The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Failed Login - Illegal User

Discussion in 'General Discussion' started by DavidR, Jan 31, 2005.

  1. DavidR

    DavidR Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    What is the difference between these? Below is a snipped from my logwatch:

    --------------------- SSHD Begin ------------------------


    Failed logins from these:
    admin/password from 162.105.161.236: 6 Time(s)
    guest/password from 162.105.161.236: 3 Time(s)
    root/password from 162.105.161.236: 9 Time(s)
    test/password from 162.105.161.236: 6 Time(s)
    user/password from 162.105.161.236: 3 Time(s)

    Illegal users from these:
    admin/none from 162.105.161.236: 6 Time(s)
    admin/password from 162.105.161.236: 6 Time(s)
    guest/none from 162.105.161.236: 3 Time(s)
    guest/password from 162.105.161.236: 3 Time(s)
    test/none from 162.105.161.236: 6 Time(s)
    test/password from 162.105.161.236: 6 Time(s)
    user/none from 162.105.161.236: 3 Time(s)
    user/password from 162.105.161.236: 3 Time(s)

    So what is the difference between these groups?

    David
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Looks like the first list is the failed login attempts (i.e. tried to login but got the wrong password). The second list is as the first list, but it is listing the login attempts to accounts that do not exist on your server.
     
  3. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    I would put APF and BFD on to prevent someone from hacking in... See other threads here for info on where, etc.
     
  4. DavidR

    DavidR Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    Sounds good, but I don't think I have any accounts by the user names in the first batch, except for root of course. Am I missing something?

    I can't use APF because I am on a Virtuozzo VPS, however I do have BFD installed with the option BCMD="echo ALL:$ATT_HOST >> /etc/hosts.deny" instead of sending the info to APF. This worked exactly one time and now I can't make it work again no matter what I do. Is anyone else using this configuration of BFD?

    Thanks,

    David
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's tricky to explain. You'll notice that the difference between the two lists is that root is missing from the second list. So, the first list is showing all the attempted logins which failed, the second list shows all the attempted logins to accounts that do not exist.
     
Loading...

Share This Page