Dipende da che distribuzione linux è, solitamente in /var/log/auth (debian, ecc.) o /var/log/secure (redhat, ecc.).
Dipende da che distribuzione linux è, solitamente in /var/log/auth (debian, ecc.) o /var/log/secure (redhat, ecc.).
Ah ok, grazie mille.. Se provo ad inviarle anche questi log può capire se qualcuno a tentato o è riuscito ad entrare??
Ho notato guardando i log, queste stringhe con un ip totalmente sconosciuto che tentava l'accesso al root:
Sep 16 06:36:08 happycommunity sshd[3702]: Did not receive identification string from 109.195.84.192
Sep 16 06:36:08 happycommunity sshd[3703]: reverse mapping checking getaddrinfo for 109x195x84x192.static-business.spb.ertelecom.ru [109.195.84.192] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 16 06:36:08 happycommunity sshd[3703]: Invalid user 1234 from 109.195.84.192
Sep 16 06:36:08 happycommunity sshd[3703]: input_userauth_request: invalid user 1234 [preauth]
Sep 16 06:36:08 happycommunity sshd[3703]: pam_unix(sshd:auth): check pass; user unknown
Sep 16 06:36:08 happycommunity sshd[3703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.84.192
Sep 16 06:36:10 happycommunity sshd[3703]: Failed password for invalid user 1234 from 109.195.84.192 port 65004 ssh2
Sep 16 06:36:10 happycommunity sshd[3703]: Connection closed by 109.195.84.192 [preauth]
Sep 16 06:36:10 happycommunity sshd[3705]: reverse mapping checking getaddrinfo for 109x195x84x192.static-business.spb.ertelecom.ru [109.195.84.192] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 16 06:36:10 happycommunity sshd[3705]: Invalid user PlcmSpIp from 109.195.84.192
Sep 16 06:36:10 happycommunity sshd[3705]: input_userauth_request: invalid user PlcmSpIp [preauth]
Sep 16 06:36:11 happycommunity sshd[3705]: pam_unix(sshd:auth): check pass; user unknown
Sep 16 06:36:11 happycommunity sshd[3705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.84.192
Sep 16 06:36:12 happycommunity sshd[3705]: Failed password for invalid user PlcmSpIp from 109.195.84.192 port 49481 ssh2
Sep 16 06:36:12 happycommunity sshd[3705]: Connection closed by 109.195.84.192 [preauth]
Sep 16 06:36:13 happycommunity sshd[3707]: reverse mapping checking getaddrinfo for 109x195x84x192.static-business.spb.ertelecom.ru [109.195.84.192] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 16 06:36:13 happycommunity sshd[3707]: Invalid user user from 109.195.84.192
Sep 16 06:36:13 happycommunity sshd[3707]: input_userauth_request: invalid user user [preauth]
Sep 16 06:36:13 happycommunity sshd[3707]: pam_unix(sshd:auth): check pass; user unknown
Sep 16 06:36:13 happycommunity sshd[3707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.195.84.192
Sep 16 06:36:15 happycommunity sshd[3707]: Failed password for invalid user user from 109.195.84.192 port 50318 ssh2
Sep 16 06:36:15 happycommunity sshd[3707]: Connection closed by 109.195.84.192 [preauth]
Non penso sono accessi che provengono dall'hosting, perchè se controllo su "IPFinder" questo ip, noto che la provenienza e dalla "Russia" capitale "Mosca"..
Comunque se vuole controllare le metto i log d'accesso:
http://www.mediafire.com/download/c3...5swq2/auth.log
Grazie per il supporto che mi sta offrendo =)