Absolutely gone

Found now in logs of some psycho who breaks on my server from the domain mail.cp.government.bg

user139:/var/log# netstat -a | grep mail.cp
    

      
      
      
    

  tcp 0 0 user139.host.ru:ssh mail.cp.governmen:46226 TIME_WAIT
    

      
      
      
    

  tcp 16 0 user139.host.ru:ssh mail.cp.governmen:47154 ESTABLISHED
    

      
      
      
    

  
    

      
      
      
    

  user139:/var/log# cat auth.log | grep 'government.bg' | wc -l
    

      
      
      
    

  465
    

      
      
      
    

  
    

      
      
      
    

  Mar 20 23:41:24 user139 sshd[9733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.cp.government.bg

And what to do with this abnormal?

Source: https://habr.com/ru/post/55101/

All Articles

Absolutely gone

More articles: