someone is scanning my server
i recieved 107 email from my Broute Force Dection software this morning, it reported someone is trying to use different combination of user name and password to get into my server.
all emails are showing something like below except the user name they tried to get in is different.
Jun 6 04:43:38 apple sshd[9215]: Illegal user support from 211.48.20.163
Jun 6 04:43:40 sv2 sshd[9209]: Failed password for illegal user support from
211.48.20.163 port 58502 ssh2
Jun 6 04:43:40 sv2 sshd[9209]: Failed password for illegal user support from
211.48.20.163 port 58502 ssh2
--------------------- SSHD Begin ------------------------
Argument "fw1" isn't numeric in numeric comparison (<=>) at
/etc/log.d//lib/Logwatch.pm line 233, <STDIN> line 39.
Argument "3essentials" isn't numeric in numeric comparison (<=>) at
/etc/log.d//lib/Logwatch.pm line 233, <STDIN> line 39.
Argument "fw1" isn't numeric in numeric comparison (<=>) at
/etc/log.d//lib/Logwatch.pm line 233, <STDIN> line 39.
Argument "3essentials" isn't numeric in numeric comparison (<=>) at
/etc/log.d//lib/Logwatch.pm line 233, <STDIN> line 39.
Scanned from these:
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
**Unmatched Entries**
sshd -HUP succeeded
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
fw1.3essentials.com (66.179.167.245)
**Unmatched Entries**
sshd -HUP succeeded
btw, 3essentials.com is a web hosting company as well, is it alright a host scan another host?
