Hi Guys
Some advice please.
My omv is under continual attack, Fail2Ban is banning about 6 IP addresses a day. So far none have got though, I'm beginning to think that it may be the same couple of people using a proxy to give them a different IP address.I closed port 22 on the router and that stopped them for a couple of days, but they are back on other ports that are not open on the router. Here a few examples reports.
Thanks in advance
The IP 210.73.211.34 has just been banned by Fail2Ban after3 attempts against ssh.Here are more information about 210.73.211.34:Lines containing IP:210.73.211.34 in /var/log/auth.logNov 19 09:39:07 omv sshd[30309]: Invalid user zhangyan from 210.73.211.34Nov 19 09:39:07 omv sshd[30309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.73.211.34Nov 19 09:39:09 omv sshd[30309]: Failed password for invalid user zhangyan from 210.73.211.34 port 37528 ssh2Nov 19 09:39:19 omv sshd[30325]: Invalid user dff from 210.73.211.34Nov 19 09:39:19 omv sshd[30325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.73.211.34
The IP 183.39.119.205 has just been banned by Fail2Ban after3 attempts against ssh.Here are more information about 183.39.119.205:Lines containing IP:183.39.119.205 in /var/log/auth.logNov 18 22:24:49 omv sshd[23567]: Invalid user zhangyan from 183.39.119.205Nov 18 22:24:49 omv sshd[23567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.39.119.205Nov 18 22:24:51 omv sshd[23567]: Failed password for invalid user zhangyan from 183.39.119.205 port 57541 ssh2Nov 18 22:25:02 omv sshd[23571]: Invalid user dff from 183.39.119.205Nov 18 22:25:02 omv sshd[23571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.39.119.205
The IP 177.159.102.108 has just been banned by Fail2Ban after3 attempts against ssh.Here are more information about 177.159.102.108:Lines containing IP:177.159.102.108 in /var/log/auth.logNov 19 06:43:52 omv sshd[25364]: Did not receive identification string from 177.159.102.108Nov 19 06:44:10 omv sshd[25365]: reverse mapping checking getaddrinfo for 177.159.102.108.static.gvt.net.br [177.159.102.108] failed - POSSIBLE BREAK-IN ATTEMPT!Nov 19 06:44:10 omv sshd[25365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.159.102.108 user=adminNov 19 06:44:12 omv sshd[25365]: Failed password for admin from 177.159.102.108 port 61104 ssh2Nov 19 06:44:12 omv sshd[25365]: Received disconnect from 177.159.102.108: 11: Bye Bye [preauth]Nov 19 06:44:29 omv sshd[25369]: reverse mapping checking getaddrinfo for 177.159.102.108.static.gvt.net.br [177.159.102.108] failed - POSSIBLE BREAK-IN ATTEMPT!Nov 19 06:44:29 omv sshd[25369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.159.102.108 user=rootNov 19 06:44:31 omv sshd[25369]: Failed password for root from 177.159.102.108 port 61575 ssh2Nov 19 06:44:31 omv sshd[25369]: Received disconnect from 177.159.102.108: 11: Bye Bye [preauth]Nov 19 06:44:49 omv sshd[25377]: reverse mapping checking getaddrinfo for 177.159.102.108.static.gvt.net.br [177.159.102.108] failed - POSSIBLE BREAK-IN ATTEMPT!Nov 19 06:44:49 omv sshd[25377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.159.102.108 user=rootNov 19 06:44:51 omv sshd[25377]: Failed password for root from 177.159.102.108 port 62028 ssh2Nov 19 06:44:51 omv sshd[25377]: Received disconnect from 177.159.102.108: 11: Bye Bye [preauth]