I have just setup my first private cloud storage server and have been running it for about a week.
But today I have logged on and noticed that there have been attempts to connect to it for about 4 days straight(with "grep "Failed password" /var/log/auth.log").
And the I went on to check the connected ips (with command "ss" which I found after a internet search), but now I am a bit lost as I am pretty new to linux and servers.
I dont know what the output of "ss" means, so I have shutdown the server because when I checked the ips to ssh which say ESTAB I found that these are ips from countries that shouldnt be connecting.
I would like to know whether that means that someone got into my server through ssh or if i should delete everything and start fresh. Advice on how to protect against this kinds of attacks would be greatly appreciated aswell.
Thanks in advance.
this is the output from ss:
Code:
tcp ESTAB 0 0 192.168.0.34:ssh 112.85.42.232:59819
tcp ESTAB 0 68 192.168.0.34:ssh 116.196.101.168:52198
tcp LAST-ACK 0 151 192.168.0.34:webmin 192.168.0.22:51048
tcp ESTAB 0 0 192.168.0.34:ssh 112.85.42.232:49362
tcp ESTAB 0 0 192.168.0.34:webmin 80.82.77.240:64344
tcp FIN-WAIT-1 0 1 192.168.0.34:ssh 112.85.42.232:59191
tcp FIN-WAIT-1 0 1 192.168.0.34:ssh 112.85.42.232:38961
tcp FIN-WAIT-1 0 1 192.168.0.34:ssh 112.85.42.232:32746
tcp ESTAB 0 68 192.168.0.34:ssh 31.184.254.198:50394
tcp FIN-WAIT-1 0 1 192.168.0.34:ssh 112.85.42.232:18654
tcp ESTAB 0 0 192.168.0.34:ssh 222.186.15.114:10575
tcp FIN-WAIT-1 0 1 192.168.0.34:ssh 112.85.42.232:60052
tcp ESTAB 0 0 192.168.0.34:ssh 112.85.42.232:61394
tcp ESTAB 0 0 192.168.0.34:webmin 104.152.52.24:51649
tcp ESTAB 0 0 192.168.0.34:ssh 112.85.42.232:49426
tcp ESTAB 0 68 192.168.0.34:ssh 46.101.103.207:34116
tcp ESTAB 0 0 192.168.0.34:webmin 157.230.90.160:43287
tcp ESTAB 0 0 192.168.0.34:ssh 112.85.42.232:29238
tcp FIN-WAIT-1 0 1 192.168.0.34:ssh 112.85.42.232:56932
tcp ESTAB 0 68 192.168.0.34:ssh 114.67.79.46:33334
tcp ESTAB 0 0 192.168.0.34:ssh 112.85.42.232:49804
snipet from auth.log:
Code:
Apr 8 20:43:06 nik-server sshd[1572]: Failed password for invalid user user from 106.12.2.81 port 56568 ssh2
Apr 8 20:43:08 nik-server sshd[1574]: Failed password for invalid user ts3bot from 61.74.180.44 port 41070 ssh2
Apr 8 20:43:13 nik-server sshd[1701]: Failed password for invalid user postgres from 157.230.2.208 port 54194 ssh2
Apr 8 20:43:17 nik-server sshd[1714]: Failed password for invalid user ubuntu from 106.13.140.52 port 55260 ssh2
Apr 8 20:43:26 nik-server sshd[1811]: Failed password for invalid user admin from 59.36.19.130 port 46904 ssh2
Apr 8 20:43:58 nik-server sshd[2303]: Failed password for invalid user test from 218.22.36.135 port 9984 ssh2
Apr 8 20:44:21 nik-server sshd[2679]: Failed password for invalid user sai from 142.93.239.197 port 41316 ssh2
Apr 8 20:44:51 nik-server sshd[3045]: Failed password for invalid user nas from 187.11.140.235 port 39754 ssh2
Apr 8 20:44:53 nik-server sshd[3087]: Failed password for invalid user root from 222.186.42.136 port 39624 ssh2
Apr 8 20:44:56 nik-server sshd[3177]: Failed password for invalid user ubuntu from 223.240.70.4 port 37838 ssh2
Apr 8 20:44:57 nik-server sshd[3087]: Failed password for invalid user root from 222.186.42.136 port 39624 ssh2
Apr 8 20:45:00 nik-server sshd[3087]: Failed password for invalid user root from 222.186.42.136 port 39624 ssh2
Apr 8 20:45:08 nik-server sshd[3314]: Failed password for invalid user oracle from 61.74.180.44 port 15713 ssh2
Apr 8 20:45:28 nik-server sshd[3754]: Failed password for invalid user kamal from 175.139.192.37 port 44290 ssh2
Apr 8 20:45:30 nik-server sshd[3756]: Failed password for invalid user roger from 61.175.121.76 port 57607 ssh2
Apr 8 20:46:09 nik-server sshd[4236]: Failed password for invalid user postgres from 218.22.36.135 port 9986 ssh2
Apr 8 20:46:20 nik-server sshd[4415]: Failed password for invalid user webmaster from 134.122.79.129 port 57482 ssh2
Apr 8 20:46:53 nik-server sshd[4779]: Failed password for invalid user andrew from 62.234.193.119 port 42650 ssh2
Apr 8 20:47:00 nik-server sshd[4833]: Failed password for invalid user ts3bot from 106.13.140.52 port 58646 ssh2
Apr 8 20:47:16 nik-server sshd[5042]: Failed password for invalid user coin from 116.196.101.168 port 41896 ssh2
Apr 8 20:47:16 nik-server sshd[5047]: Failed password for invalid user test2 from 220.178.75.153 port 42260 ssh2
Apr 8 20:47:26 nik-server sshd[5177]: Failed password for invalid user ts3bot from 163.239.206.113 port 42734 ssh2
Apr 8 20:47:34 nik-server sshd[5272]: Failed password for invalid user sshvpn from 89.154.4.249 port 44878 ssh2
Apr 8 20:47:38 nik-server sshd[5318]: Failed password for invalid user postgres from 187.11.140.235 port 34530 ssh2
Apr 8 20:47:43 nik-server sshd[5373]: Failed password for invalid user toro from 142.93.239.197 port 50828 ssh2
Apr 8 20:47:50 nik-server sshd[5420]: Failed password for invalid user admin from 82.148.30.250 port 36964 ssh2
Apr 8 20:47:54 nik-server sshd[5515]: Failed password for invalid user user from 45.33.81.143 port 43678 ssh2
Apr 8 20:47:59 nik-server sshd[5565]: Failed password for invalid user test from 175.139.192.37 port 51446 ssh2
Apr 8 20:48:27 nik-server sshd[5907]: Failed password for invalid user test from 223.240.70.4 port 37922 ssh2
Apr 8 20:48:58 nik-server sshd[6232]: Failed password for invalid user deploy from 190.64.213.155 port 37884 ssh2
Apr 8 20:49:54 nik-server sshd[6890]: Failed password for invalid user root from 222.186.30.76 port 48056 ssh2
Apr 8 20:49:59 nik-server sshd[6890]: message repeated 2 times: [ Failed password for invalid user root from 222.186.30.76 port 48056 ssh2]
Apr 8 20:50:11 nik-server sshd[7107]: Failed password for invalid user deploy from 31.184.254.198 port 49888 ssh2
Apr 8 20:50:11 nik-server sshd[7143]: Failed password for invalid user jboss from 51.77.137.211 port 42114 ssh2
Apr 8 20:50:21 nik-server sshd[7248]: Failed password for invalid user mahesh from 62.234.193.119 port 44440 ssh2
Apr 8 20:50:24 nik-server sshd[7296]: Failed password for invalid user postgres from 183.134.199.68 port 46185 ssh2
Apr 8 20:50:49 nik-server sshd[7661]: Failed password for invalid user ems from 163.239.206.113 port 34022 ssh2
Apr 8 20:51:08 nik-server sshd[7905]: Failed password for invalid user root from 157.230.2.208 port 49348 ssh2
Apr 8 20:51:25 nik-server sshd[8192]: Failed password for invalid user admin from 27.78.14.83 port 55816 ssh2
Apr 8 20:51:25 nik-server sshd[8194]: Failed password for invalid user squid from 116.105.216.179 port 51338 ssh2
Apr 8 20:51:26 nik-server sshd[8203]: Failed password for invalid user test from 27.78.14.83 port 51796 ssh2
Apr 8 20:51:27 nik-server sshd[8202]: Failed password for invalid user operator from 116.105.216.179 port 51868 ssh2
Apr 8 20:51:31 nik-server sshd[8266]: Failed password for invalid user git from 220.178.75.153 port 6363 ssh2
Apr 8 20:51:32 nik-server sshd[8308]: Failed password for invalid user postgres from 194.182.175.108 port 35972 ssh2
Apr 8 20:51:38 nik-server sshd[8359]: Failed password for invalid user deploy from 118.27.31.188 port 50070 ssh2
Apr 8 20:51:43 nik-server sshd[8410]: Failed password for invalid user lab from 128.199.169.102 port 49751 ssh2
Apr 8 20:51:56 nik-server sshd[8596]: Failed password for invalid user firebird from 162.243.10.64 port 37806 ssh2
Apr 8 20:52:07 nik-server sshd[8715]: Failed password for invalid user t7inst from 89.154.4.249 port 51860 ssh2
Apr 8 20:52:28 nik-server sshd[8942]: Failed password for invalid user root from 222.186.15.62 port 25058 ssh2
Apr 8 20:52:35 nik-server sshd[8942]: message repeated 2 times: [ Failed password for invalid user root from 222.186.15.62 port 25058 ssh2]
Apr 8 20:52:46 nik-server sshd[9140]: Failed password for invalid user test from 182.61.40.158 port 37208 ssh2
Apr 8 20:53:13 nik-server sshd[9468]: Failed password for invalid user gaurav from 183.134.199.68 port 36854 ssh2
Apr 8 20:53:28 nik-server sshd[9705]: Failed password for invalid user ftptest from 190.64.213.155 port 47420 ssh2
Apr 8 20:53:31 nik-server sshd[9789]: Failed password for invalid user test from 115.217.18.100 port 41643 ssh2
Bookmarks