Should I worry?

2025-04-10

I'm a novice dedicated server owner....

Today, I find this waiting for me:

-----------------------------------------------------------------------------------

The following are event logs for exceeded login failures from 146.141.27.43 (all time stamps are GMT -0500):
----
- Executed actions:
/etc/apf/apf -d 146.141.27.43

- Log events from /var/log/secure:
Sep 2 10:52:22 rincewind sshd[16477]: Illegal user test from 146.141.27.43
Sep 2 10:52:23 rincewind sshd[16473]: Illegal user test from 146.141.27.43
Sep 2 10:52:25 rincewind sshd[16476]: Illegal user test from 146.141.27.43
Sep 2 10:52:26 rincewind sshd[16473]: Failed password for illegal user test from 146.141.27.43 port 38184 ssh2
Sep 2 10:52:26 rincewind sshd[16477]: Failed password for illegal user test from 146.141.27.43 port 38202 ssh2
Sep 2 10:52:27 rincewind sshd[16475]: Illegal user test from 146.141.27.43
Sep 2 10:52:28 rincewind sshd[16476]: Failed password for illegal user test from 146.141.27.43 port 38199 ssh2
Sep 2 10:52:29 rincewind sshd[16475]: Failed password for illegal user test from 146.141.27.43 port 38198 ssh2
Sep 2 10:52:30 rincewind sshd[16483]: Illegal user guest from 146.141.27.43
Sep 2 10:52:30 rincewind sshd[16482]: Illegal user guest from 146.141.27.43
Sep 2 10:52:32 rincewind sshd[16486]: Illegal user guest from 146.141.27.43
Sep 2 10:52:32 rincewind sshd[16483]: Failed password for illegal user guest from 146.141.27.43 port 38306 ssh2
Sep 2 10:52:32 rincewind sshd[16482]: Failed password for illegal user guest from 146.141.27.43 port 38305 ssh2
Sep 2 10:52:34 rincewind sshd[16486]: Failed password for illegal user guest from 146.141.27.43 port 38324 ssh2
Sep 2 10:52:36 rincewind sshd[16491]: Illegal user admin from 146.141.27.43
Sep 2 10:52:38 rincewind sshd[16490]: Illegal user admin from 146.141.27.43
Sep 2 10:52:39 rincewind sshd[16491]: Failed password for illegal user admin from 146.141.27.43 port 38408 ssh2
Sep 2 10:52:40 rincewind sshd[16490]: Failed password for illegal user admin from 146.141.27.43 port 38407 ssh2
Sep 2 10:52:41 rincewind sshd[16495]: Illegal user admin from 146.141.27.43
Sep 2 10:52:43 rincewind sshd[16495]: Failed password for illegal user admin from 146.141.27.43 port 38423 ssh2
Sep 2 10:52:45 rincewind sshd[16498]: Illegal user admin from 146.141.27.43
Sep 2 10:52:45 rincewind sshd[16499]: Illegal user admin from 146.141.27.43
Sep 2 10:52:47 rincewind sshd[16503]: Illegal user admin from 146.141.27.43
Sep 2 10:52:48 rincewind sshd[16498]: Failed password for illegal user admin from 146.141.27.43 port 38512 ssh2
Sep 2 10:52:48 rincewind sshd[16499]: Failed password for illegal user admin from 146.141.27.43 port 38515 ssh2
Sep 2 10:52:50 rincewind sshd[16503]: Failed password for illegal user admin from 146.141.27.43 port 38560 ssh2
Sep 2 10:52:52 rincewind sshd[16505]: Illegal user user from 146.141.27.43
Sep 2 10:52:52 rincewind sshd[16506]: Illegal user user from 146.141.27.43
Sep 2 10:52:54 rincewind sshd[16505]: Failed password for illegal user user from 146.141.27.43 port 38632 ssh2
Sep 2 10:52:54 rincewind sshd[16506]: Failed password for illegal user user from 146.141.27.43 port 38634 ssh2
Sep 2 10:52:55 rincewind sshd[16509]: Illegal user user from 146.141.27.43
Sep 2 10:52:57 rincewind sshd[16509]: Failed password for illegal user user from 146.141.27.43 port 38664 ssh2
Sep 2 10:53:00 rincewind sshd[16511]: Failed password for root from 146.141.27.43 port 38735 ssh2
Sep 2 10:53:03 rincewind sshd[16513]: Failed password for root from 146.141.27.43 port 38760 ssh2
Sep 2 10:53:03 rincewind sshd[16515]: Failed password for root from 146.141.27.43 port 38780 ssh2
Sep 2 10:53:10 rincewind sshd[16517]: Failed password for root from 146.141.27.43 port 38873 ssh2
Sep 2 10:53:11 rincewind sshd[16524]: Failed password for root from 146.141.27.43 port 38850 ssh2
Sep 2 10:53:12 rincewind sshd[16529]: Failed password for root from 146.141.27.43 port 38862 ssh2
Sep 2 10:53:16 rincewind sshd[16531]: Failed password for root from 146.141.27.43 port 38973 ssh2
Sep 2 10:53:18 rincewind sshd[16537]: Failed password for root from 146.141.27.43 port 39010 ssh2
Sep 2 10:53:19 rincewind sshd[16533]: Failed password for root from 146.141.27.43 port 38992 ssh2
Sep 2 10:53:20 rincewind sshd[16539]: Illegal user test from 146.141.27.43
Sep 2 10:53:22 rincewind sshd[16539]: Failed password for illegal user test from 146.141.27.43 port 39074 ssh2
Sep 2 10:53:24 rincewind sshd[16544]: Illegal user test from 146.141.27.43
Sep 2 10:53:25 rincewind sshd[16542]: Illegal user test from 146.141.27.43
Sep 2 10:53:26 rincewind sshd[16544]: Failed password for illegal user test from 146.141.27.43 port 39154 ssh2
Sep 2 10:53:26 rincewind sshd[16546]: Illegal user test from 146.141.27.43
Sep 2 10:53:28 rincewind sshd[16542]: Failed password for illegal user test from 146.141.27.43 port 39135 ssh2
Sep 2 10:53:29 rincewind sshd[16546]: Failed password for illegal user test from 146.141.27.43 port 39207 ssh2
Sep 2 10:53:31 rincewind sshd[16549]: Illegal user test from 146.141.27.43
Sep 2 10:53:33 rincewind sshd[16549]: Failed password for illegal user test from 146.141.27.43 port 39268 ssh2
Sep 2 10:53:36 rincewind sshd[16551]: Illegal user test from 146.141.27.43
Sep 2 10:53:37 rincewind sshd[16555]: Illegal user test from 146.141.27.43
Sep 2 10:53:38 rincewind sshd[16553]: Illegal user test from 146.141.27.43
Sep 2 10:53:38 rincewind sshd[16551]: Failed password for illegal user test from 146.141.27.43 port 39291 ssh2
Sep 2 10:53:40 rincewind sshd[16555]: Failed password for illegal user test from 146.141.27.43 port 39403 ssh2
Sep 2 10:53:41 rincewind sshd[16553]: Failed password for illegal user test from 146.141.27.43 port 39330 ssh2
Sep 2 10:53:45 rincewind sshd[16559]: Illegal user test from 146.141.27.43
Sep 2 10:53:47 rincewind sshd[16559]: Failed password for illegal user test from 146.141.27.43 port 39548 ssh2
Sep 2 10:53:54 rincewind sshd[16561]: Failed password for root from 146.141.27.43 port 39684 ssh2
Sep 2 10:54:00 rincewind sshd[16563]: Failed password for root from 146.141.27.43 port 39795 ssh2
Sep 2 10:54:06 rincewind sshd[16565]: Failed password for root from 146.141.27.43 port 39913 ssh2
Sep 2 10:54:12 rincewind sshd[16568]: Failed password for root from 146.141.27.43 port 40032 ssh2
Sep 2 10:54:19 rincewind sshd[16577]: Failed password for root from 146.141.27.43 port 40134 ssh2
Sep 2 10:54:29 rincewind sshd[16579]: Failed password for root from 146.141.27.43 port 40244 ssh2
----------------------------------------------------------------------------

1. Would you guys (and gals) be worried about something like this? Or is it like a novice computer user getting a "virus found! and cleaned" notice -- that is, the system worked, no worried, this happens?

2. If you'd worry, is there anything you'd recommend I do?

I'm definately open to advice -- I have followed several server-securing tips and tricks I've found here... But I don't knwo what's important yet... For instance, I do have APF running... Few other things... I installed Mailscanner (not exactly security related), found that I'd have to tweak Exim too much, and decided to uninstall at the moment...

I'm a novice, but I do want my server to be up as much as possible, as I'm hosting friends and a very few semi-pro websites (organizations, rather than businesses...)

Again, thank you in advance for any advice you may have!

-i