ZoneMinder Forums

ZoneMinder Forums
https://forums.zoneminder.com/

My installation of zoneminder got attacked today!

https://forums.zoneminder.com/viewtopic.php?t=5960

Page 1 of 1

My installation of zoneminder got attacked today!

Posted: Sun Apr 02, 2006 9:15 pm
by michaelng
Look at the log below, there are hundreds of entries like it. I can't believe it. I had to shut down my ssh server. Is there a way for me to limit access by ip address?




Apr 2 06:11:05 zm sshd[20312]: Invalid user library from 139.18.18.4
Apr 2 06:11:05 zm sshd[20312]: error: Could not get shadow information for NOUSER
Apr 2 06:11:05 zm sshd[20312]: Failed password for invalid user library from 139.18.18.4 port 53250 ssh2
Apr 2 06:11:07 zm sshd[20320]: Invalid user brett from 139.18.18.4
Apr 2 06:11:07 zm sshd[20320]: error: Could not get shadow information for NOUSER
Apr 2 06:11:07 zm sshd[20320]: Failed password for invalid user brett from 139.18.18.4 port 53854 ssh2
Apr 2 06:11:08 zm sshd[20325]: Invalid user bret from 139.18.18.4
Apr 2 06:11:08 zm sshd[20325]: error: Could not get shadow information for NOUSER
Apr 2 06:11:08 zm sshd[20325]: Failed password for invalid user bret from 139.18.18.4 port 54431 ssh2
Apr 2 06:11:10 zm sshd[20330]: Invalid user demo from 139.18.18.4
Apr 2 06:11:10 zm sshd[20330]: error: Could not get shadow information for NOUSER
Apr 2 06:11:10 zm sshd[20330]: Failed password for invalid user demo from 139.18.18.4 port 55017 ssh2
Apr 2 06:11:11 zm sshd[20338]: Invalid user grace from 139.18.18.4
Apr 2 06:11:11 zm sshd[20338]: error: Could not get shadow information for NOUSER
Apr 2 06:11:11 zm sshd[20338]: Failed password for invalid user grace from 139.18.18.4 port 55596 ssh2
Apr 2 06:11:13 zm sshd[20343]: Invalid user demo from 139.18.18.4
Apr 2 06:11:13 zm sshd[20343]: error: Could not get shadow information for NOUSER
Apr 2 06:11:13 zm sshd[20343]: Failed password for invalid user demo from 139.18.18.4 port 56188 ssh2
Apr 2 06:11:14 zm sshd[20348]: Invalid user demo from 139.18.18.4
Apr 2 06:11:14 zm sshd[20348]: error: Could not get shadow information for NOUSER
Apr 2 06:11:14 zm sshd[20348]: Failed password for invalid user demo from 139.18.18.4 port 56770 ssh2
Apr 2 06:11:16 zm sshd[20356]: Invalid user paul from 139.18.18.4

Posted: Sun Apr 02, 2006 11:01 pm
by zoneminder
I would do at least three things

1) Make sure you are all up to date with patches and don't have any obvious passwords etc, basic stuff
2) Configure you sshd to listen on a port other than 22, say 6589, which will prevent all but the most determined (and targetted) attacker

and/or

3) Use denyhosts (http://denyhosts.sourceforge.net/) top clamp down on any miscreants before they can (usually) do any damage.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited