I have noticed a attemted hack and the log file shows:-
Dec 27 15:40:22 hp2 sshd[24142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.13 user=root
Dec 27 15:40:25 hp2 sshd[24142]: Failed password for root from 222.73.68.13 port 49069 ssh2
Dec 27 15:40:25 hp2 sshd[24143]: Received disconnect from 222.73.68.13: 11: Bye Bye
Dec 27 15:40:29 hp2 sshd[24144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.13 user=root
Dec 27 15:40:30 hp2 sshd[24144]: Failed password for root from 222.73.68.13 port 49510 ssh2
Dec 27 15:40:30 hp2 sshd[24145]: Received disconnect from 222.73.68.13: 11: Bye Bye
Dec 27 15:40:33 hp2 sshd[24146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.13 user=root
Dec 27 15:40:35 hp2 sshd[24146]: Failed password for root from 222.73.68.13 port 49843 ssh2
Dec 27 15:40:36 hp2 sshd[24147]: Received disconnect from 222.73.68.13: 11: Bye Bye
Dec 27 15:40:39 hp2 sshd[24148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.13 user=root
Dec 27 15:40:41 hp2 sshd[24148]: Failed password for root from 222.73.68.13 port 50227 ssh2
Dec 27 15:40:41 hp2 sshd[24149]: Received disconnect from 222.73.68.13: 11: Bye Bye
What I am no sure about is ssh2 and why the port is random or is this the originating port? I have ssh setup but in the firewall settings it is locked to my IP address? Can any one tell me how to lock this down?
Is there any way if a virtualmin password has been entered incorrectally so many time can the user be automattically black listed??
Thanks
Colin