I got a dedicated server a few days ago. This morning I set up virtualmin and moved my personal sites on to the server. Then I got this Abuse Warning from the data center:
Dear Customer,
We have received reports of brute force attacks originating from this server. This indicates possible server compromise, and is your responsibility to investigate and resolve. However, should you require help, please contact our professional service. Be advised that should we receive further reports we may be forced to step in to prevent further abuse of our networks.
For your convenience, please see attached report.
Regards,
Nick
Abuse Department
XXX XYZ
Time: Mon Aug 31 05:02:26 2009 -0500
IP: 174.120.xxx.xxx
Failures: 5 (sshd)
Interval: 300 seconds
Blocked: Yes
Log entries:
Aug 31 05:02:22 whm sshd[9165]: Invalid user t1na from 174.120.xxx.xxx Aug 31 05:02:24 whm sshd[9165]: Failed password for invalid user t1na from 174.120.xxx.xx port 59515 ssh2 Aug 31 05:02:24 whm sshd[9167]: Invalid user t1na from 174.120.xxx.xxx Aug 31 05:02:26 whm sshd[9167]: Failed password for invalid user t1na from 174.120.xxx.xxx port 59766 ssh2 Aug 31 05:02:26 whm sshd[9169]: Invalid user logic from 174.120.xxx.xxx
Has anyone had this problem before? =/