It’s Official

I think I’m officially a geek now. I got my first black computer. 😉 It has a multicolored blinking lights on the inside and everything.

… then again its just some (really nice assuming everything works) old junker that a family member was getting rid of and not one I built myself.

Oh well. I’ll swap out a drive or something and take all the credit. (That’s just as good, right? :-P)

Hack Attempt


Dec 2 14:19:52 myHostname sshd[8843]: Did not receive identification string from someip
Dec 2 14:20:31 myHostname sshd[8846]: Invalid user fluffy from someip
Dec 2 14:20:33 myHostname sshd[8848]: Invalid user admin from someip
Dec 2 14:20:35 myHostname sshd[8850]: Invalid user test from someip
Dec 2 14:20:38 myHostname sshd[8853]: Invalid user guest from someip
Dec 2 14:20:41 myHostname sshd[8855]: Invalid user webmaster from someip
Dec 2 14:20:46 myHostname sshd[8859]: Invalid user oracle from someip
Dec 2 14:20:48 myHostname sshd[8861]: Invalid user library from someip
Dec 2 14:20:52 myHostname sshd[8863]: Invalid user info from someip
Dec 2 14:20:54 myHostname sshd[8865]: Invalid user shell from someip
Dec 2 14:20:57 myHostname sshd[8867]: Invalid user linux from someip
Dec 2 14:20:59 myHostname sshd[8869]: Invalid user unix from someip
Dec 2 14:21:02 myHostname sshd[8871]: Invalid user webadmin from someip
... more like this ...


So that’s what a brute force attack on an SSH server looks like! 😉

Fortunately, I took time to read and secure the SSH as best I know how and no damage appears to be done. (If the output of less can be trusted) There were only two real attacks.

All in all I learned from the whole thing. I should probably start getting into the habit of reading my logs, and I learned a couple of user names not to use. (my favorites being fluffy, gopher, and Zmeu) I think I also want to look for an ipchains rule to limit access to only IP addresses in my state.