Answer by TimT for "POSSIBLE BREAK-IN ATTEMPT!" in /var/log/secure — what...
You can make your logs easier to read and check by turning off reverse lookp-ups in sshd_config (UseDNS no). This will prevent sshd from logging the "noise" lines containing "POSSIBLE BREAK-IN ATTEMPT"...
View ArticleAnswer by Gaia for "POSSIBLE BREAK-IN ATTEMPT!" in /var/log/secure — what...
"What exactly does "POSSIBLE BREAK-IN ATTEMPT" mean?" This means that the netblock owner did not update the PTR record for a static IP within their range, and said PTR record is outdated, OR an ISP...
View ArticleAnswer by Chris S for "POSSIBLE BREAK-IN ATTEMPT!" in /var/log/secure — what...
The "POSSIBLE BREAK-IN ATTEMPT" part specifically, is related to the "reverse mapping checking getaddrinfo failed" part. It means the person who was connecting didn't have forward and reverse DNS...
View ArticleAnswer by user9517 supports GoFundMonica for "POSSIBLE BREAK-IN ATTEMPT!" in...
Unfortunately this in now a very common occurrence. It is an automated attack on SSH which is using 'common' usernames to try and break into your system. The message means exactly what it says, it does...
View ArticleAnswer by poisonbit for "POSSIBLE BREAK-IN ATTEMPT!" in /var/log/secure —...
It's not necessary a successful login, but what it says "posible" and "attempt". Some bad boy or script kiddie, is sending you crafted traffic with a false origin IP. You can add origin IP limitations...
View Article"POSSIBLE BREAK-IN ATTEMPT!" in /var/log/secure — what does this mean?
I've got a CentOS 5.x box running on a VPS platform. My VPS host misinterpreted a support inquiry I had about connectivity and effectively flushed some iptables rules. This resulted in ssh listening...
View ArticleAnswer by AnasSafi for "POSSIBLE BREAK-IN ATTEMPT!" in /var/log/secure — what...
In my case after three week of suffering with logout of systems and hang in ssh connections every one minutes, I found my network changed to IPv6 when try to get my IP, so I tried to disable IPv6 and...
View Article
