Hello,
I am not sure if I am under attack but take a look at my auth.log using the command
To clarify, I have disabled root login and it seems that the intruder is failing to sign in, however I have a rather restrictive firewall and was trying to figure out if by having the root login disabled that perhaps a cron job or ANYTHING might be causing this problem. Please let me know. (I say cron because you will notice the timing of the 'attacks')
I am not sure if I am under attack but take a look at my auth.log using the command
Code:
sudo cat auth.log | grep UNKNOWN
To clarify, I have disabled root login and it seems that the intruder is failing to sign in, however I have a rather restrictive firewall and was trying to figure out if by having the root login disabled that perhaps a cron job or ANYTHING might be causing this problem. Please let me know. (I say cron because you will notice the timing of the 'attacks')
Code:
Dec 14 03:02:06 mercury nologin: Attempted login by root on UNKNOWN
Dec 15 03:02:08 mercury nologin: Attempted login by root on UNKNOWN
Dec 16 03:02:07 mercury nologin: Attempted login by root on UNKNOWN
Dec 17 03:02:18 mercury nologin: Attempted login by root on UNKNOWN
Dec 18 03:02:06 mercury nologin: Attempted login by root on UNKNOWN
Dec 19 03:02:07 mercury nologin: Attempted login by root on UNKNOWN
Dec 19 04:15:00 mercury nologin: Attempted login by root on UNKNOWN
Dec 20 03:02:07 mercury nologin: Attempted login by root on UNKNOWN
Dec 21 03:02:07 mercury nologin: Attempted login by root on UNKNOWN
Dec 22 03:02:06 mercury nologin: Attempted login by root on UNKNOWN
Dec 23 03:02:09 mercury nologin: Attempted login by root on UNKNOWN
Dec 24 03:02:06 mercury nologin: Attempted login by root on UNKNOWN
Dec 25 03:02:31 mercury nologin: Attempted login by root on UNKNOWN
Dec 26 03:02:22 mercury nologin: Attempted login by root on UNKNOWN
Dec 26 04:15:01 mercury nologin: Attempted login by root on UNKNOWN
Dec 27 03:02:25 mercury nologin: Attempted login by root on UNKNOWN