Password sweep on my servers.....
Here is an example.
Mar 26 03:40:30 server7 sshd[10237]: Failed password for illegal user frank from 218.1.127.170 port 13177 ssh2
Mar 26 03:40:33 server7 sshd[10241]: Illegal user george from 218.1.127.170
Mar 26 03:40:33 server7 sshd[10241]: error: Could not get shadow information for NOUSER
Mar 26 03:40:33 server7 sshd[10241]: Failed password for illegal user george from 218.1.127.170 port 14299 ssh2
Mar 26 03:40:37 server7 sshd[10244]: Illegal user henry from 218.1.127.170
Mar 26 03:40:37 server7 sshd[10244]: error: Could not get shadow information for NOUSER
Mar 26 03:40:37 server7 sshd[10244]: Failed password for illegal user henry from 218.1.127.170 port 13577 ssh2
Mar 26 03:40:40 server7 sshd[10246]: Illegal user john from 218.1.127.170
Mar 26 03:40:40 server7 sshd[10246]: error: Could not get shadow information for NOUSER
Mar 26 03:40:40 server7 sshd[10246]: Failed password for illegal user john from 218.1.127.170 port 13637 ssh2
Mar 26 03:40:44 server7 sshd[10249]: Failed password for root from 218.1.127.170 port 15989 ssh2
Mar 26 03:40:47 server7 sshd[10253]: Failed password for root from 218.1.127.170 port 14522 ssh2
Mar 26 03:40:52 server7 sshd[10275]: Failed password for root from 218.1.127.170 port 15284 ssh2
Mar 26 03:40:55 server7 sshd[10277]: Failed password for root from 218.1.127.170 port 12890 ssh2
Mar 26 03:40:58 server7 sshd[10279]: Failed password for root from 218.1.127.170 port 12792 ssh2
Mar 26 03:40:33 server7 sshd[10241]: Illegal user george from 218.1.127.170
Mar 26 03:40:33 server7 sshd[10241]: error: Could not get shadow information for NOUSER
Mar 26 03:40:33 server7 sshd[10241]: Failed password for illegal user george from 218.1.127.170 port 14299 ssh2
Mar 26 03:40:37 server7 sshd[10244]: Illegal user henry from 218.1.127.170
Mar 26 03:40:37 server7 sshd[10244]: error: Could not get shadow information for NOUSER
Mar 26 03:40:37 server7 sshd[10244]: Failed password for illegal user henry from 218.1.127.170 port 13577 ssh2
Mar 26 03:40:40 server7 sshd[10246]: Illegal user john from 218.1.127.170
Mar 26 03:40:40 server7 sshd[10246]: error: Could not get shadow information for NOUSER
Mar 26 03:40:40 server7 sshd[10246]: Failed password for illegal user john from 218.1.127.170 port 13637 ssh2
Mar 26 03:40:44 server7 sshd[10249]: Failed password for root from 218.1.127.170 port 15989 ssh2
Mar 26 03:40:47 server7 sshd[10253]: Failed password for root from 218.1.127.170 port 14522 ssh2
Mar 26 03:40:52 server7 sshd[10275]: Failed password for root from 218.1.127.170 port 15284 ssh2
Mar 26 03:40:55 server7 sshd[10277]: Failed password for root from 218.1.127.170 port 12890 ssh2
Mar 26 03:40:58 server7 sshd[10279]: Failed password for root from 218.1.127.170 port 12792 ssh2
But are there any way for me to be alerted when there are like X number of failed tries as a whole?
Or how do you guys combat this?
All my servers have unique letter/numeric passwords that even I could not remember personally....
Any other tips?
Thanks
