0

I have a ubuntu server running, just a small project. My auth.log file is 22mb big and it is full of stuff like:

Failed password for invalid user milka from **** port **** ssh2
Received disconnect from **** port ****: Bye Bye [preauth]
Disconnected from invalid user milka **** port **** [preauth]
Invalid user root1 from **** port *****
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; *****

The ***** mean that in the log file is stuff I'm not sure if I can post it without security risks.

What does the logs mean?? Do someone try to hack me???

Please help :(

EDIT: the entrys started 3 days ago and the attack run constantly since that

Sven
  • 123
  • Yes, intruders are trying to guess your password. This is why we generally recommend key-based security for ssh over password. Humans tend to create memorable passwords, which are also tend to be fairly easy to guess. Good on you for spotting the problem! – user535733 Jul 02 '20 at 19:08
  • F****!!! Is this normal that some guys try to hack you even if your website is tiny??? – Sven Jul 02 '20 at 19:10
  • 1
    Yes. That's normal. Port 22 on one of my servers gets 3-10 random attempts every hour...and there's not even an SSH server there! The bad guys try every possible network address (there's a finite number of them) looking for SSH servers, and when they find one that responds, they keep trying until they get in. Password protected servers are like chocolate - irresistible and the first bite is glorious. Expect the number of intrusion attempts to increase rapidly as they start dictionary attacks to guess your password every second of the day and night. Harden your server now. – user535733 Jul 02 '20 at 19:13
  • Weird world isn' it... Thank you for your help! One last question: Is it bad for my server or my server speed if these guys keep trying to get in? – Sven Jul 02 '20 at 19:19
  • 2
    Generally it's not bad for the (hardened) server. Windows of your car keep mosquitoes outside, it's not bad for the windows. – user535733 Jul 02 '20 at 19:23

0 Answers0