1 |
> In my ssh logs this morning I noticed a couple login attempts with |
2 |
> usenames on them... I've never seen that before. It is usually just an |
3 |
> IP address. |
4 |
> |
5 |
> Mar 18 20:19:48 [sshd] refused connect from |
6 |
> postmaster@×××××××××××××××××××.co |
7 |
> Mar 18 23:42:44 [sshd] refused connect from 211.116.136.107 |
8 |
> Mar 18 23:44:44 [sshd] refused connect from |
9 |
> [U2FsdGVkX19g32YZVKMsQkl+mouWITILOicY4Iq9OQo=]@211.116.136.107 |
10 |
> Mar 19 02:41:09 [sshd] refused connect from 221.194.128.66 |
11 |
> |
12 |
> weird... maybe the bad guys are up to something new. |
13 |
|
14 |
I'd say they've just made a mistake in their DNS config (or maybe used a wildcard record), and set the PTR record to be postmaster@×××××××××××××××××××.co instead of a hostname. I'm assuming the reason you usually see IP addresses is that there is no PTR record set for that IP.... |
15 |
|
16 |
Are you running Fail2ban or similar? |
17 |
|
18 |
Rgs, |
19 |
Adam |