Something is bruting my machine

freeMind

New Member
Joined
Nov 2, 2023
Messages
1
Reaction score
0
Credits
12
HI everyone, I need help ASAP because since 31's of October, my machine is
1698925106306.png
being bruted by some malicious software, I wasn't be able to manage this so i'm asking for help here


I provided an output from cat /var/log/auth.log
 


I'm no expert at networking, but you would normally deny all ports first, then only open those that you want to use yourself.

Not sure if this helps your situation....
 
Hello @freeMind,
Welcome to Linux.org forums,
From what I can see your machine or the one your trying to connect to is not accepting your user name password combo.
I don't think it's a malware issue. Are you sure your using the right password? and your network setting are correct?
 
It's doing a connection from localhost(127.0.0.1) so something local is doing an ssh authentication attempt, not a remote host.
 
Like @f33dm3bits sad this commes from your local machine! Check your process (ps aux ) list for suspicious processes ! This looks like you have a big security break!

I see this is a server... do you use a webinterface for administration? If yes check if you will be bruteforced via this webinterface.
 
do you use a webinterface for administration?

This is what I was pondering when I first saw this post.

As far as I can tell, the system is doing what it should be doing - which is denying entry.

From my experience, you're pretty much always going to be having malicious users/bots knocking at the door. There are ways to reduce the risks, from putting that behind a CDN, to adding verification like a CAPTCHA, or a login manager, use of keys, or even a VPS with a static IP address that needs to log in first as the server only accepts connections on that single IP address...

But, someone smarter than I am should be the one explaining the merits of these - or OP can look up the various brute force defenses out there and pick their own path.

I believe even the free version of CloudFlare offers some brute force protection.

You're not going to stop folks from trying to get in. The best thing you can do is do your best to make sure they can't get it.
 

Members online


Top