed password for invalid user rfmngr from ::ffff:200.248.97.3 port 37946 ssh2
Invalid user sales from ::ffff:200.248.97.3
input_userauth_request: invalid user sales
Failed password for invalid user sales from ::ffff:200.248.97.3 port 38069 ssh2
Invalid user recruit from ::ffff:200.248.97.3
input_userauth_request: invalid user recruit
Failed password for invalid user recruit from ::ffff:200.248.97.3 port 38185 ssh2
Invalid user alias from ::ffff:200.248.97.3
input_userauth_request: invalid user alias


Plus a lot more

Kind regards
Dave

[dalem]

that IP is brute forcing SSH

best to move your ssh port to a higher unused port and use some brute force detection

[acegames]

Thankyou for the quick reply , I am new to this could you explain in detail how I can do that please

[rubr]

I also got hundreds of this today:

Invalid user www from ::ffff:84.244.161.38
input_userauth_request: invalid user www
Invalid user www from ::ffff:84.244.161.38
input_userauth_request: invalid user www
Invalid user www from ::ffff:84.244.161.38
input_userauth_request: invalid user www
Failed password for invalid user www from ::ffff:84.244.161.38 port 4136 ssh2
Failed password for invalid user www from ::ffff:84.244.161.38 port 3065 ssh2
Failed password for invalid user www from ::ffff:84.244.161.38 port 3852 ssh2