Messages in /var/log/messgaes - hack attempts?

2 posts / 0 new
Last post
#1 Wed, 02/03/2016 - 22:35
groston

Messages in /var/log/messgaes - hack attempts?

I had occasion to look at /var/log/messages today and I saw numerous messages like the following:

Feb 3 22:50:36 mydomain saslauthd[829]: do_auth : auth failure: [user=username@mydomain] [service=smtp] [realm=mydomain] [mech=pam] [reason=PAM auth error]

In most cases, username was not an account on my system, though in a small number of cases, it is legitimate. I assume that these are attempts to hack my system in some manner. Are there any specific recommendations to thwarting this type of attack?

Wed, 02/03/2016 - 22:58
andreychek

Howdy,

Yeah there are bots that try guessing at accounts and passwords on your system.

Usually they are unsuccessful if you have good passwords, but just to be sure, you could try something like Fail2ban. Fail2ban monitors log files, and can ban IP addresses after so many unsuccessful login attempts.

There is instructions for setting that up here:

https://www.virtualmin.com/documentation/security/fail2ban

Topic locked