Thirty Helens Agree

It seems like I’m not alone in experiencing the uptick in the SSH Brute Force attacks people have been seeing. Check it out:

12:57:35 homer sshd(pam_unix)[14721]: session closed for user root
12:57:36 homer sshd(pam_unix)[14730]: session opened for user root by (uid=0)
12:57:36 homer sshd(pam_unix)[14730]: session closed for user root
12:57:37 homer sshd(pam_unix)[14739]: session opened for user root by (uid=0)
12:57:38 homer sshd(pam_unix)[14739]: session closed for user root
12:57:39 homer sshd(pam_unix)[14748]: session opened for user root by (uid=0)
12:57:39 homer sshd(pam_unix)[14748]: session closed for user root
12:57:40 homer sshd(pam_unix)[14757]: session opened for user root by (uid=0)
12:57:41 homer sshd(pam_unix)[14757]: session closed for user root
12:57:48 homer sshd(pam_unix)[14772]: session opened for user root by (uid=0)
12:57:49 homer sshd(pam_unix)[14772]: session closed for user root
12:57:50 homer sshd(pam_unix)[14786]: session opened for user root by (uid=0)
01:10:41 homer sshd(pam_unix)[1037]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.160.20.130
01:10:42 homer sshd(pam_unix)[1038]: check pass; user unknown
01:10:42 homer sshd(pam_unix)[1038]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.160.20.130
01:10:48 homer sshd(pam_unix)[1057]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.160.20.130 user=mysql
01:10:49 homer sshd(pam_unix)[1086]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.160.20.130 user=mysql
01:10:52 homer sshd(pam_unix)[1097]: check pass; user unknown
01:10:52 homer sshd(pam_unix)[1097]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.160.20.130
01:10:59 homer sshd(pam_unix)[1118]: check pass; user unknown
01:10:59 homer sshd(pam_unix)[1118]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.160.20.130
01:10:59 homer sshd(pam_unix)[1116]: check pass; user unknown
01:10:59 homer sshd(pam_unix)[1116]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.160.20.130

Notice they are trying various usernames to try and find a way in. I’ve been poking around and there doesn’t seem to be a known attach on SSH other than brute force like this. Time to beef up my passwords.