You are not logged in.

Pages: 1

#1 2014-12-01 17:45:21

Wilhelm
Member
Registered: 2012-12-06
Posts: 38

SSH connections from China

While investigating why my ssh-agent was down I noticed in sshd's log that there's multiple preauth connection from this ip: 61.157.200.222
The usernames were something like hedwig, hanna, heidi and so on.
The ip traces back to china
Country:   China
Country Code: CN (CHN)
Region: Sichuan
City: Chengdu
Local time: 02 Dec 01:26 (CST+0800)
Latitude: 30.6667
Longitude: 104.0667

Is there any way I could check is any harm done?
I have already disabled the sshd, but now and then I still need a ssh connection. Sshd should be running with public key authentication.

Offline

#2 2014-12-01 19:39:45

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 20,353

Re: SSH connections from China

Are your passwords strong?   Is there any evidence in the journal that they managed to get it?  If you must run with password authentication, use sshguard or fail2ban to create dynamic block rules.

Don't feel like the Lone Ranger:

ewaller@odin ~ 1022 %journalctl $(which sshguard) --no-pager
-- Logs begin at Mon 2014-11-10 09:58:18 PST, end at Mon 2014-12-01 11:37:47 PST. --
Nov 10 09:58:33 odin sshguard[577]: Started successfully [(a,p,s)=(40, 420, 1200)], now ready to scan.
-- Reboot --
Nov 10 18:39:31 odin sshguard[564]: Started successfully [(a,p,s)=(40, 420, 1200)], now ready to scan.
Nov 10 20:25:02 odin sshguard[564]: Blocking 122.225.109.112:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 10 21:52:43 odin sshguard[564]: Blocking 117.27.158.104:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 10 22:20:03 odin sshguard[564]: Blocking 122.225.97.83:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 10 23:19:27 odin sshguard[564]: Blocking 122.225.97.80:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 11 02:32:55 odin sshguard[564]: Blocking 218.2.0.127:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 11 03:13:49 odin sshguard[564]: Blocking 218.2.0.128:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 11 05:12:12 odin sshguard[564]: Blocking 218.2.0.132:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 11 07:24:02 odin sshguard[564]: Blocking 122.225.109.198:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 11 10:54:04 odin sshguard[564]: Blocking 122.225.97.69:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 11 11:19:01 odin sshguard[564]: Blocking 115.239.248.119:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 11 11:30:02 odin sshguard[564]: Blocking 115.239.248.119:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 667s).
Nov 11 11:30:44 odin sshguard[564]: Blocking 122.225.97.105:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 11 17:48:51 odin sshguard[564]: Blocking 218.2.0.123:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 12 00:31:44 odin sshguard[564]: Blocking 36.250.13.67:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 12 01:32:35 odin sshguard[564]: Blocking 122.225.97.100:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 12 03:46:35 odin sshguard[564]: Blocking 218.2.0.120:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 12 05:26:59 odin sshguard[564]: Blocking 222.186.56.43:4 for >630secs: 40 danger in 4 attacks over 20 seconds (all: 40d in 1 abuses over 20s).
Nov 12 11:02:02 odin sshguard[564]: Blocking 122.225.97.106:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 12 15:22:43 odin sshguard[564]: Blocking 61.174.50.134:4 for >630secs: 40 danger in 4 attacks over 10 seconds (all: 40d in 1 abuses over 10s).
Nov 12 23:55:05 odin sshguard[564]: Blocking 218.2.0.123:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 108380s).
Nov 13 01:08:58 odin sshguard[564]: Blocking 122.225.97.78:4 for >630secs: 40 danger in 4 attacks over 10 seconds (all: 40d in 1 abuses over 10s).
Nov 13 01:42:57 odin sshguard[564]: Blocking 122.225.97.90:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 13 03:40:04 odin sshguard[564]: Blocking 218.2.0.137:4 for >630secs: 40 danger in 4 attacks over 20 seconds (all: 40d in 1 abuses over 20s).
Nov 13 06:33:39 odin sshguard[564]: Blocking 122.225.97.67:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 13 10:24:58 odin sshguard[564]: Blocking 122.225.97.83:4 for >945secs: 40 danger in 4 attacks over 6 seconds (all: 80d in 2 abuses over 216301s).
Nov 13 12:55:48 odin sshguard[564]: Blocking 122.225.97.105:4 for >945secs: 40 danger in 4 attacks over 8 seconds (all: 80d in 2 abuses over 177909s).
Nov 13 16:25:28 odin sshguard[564]: Blocking 61.174.51.216:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 13 20:32:57 odin sshguard[564]: Blocking 122.225.109.220:4 for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s).
Nov 13 21:26:12 odin sshguard[564]: Blocking 61.174.51.205:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 13 21:39:05 odin sshguard[564]: Blocking 122.225.109.100:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 13 22:52:22 odin sshguard[564]: Blocking 122.225.109.219:4 for >630secs: 40 danger in 4 attacks over 23 seconds (all: 40d in 1 abuses over 23s).
Nov 14 00:39:43 odin sshguard[564]: Blocking 122.225.109.116:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 14 00:39:46 odin sshguard[564]: Blocking 122.225.109.217:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 14 04:47:32 odin sshguard[564]: Blocking 122.225.109.215:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 14 04:57:02 odin sshguard[564]: Blocking 122.225.97.106:4 for >945secs: 40 danger in 4 attacks over 47 seconds (all: 80d in 2 abuses over 150905s).
Nov 14 05:43:21 odin sshguard[564]: Blocking 192.126.120.44:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 14 05:55:19 odin sshguard[564]: Blocking 122.225.109.220:4 for >945secs: 40 danger in 4 attacks over 24 seconds (all: 80d in 2 abuses over 33751s).
Nov 14 08:44:53 odin sshguard[564]: Blocking 122.225.97.91:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 14 09:07:31 odin sshguard[564]: Blocking 122.225.109.108:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
-- Reboot --
Nov 14 12:51:27 odin sshguard[570]: Started successfully [(a,p,s)=(40, 420, 1200)], now ready to scan.
Nov 14 13:54:31 odin sshguard[570]: Blocking 122.225.109.103:4 for >630secs: 40 danger in 4 attacks over 45 seconds (all: 40d in 1 abuses over 45s).
Nov 14 17:29:51 odin sshguard[570]: Blocking 122.225.109.220:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 14 19:17:24 odin sshguard[570]: Blocking 222.186.56.43:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 14 21:28:32 odin sshguard[570]: Blocking 122.225.97.99:4 for >630secs: 40 danger in 4 attacks over 20 seconds (all: 40d in 1 abuses over 20s).
Nov 14 23:57:43 odin sshguard[570]: Blocking 122.225.97.112:4 for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s).
Nov 15 00:20:59 odin sshguard[570]: Blocking 218.2.0.121:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 15 01:18:50 odin sshguard[570]: Blocking 122.225.97.73:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 15 02:49:11 odin sshguard[570]: Blocking 222.186.34.238:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 15 03:11:30 odin sshguard[570]: Blocking 122.225.97.67:4 for >630secs: 40 danger in 4 attacks over 16 seconds (all: 40d in 1 abuses over 16s).
Nov 15 23:17:04 odin sshguard[570]: Blocking 122.225.109.194:4 for >630secs: 40 danger in 4 attacks over 13 seconds (all: 40d in 1 abuses over 13s).
Nov 16 01:15:11 odin sshguard[570]: Blocking 61.174.50.134:4 for >630secs: 40 danger in 4 attacks over 46 seconds (all: 40d in 1 abuses over 46s).
Nov 16 01:42:51 odin sshguard[570]: Blocking 122.225.109.110:4 for >630secs: 40 danger in 4 attacks over 154 seconds (all: 40d in 1 abuses over 154s).
Nov 16 06:57:17 odin sshguard[570]: Blocking 218.2.0.133:4 for >630secs: 40 danger in 4 attacks over 10 seconds (all: 40d in 1 abuses over 10s).
Nov 16 09:34:00 odin sshguard[570]: Blocking 122.225.97.87:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 16 09:42:52 odin sshguard[570]: Blocking 122.225.109.220:4 for >945secs: 40 danger in 4 attacks over 8 seconds (all: 80d in 2 abuses over 144787s).
Nov 16 10:20:29 odin sshguard[570]: Blocking 122.225.109.100:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 16 12:14:43 odin sshguard[570]: Got CONTINUE signal, resuming activity.
-- Reboot --
Nov 16 12:15:36 odin sshguard[592]: Started successfully [(a,p,s)=(40, 420, 1200)], now ready to scan.
Nov 16 12:51:09 odin sshguard[592]: Got CONTINUE signal, resuming activity.
Nov 16 12:51:09 odin sshguard[592]: Got exit signal, flushing blocked addresses and exiting...
-- Reboot --
Nov 16 12:52:12 odin sshguard[582]: Started successfully [(a,p,s)=(40, 420, 1200)], now ready to scan.
Nov 16 16:49:17 odin sshguard[582]: Blocking 122.225.97.73:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 16 17:27:11 odin sshguard[582]: Blocking 218.2.0.133:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 16 20:19:11 odin sshguard[582]: Blocking 122.225.97.67:4 for >630secs: 40 danger in 4 attacks over 46 seconds (all: 40d in 1 abuses over 46s).
Nov 16 21:23:49 odin sshguard[582]: Blocking 122.225.97.124:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 17 01:20:54 odin sshguard[582]: Blocking 122.225.109.118:4 for >630secs: 40 danger in 4 attacks over 10 seconds (all: 40d in 1 abuses over 10s).
Nov 17 02:39:19 odin sshguard[582]: Blocking 122.225.97.118:4 for >630secs: 40 danger in 4 attacks over 2 seconds (all: 40d in 1 abuses over 2s).
Nov 17 04:26:13 odin sshguard[582]: Blocking 122.225.97.92:4 for >630secs: 40 danger in 4 attacks over 10 seconds (all: 40d in 1 abuses over 10s).
Nov 17 05:44:06 odin sshguard[582]: Blocking 122.225.109.205:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 17 06:06:15 odin sshguard[582]: Blocking 122.225.97.122:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 17 06:24:48 odin sshguard[582]: Blocking 103.41.124.27:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 17 06:24:59 odin sshguard[582]: Blocking 103.41.124.38:4 for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s).
Nov 17 06:25:01 odin sshguard[582]: Blocking 103.41.124.25:4 for >630secs: 40 danger in 4 attacks over 22 seconds (all: 40d in 1 abuses over 22s).
Nov 17 06:25:15 odin sshguard[582]: Blocking 103.41.124.21:4 for >630secs: 40 danger in 4 attacks over 35 seconds (all: 40d in 1 abuses over 35s).
Nov 17 06:25:17 odin sshguard[582]: Blocking 103.41.124.15:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 17 06:25:41 odin sshguard[582]: Blocking 103.41.124.34:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 17 06:25:46 odin sshguard[582]: Blocking 103.41.124.40:4 for >630secs: 40 danger in 4 attacks over 22 seconds (all: 40d in 1 abuses over 22s).
Nov 17 06:25:46 odin sshguard[582]: Blocking 103.41.124.41:4 for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s).
Nov 17 06:25:55 odin sshguard[582]: Blocking 103.41.124.18:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 17 06:27:15 odin sshguard[582]: Blocking 103.41.124.55:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 17 06:31:23 odin sshguard[582]: Blocking 103.41.124.52:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 17 11:48:54 odin sshguard[582]: Blocking 122.225.109.197:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 17 18:20:17 odin sshguard[582]: Blocking 122.225.97.82:4 for >630secs: 40 danger in 4 attacks over 3 seconds (all: 40d in 1 abuses over 3s).
Nov 17 19:17:47 odin sshguard[582]: Blocking 122.225.109.109:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 17 21:49:26 odin sshguard[582]: Blocking 122.225.109.118:4 for >945secs: 40 danger in 4 attacks over 9 seconds (all: 80d in 2 abuses over 73722s).
Nov 18 02:51:21 odin sshguard[582]: Blocking 103.41.124.22:4 for >630secs: 40 danger in 4 attacks over 37 seconds (all: 40d in 1 abuses over 37s).
Nov 18 04:28:23 odin sshguard[582]: Blocking 122.225.97.104:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 18 04:31:46 odin sshguard[582]: Blocking 122.225.97.98:4 for >630secs: 40 danger in 4 attacks over 10 seconds (all: 40d in 1 abuses over 10s).
Nov 18 05:02:15 odin sshguard[582]: Blocking 122.225.97.80:4 for >630secs: 40 danger in 4 attacks over 33 seconds (all: 40d in 1 abuses over 33s).
Nov 18 05:27:32 odin sshguard[582]: Blocking 122.225.97.87:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 18 18:29:23 odin sshguard[582]: Blocking 144.0.0.29:4 for >630secs: 40 danger in 4 attacks over 124 seconds (all: 40d in 1 abuses over 124s).
Nov 18 19:24:32 odin sshguard[582]: Got CONTINUE signal, resuming activity.
Nov 18 19:24:32 odin sshguard[582]: Got exit signal, flushing blocked addresses and exiting...
-- Reboot --
Nov 18 19:25:21 odin sshguard[553]: Started successfully [(a,p,s)=(40, 420, 1200)], now ready to scan.
Nov 18 19:38:05 odin sshguard[553]: Blocking 122.225.97.107:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 18 23:24:12 odin sshguard[553]: Blocking 103.41.124.55:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 19 01:04:22 odin sshguard[553]: Blocking 122.225.109.218:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 19 03:21:38 odin sshguard[553]: Blocking 218.2.0.123:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 19 05:00:07 odin sshguard[553]: Blocking 222.186.56.43:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 19 05:05:23 odin sshguard[553]: Blocking 111.73.45.158:4 for >630secs: 40 danger in 4 attacks over 20 seconds (all: 40d in 1 abuses over 20s).
Nov 19 05:15:17 odin sshguard[553]: Blocking 222.186.56.43:4 for >945secs: 40 danger in 4 attacks over 8 seconds (all: 80d in 2 abuses over 918s).
Nov 19 05:32:13 odin sshguard[553]: Blocking 122.225.97.96:4 for >630secs: 40 danger in 4 attacks over 39 seconds (all: 40d in 1 abuses over 39s).
Nov 19 06:02:53 odin sshguard[553]: Blocking 122.225.109.213:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 19 06:56:52 odin sshguard[553]: Blocking 122.225.97.119:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 19 09:54:10 odin sshguard[553]: Blocking 103.41.124.48:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 19 11:31:56 odin sshguard[553]: Blocking 222.186.34.237:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 19 13:13:21 odin sshguard[553]: Blocking 218.2.0.128:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 19 16:06:11 odin sshguard[553]: Blocking 122.225.97.87:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 19 17:40:20 odin sshguard[553]: Blocking 122.225.97.112:4 for >630secs: 40 danger in 4 attacks over 4 seconds (all: 40d in 1 abuses over 4s).
Nov 19 18:11:15 odin sshguard[553]: Blocking 122.225.97.67:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 19 19:59:20 odin sshguard[553]: Blocking 61.174.50.165:4 for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s).
Nov 19 20:01:52 odin sshguard[553]: Blocking 122.225.97.100:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 19 23:11:31 odin sshguard[553]: Blocking 122.225.97.66:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 19 23:59:03 odin sshguard[553]: Blocking 122.225.109.195:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 20 01:05:59 odin sshguard[553]: Blocking 60.169.77.228:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 20 01:20:12 odin sshguard[553]: Blocking 60.169.77.228:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 859s).
Nov 20 04:24:45 odin sshguard[553]: Blocking 103.41.124.28:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 20 05:59:20 odin sshguard[553]: Blocking 122.225.97.111:4 for >630secs: 40 danger in 4 attacks over 32 seconds (all: 40d in 1 abuses over 32s).
Nov 20 10:06:15 odin sshguard[553]: Blocking 122.225.97.107:4 for >945secs: 40 danger in 4 attacks over 6 seconds (all: 80d in 2 abuses over 138498s).
Nov 20 10:38:42 odin sshguard[553]: Blocking 122.225.109.212:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 20 10:49:42 odin sshguard[553]: Blocking 103.41.124.59:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 20 11:44:55 odin sshguard[553]: Blocking 122.225.109.117:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 20 13:19:55 odin sshguard[553]: Blocking 122.225.109.118:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 20 15:59:31 odin sshguard[553]: Blocking 122.225.109.197:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 20 18:17:25 odin sshguard[553]: Blocking 122.225.97.86:4 for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s).
Nov 20 21:15:46 odin sshguard[553]: Blocking 122.225.97.91:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 20 22:18:36 odin sshguard[553]: Blocking 122.225.97.97:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 21 01:21:47 odin sshguard[553]: Blocking 103.41.124.33:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 21 02:11:32 odin sshguard[553]: Blocking 122.225.97.66:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 97209s).
Nov 21 02:36:53 odin sshguard[553]: Blocking 122.225.97.106:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 21 04:52:09 odin sshguard[553]: Blocking 122.225.97.91:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 27391s).
Nov 21 05:35:39 odin sshguard[553]: Blocking 122.225.109.221:4 for >630secs: 40 danger in 4 attacks over 14 seconds (all: 40d in 1 abuses over 14s).
Nov 21 05:50:12 odin sshguard[553]: Blocking 218.2.0.130:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 21 06:01:41 odin sshguard[553]: Blocking 122.225.97.74:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 21 06:19:40 odin sshguard[553]: Offender '122.225.97.66:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 21 06:19:40 odin sshguard[553]: Blocking 122.225.97.66:4 for >0secs: 40 danger in 4 attacks over 3 seconds (all: 120d in 3 abuses over 112096s).
Nov 21 07:48:53 odin sshguard[553]: Blocking 122.225.97.122:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 21 10:12:39 odin sshguard[553]: Blocking 122.225.97.114:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 21 11:15:08 odin sshguard[553]: Blocking 122.225.109.110:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 21 15:20:43 odin sshguard[553]: Blocking 103.41.124.32:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 21 15:23:31 odin sshguard[553]: Blocking 122.225.97.106:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 46005s).
Nov 21 15:31:00 odin sshguard[553]: Blocking 122.225.97.124:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 21 17:28:11 odin sshguard[553]: Offender '122.225.97.91:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 21 17:28:11 odin sshguard[553]: Blocking 122.225.97.91:4 for >0secs: 40 danger in 4 attacks over 7 seconds (all: 120d in 3 abuses over 72753s).
Nov 21 18:55:38 odin sshguard[553]: Blocking 122.225.97.74:4 for >945secs: 40 danger in 4 attacks over 63 seconds (all: 80d in 2 abuses over 46445s).
Nov 21 20:20:57 odin sshguard[553]: Blocking 122.225.97.122:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 45131s).
Nov 21 21:32:00 odin sshguard[553]: Blocking 122.225.109.108:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 21 22:34:33 odin sshguard[553]: Blocking 122.225.97.114:4 for >945secs: 40 danger in 4 attacks over 35 seconds (all: 80d in 2 abuses over 44521s).
Nov 21 22:52:01 odin sshguard[553]: Blocking 122.225.97.83:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 22 00:15:13 odin sshguard[553]: Blocking 103.41.124.55:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 262267s).
Nov 22 01:44:26 odin sshguard[553]: Blocking 122.225.109.105:4 for >630secs: 40 danger in 4 attacks over 11 seconds (all: 40d in 1 abuses over 11s).
Nov 22 03:36:39 odin sshguard[553]: Offender '122.225.97.106:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 22 03:36:39 odin sshguard[553]: Blocking 122.225.97.106:4 for >0secs: 40 danger in 4 attacks over 26 seconds (all: 120d in 3 abuses over 89993s).
Nov 22 05:55:08 odin sshguard[553]: Blocking 218.2.0.130:4 for >945secs: 40 danger in 4 attacks over 4 seconds (all: 80d in 2 abuses over 86703s).
Nov 22 06:42:30 odin sshguard[553]: Blocking 54.174.26.55:4 for >630secs: 40 danger in 4 attacks over 104 seconds (all: 40d in 1 abuses over 104s).
Nov 22 07:47:30 odin sshguard[553]: Blocking 122.225.97.77:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 22 09:35:09 odin sshguard[553]: Blocking 103.41.124.12:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 22 11:09:28 odin sshguard[553]: Blocking 122.225.97.115:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 22 11:12:31 odin sshguard[553]: Blocking 60.173.8.117:4 for >630secs: 40 danger in 4 attacks over 12 seconds (all: 40d in 1 abuses over 12s).
Nov 22 11:29:14 odin sshguard[553]: Got CONTINUE signal, resuming activity.
Nov 22 11:29:14 odin sshguard[553]: Got exit signal, flushing blocked addresses and exiting...
-- Reboot --
Nov 22 11:30:07 odin sshguard[576]: Started successfully [(a,p,s)=(40, 420, 1200)], now ready to scan.
Nov 22 11:30:58 odin sshguard[576]: Got CONTINUE signal, resuming activity.
Nov 22 11:30:58 odin sshguard[576]: Got exit signal, flushing blocked addresses and exiting...
-- Reboot --
Nov 22 11:33:03 odin sshguard[569]: Started successfully [(a,p,s)=(40, 420, 1200)], now ready to scan.
Nov 22 13:40:14 odin sshguard[569]: Blocking 122.225.97.97:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 22 14:33:24 odin sshguard[569]: Blocking 122.225.109.207:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 22 15:21:49 odin sshguard[569]: Blocking 122.225.97.121:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 22 15:23:42 odin sshguard[569]: Blocking 115.239.248.119:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 22 15:24:23 odin sshguard[569]: Blocking 123.157.150.119:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 22 16:24:32 odin sshguard[569]: Blocking 122.225.109.108:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 22 16:55:29 odin sshguard[569]: Blocking 122.225.109.199:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 22 17:30:38 odin sshguard[569]: Blocking 122.225.109.118:4 for >630secs: 40 danger in 4 attacks over 48 seconds (all: 40d in 1 abuses over 48s).
Nov 22 18:18:22 odin sshguard[569]: Blocking 183.136.202.38:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 22 18:30:23 odin sshguard[569]: Blocking 183.136.202.38:4 for >945secs: 40 danger in 4 attacks over 6 seconds (all: 80d in 2 abuses over 727s).
Nov 22 18:46:26 odin sshguard[569]: Offender '183.136.202.38:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 22 18:46:26 odin sshguard[569]: Blocking 183.136.202.38:4 for >0secs: 40 danger in 4 attacks over 8 seconds (all: 120d in 3 abuses over 1690s).
Nov 22 20:18:07 odin sshguard[569]: Blocking 103.41.124.20:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 22 20:24:55 odin sshguard[569]: Blocking 122.225.97.75:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 22 21:24:48 odin sshguard[569]: Blocking 122.225.97.80:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 23 00:21:51 odin sshguard[569]: Blocking 122.225.97.71:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 23 01:00:27 odin sshguard[569]: Blocking 122.225.109.213:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 23 03:03:24 odin sshguard[569]: Blocking 122.225.109.102:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 23 05:26:07 odin sshguard[569]: Blocking 61.147.107.117:4 for >630secs: 40 danger in 4 attacks over 30 seconds (all: 40d in 1 abuses over 30s).
Nov 23 06:26:08 odin sshguard[569]: Blocking 218.2.0.120:4 for >630secs: 40 danger in 4 attacks over 12 seconds (all: 40d in 1 abuses over 12s).
Nov 23 08:16:43 odin sshguard[569]: Blocking 115.239.248.62:4 for >630secs: 40 danger in 4 attacks over 17 seconds (all: 40d in 1 abuses over 17s).
Nov 23 08:17:34 odin sshguard[569]: Blocking 123.157.150.62:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 23 08:27:56 odin sshguard[569]: Blocking 115.239.248.62:4 for >945secs: 40 danger in 4 attacks over 8 seconds (all: 80d in 2 abuses over 690s).
Nov 23 08:31:36 odin sshguard[569]: Blocking 123.157.150.62:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 848s).
Nov 23 08:44:51 odin sshguard[569]: Offender '115.239.248.62:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 23 08:44:51 odin sshguard[569]: Blocking 115.239.248.62:4 for >0secs: 40 danger in 4 attacks over 8 seconds (all: 120d in 3 abuses over 1705s).
Nov 23 08:48:06 odin sshguard[569]: Offender '123.157.150.62:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 23 08:48:06 odin sshguard[569]: Blocking 123.157.150.62:4 for >0secs: 40 danger in 4 attacks over 7 seconds (all: 120d in 3 abuses over 1838s).
Nov 23 09:52:06 odin sshguard[569]: Blocking 117.21.173.177:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 23 09:53:27 odin sshguard[569]: Blocking 103.41.124.27:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 23 13:37:56 odin sshguard[569]: Blocking 122.225.109.119:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 23 17:19:02 odin sshguard[569]: Blocking 61.174.51.205:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 23 18:17:07 odin sshguard[569]: Blocking 122.225.109.205:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 23 18:57:01 odin sshguard[569]: Blocking 122.225.109.201:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 23 19:04:20 odin sshguard[569]: Blocking 218.2.0.137:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 23 20:31:27 odin sshguard[569]: Blocking 122.225.97.97:4 for >945secs: 40 danger in 4 attacks over 10 seconds (all: 80d in 2 abuses over 111078s).
Nov 23 20:34:22 odin sshguard[569]: Blocking 103.41.124.48:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 23 20:35:07 odin sshguard[569]: Blocking 103.41.124.39:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 23 20:35:08 odin sshguard[569]: Blocking 122.225.109.115:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 23 20:46:10 odin sshguard[569]: Blocking 103.41.124.28:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 23 21:19:11 odin sshguard[569]: Blocking 61.174.51.225:4 for >630secs: 40 danger in 4 attacks over 3 seconds (all: 40d in 1 abuses over 3s).
Nov 23 21:40:57 odin sshguard[569]: Blocking 122.225.97.67:4 for >630secs: 40 danger in 4 attacks over 11 seconds (all: 40d in 1 abuses over 11s).
Nov 23 23:54:46 odin sshguard[569]: Blocking 60.173.8.117:4 for >630secs: 40 danger in 4 attacks over 12 seconds (all: 40d in 1 abuses over 12s).
Nov 24 04:57:59 odin sshguard[569]: Blocking 122.225.109.206:4 for >630secs: 40 danger in 4 attacks over 3 seconds (all: 40d in 1 abuses over 3s).
Nov 24 05:47:15 odin sshguard[569]: Blocking 103.41.124.53:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 24 07:07:32 odin sshguard[569]: Blocking 61.174.50.164:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 24 09:01:33 odin sshguard[569]: Blocking 103.41.124.33:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 24 11:06:20 odin sshguard[569]: Blocking 122.225.109.208:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 24 11:56:50 odin sshguard[569]: Blocking 117.27.158.76:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 24 14:34:10 odin sshguard[569]: Blocking 122.225.97.121:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 169947s).
Nov 24 15:07:37 odin sshguard[569]: Blocking 122.225.97.71:4 for >945secs: 40 danger in 4 attacks over 6 seconds (all: 80d in 2 abuses over 139553s).
Nov 24 15:15:13 odin sshguard[569]: Offender '122.225.97.121:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 24 15:15:13 odin sshguard[569]: Blocking 122.225.97.121:4 for >0secs: 40 danger in 4 attacks over 7 seconds (all: 120d in 3 abuses over 172410s).
Nov 24 16:26:26 odin sshguard[569]: Blocking 222.186.34.245:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 24 16:38:34 odin sshguard[569]: Blocking 222.186.34.245:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 735s).
Nov 24 16:56:05 odin sshguard[569]: Offender '222.186.34.245:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 24 16:56:05 odin sshguard[569]: Blocking 222.186.34.245:4 for >0secs: 40 danger in 4 attacks over 7 seconds (all: 120d in 3 abuses over 1786s).
Nov 24 17:02:11 odin sshguard[569]: Blocking 122.225.97.68:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 24 19:00:17 odin sshguard[569]: Blocking 103.41.124.59:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 24 19:00:52 odin sshguard[569]: Blocking 61.174.50.245:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 24 20:06:54 odin sshguard[569]: Got CONTINUE signal, resuming activity.
-- Reboot --
Nov 24 20:07:43 odin sshguard[561]: Started successfully [(a,p,s)=(40, 420, 1200)], now ready to scan.
Nov 24 21:50:27 odin sshguard[561]: Blocking 61.174.51.222:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 24 22:25:56 odin sshguard[561]: Blocking 218.2.0.127:4 for >630secs: 40 danger in 4 attacks over 11 seconds (all: 40d in 1 abuses over 11s).
Nov 25 01:16:50 odin sshguard[561]: Blocking 122.225.97.124:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 25 01:17:41 odin sshguard[561]: Blocking 122.225.109.119:4 for >630secs: 40 danger in 4 attacks over 10 seconds (all: 40d in 1 abuses over 10s).
Nov 25 01:50:44 odin sshguard[561]: Blocking 122.225.109.106:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 25 02:01:33 odin sshguard[561]: Blocking 122.225.109.200:4 for >630secs: 40 danger in 4 attacks over 12 seconds (all: 40d in 1 abuses over 12s).
Nov 25 02:21:40 odin sshguard[561]: Blocking 122.225.109.116:4 for >630secs: 40 danger in 4 attacks over 16 seconds (all: 40d in 1 abuses over 16s).
Nov 25 03:00:48 odin sshguard[561]: Blocking 103.41.124.49:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 25 08:10:25 odin sshguard[561]: Blocking 122.225.97.107:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 25 10:48:08 odin sshguard[561]: Blocking 103.41.124.55:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 25 10:57:33 odin sshguard[561]: Blocking 122.225.109.107:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 25 17:36:35 odin sshguard[561]: Blocking 122.225.97.117:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 25 21:42:21 odin sshguard[561]: Blocking 85.105.135.57:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 25 21:46:15 odin sshguard[561]: Blocking 103.41.124.33:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 26 01:16:03 odin sshguard[561]: Blocking 122.225.109.117:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 26 02:52:06 odin sshguard[561]: Blocking 61.174.51.216:4 for >630secs: 40 danger in 4 attacks over 11 seconds (all: 40d in 1 abuses over 11s).
Nov 26 03:20:46 odin sshguard[561]: Blocking 122.225.109.119:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 93795s).
Nov 26 04:06:12 odin sshguard[561]: Blocking 122.225.97.89:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 26 07:10:29 odin sshguard[561]: Blocking 103.41.124.17:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 26 10:30:45 odin sshguard[561]: Blocking 103.41.124.45:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 26 13:44:21 odin sshguard[561]: Blocking 218.2.0.125:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 26 13:58:37 odin sshguard[561]: Blocking 122.225.109.209:4 for >630secs: 40 danger in 4 attacks over 81 seconds (all: 40d in 1 abuses over 81s).
Nov 26 14:11:21 odin sshguard[561]: Blocking 122.225.109.200:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 130200s).
Nov 26 15:25:22 odin sshguard[561]: Blocking 122.225.97.115:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 26 16:59:28 odin sshguard[561]: Blocking 122.225.97.122:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 26 17:19:31 odin sshguard[561]: Offender '122.225.109.200:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 26 17:19:31 odin sshguard[561]: Blocking 122.225.109.200:4 for >0secs: 40 danger in 4 attacks over 7 seconds (all: 120d in 3 abuses over 141489s).
Nov 26 18:55:31 odin sshguard[561]: Blocking 218.2.0.132:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 26 21:15:32 odin sshguard[561]: Blocking 103.41.124.55:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 124050s).
Nov 27 01:19:29 odin sshguard[561]: Blocking 122.225.97.107:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 148151s).
Nov 27 03:24:27 odin sshguard[561]: Blocking 122.225.97.105:4 for >630secs: 40 danger in 4 attacks over 16 seconds (all: 40d in 1 abuses over 16s).
Nov 27 05:13:23 odin sshguard[561]: Blocking 122.225.97.85:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 27 05:57:56 odin sshguard[561]: Blocking 103.41.124.38:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 27 07:15:47 odin sshguard[561]: Blocking 61.174.51.216:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 102232s).
Nov 27 10:37:06 odin sshguard[561]: Blocking 103.41.124.58:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 27 13:03:51 odin sshguard[561]: Blocking 61.174.51.207:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 27 15:13:48 odin sshguard[561]: Offender '122.225.97.107:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 27 15:13:48 odin sshguard[561]: Blocking 122.225.97.107:4 for >0secs: 40 danger in 4 attacks over 7 seconds (all: 120d in 3 abuses over 198210s).
Nov 27 15:37:21 odin sshguard[561]: Blocking 61.174.51.225:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 27 17:32:12 odin sshguard[561]: Offender '61.174.51.216:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 27 17:32:12 odin sshguard[561]: Blocking 61.174.51.216:4 for >0secs: 40 danger in 4 attacks over 9 seconds (all: 120d in 3 abuses over 139217s).
Nov 27 20:32:02 odin sshguard[561]: Blocking 122.225.97.67:4 for >630secs: 40 danger in 4 attacks over 28 seconds (all: 40d in 1 abuses over 28s).
Nov 27 21:16:40 odin sshguard[561]: Blocking 61.174.50.149:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 27 21:33:44 odin sshguard[561]: Offender '103.41.124.55:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 27 21:33:44 odin sshguard[561]: Blocking 103.41.124.55:4 for >0secs: 40 danger in 4 attacks over 5 seconds (all: 120d in 3 abuses over 211541s).
Nov 27 22:04:04 odin sshguard[561]: Blocking 122.225.109.202:4 for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s).
Nov 28 01:13:09 odin sshguard[561]: Blocking 220.177.198.32:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 28 05:45:58 odin sshguard[561]: Blocking 103.41.124.33:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 201590s).
Nov 28 07:16:42 odin sshguard[561]: Blocking 222.161.4.155:4 for >630secs: 40 danger in 4 attacks over 11 seconds (all: 40d in 1 abuses over 11s).
Nov 28 09:39:24 odin sshguard[561]: Blocking 122.225.109.126:4 for >630secs: 40 danger in 4 attacks over 12 seconds (all: 40d in 1 abuses over 12s).
Nov 28 10:24:01 odin sshguard[561]: Blocking 103.41.124.36:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 28 11:54:39 odin sshguard[561]: Blocking 61.174.50.195:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 28 13:26:10 odin sshguard[561]: Blocking 122.225.103.73:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 28 14:10:50 odin sshguard[561]: Blocking 61.174.51.200:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 28 16:51:06 odin sshguard[561]: Blocking 61.174.51.200:4 for >945secs: 40 danger in 4 attacks over 5 seconds (all: 80d in 2 abuses over 9622s).
Nov 28 18:31:00 odin sshguard[561]: Blocking 61.174.51.227:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 28 19:41:14 odin sshguard[561]: Blocking 101.64.236.164:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 28 21:07:03 odin sshguard[561]: Blocking 103.41.124.48:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 28 21:20:46 odin sshguard[561]: Blocking 61.174.51.228:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 28 22:10:16 odin sshguard[561]: Blocking 103.41.124.51:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 28 22:10:17 odin sshguard[561]: Blocking 103.41.124.26:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 28 22:10:43 odin sshguard[561]: Blocking 103.41.124.48:4 for >945secs: 40 danger in 4 attacks over 6 seconds (all: 80d in 2 abuses over 3827s).
Nov 28 22:42:14 odin sshguard[561]: Blocking 62.210.172.143:4 for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s).
Nov 28 23:06:39 odin sshguard[561]: Blocking 61.174.51.203:4 for >630secs: 40 danger in 4 attacks over 3 seconds (all: 40d in 1 abuses over 3s).
Nov 28 23:38:02 odin sshguard[561]: Blocking 61.174.50.244:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 29 01:13:14 odin sshguard[561]: Blocking 122.225.103.73:4 for >945secs: 40 danger in 4 attacks over 10 seconds (all: 80d in 2 abuses over 42431s).
Nov 29 01:19:58 odin sshguard[561]: Blocking 122.225.109.195:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 29 01:53:00 odin sshguard[561]: Blocking 61.174.50.149:4 for >945secs: 40 danger in 4 attacks over 6 seconds (all: 80d in 2 abuses over 102985s).
Nov 29 04:03:13 odin sshguard[561]: Blocking 61.174.51.211:4 for >630secs: 40 danger in 4 attacks over 29 seconds (all: 40d in 1 abuses over 29s).
Nov 29 04:12:19 odin sshguard[561]: Blocking 122.225.109.201:4 for >630secs: 40 danger in 4 attacks over 51 seconds (all: 40d in 1 abuses over 51s).
Nov 29 04:38:56 odin sshguard[561]: Offender '61.174.51.200:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 29 04:38:56 odin sshguard[561]: Blocking 61.174.51.200:4 for >0secs: 40 danger in 4 attacks over 10 seconds (all: 120d in 3 abuses over 52092s).
Nov 29 05:38:29 odin sshguard[561]: Blocking 61.174.50.208:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 29 06:51:40 odin sshguard[561]: Blocking 61.174.51.225:4 for >945secs: 40 danger in 4 attacks over 6 seconds (all: 80d in 2 abuses over 141265s).
Nov 29 08:14:03 odin sshguard[561]: Blocking 122.225.109.126:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 81291s).
Nov 29 09:45:28 odin sshguard[561]: Blocking 62.210.140.5:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 29 10:07:53 odin sshguard[561]: Blocking 103.41.124.47:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 29 11:21:00 odin sshguard[561]: Blocking 61.174.50.251:4 for >630secs: 40 danger in 4 attacks over 3 seconds (all: 40d in 1 abuses over 3s).
Nov 29 14:03:03 odin sshguard[561]: Blocking 62.210.141.237:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 29 14:05:50 odin sshguard[561]: Blocking 122.225.103.74:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 29 14:50:47 odin sshguard[561]: Blocking 101.64.236.205:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 29 17:07:04 odin sshguard[561]: Blocking 222.186.34.120:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 29 17:18:43 odin sshguard[561]: Blocking 222.186.34.120:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 705s).
Nov 29 17:35:01 odin sshguard[561]: Offender '222.186.34.120:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 29 17:35:01 odin sshguard[561]: Blocking 222.186.34.120:4 for >0secs: 40 danger in 4 attacks over 7 seconds (all: 120d in 3 abuses over 1683s).
Nov 29 17:46:03 odin sshguard[561]: Blocking 61.174.50.251:4 for >945secs: 40 danger in 4 attacks over 6 seconds (all: 80d in 2 abuses over 23106s).
Nov 29 18:06:09 odin sshguard[561]: Blocking 101.64.236.197:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 29 18:19:31 odin sshguard[561]: Blocking 61.174.50.225:4 for >630secs: 40 danger in 4 attacks over 5 seconds (all: 40d in 1 abuses over 5s).
Nov 29 21:09:16 odin sshguard[561]: Blocking 61.174.51.232:4 for >630secs: 40 danger in 4 attacks over 11 seconds (all: 40d in 1 abuses over 11s).
Nov 29 22:04:26 odin sshguard[561]: Blocking 62.210.172.56:4 for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s).
Nov 30 01:11:48 odin sshguard[561]: Offender '122.225.103.73:4' scored 120 danger in 3 abuses (threshold 120) -> blacklisted.
Nov 30 01:11:48 odin sshguard[561]: Blocking 122.225.103.73:4 for >0secs: 40 danger in 4 attacks over 8 seconds (all: 120d in 3 abuses over 128745s).
Nov 30 02:31:15 odin sshguard[561]: Blocking 61.174.50.244:4 for >945secs: 40 danger in 4 attacks over 3 seconds (all: 80d in 2 abuses over 96800s).
Nov 30 04:49:23 odin sshguard[561]: Blocking 103.41.124.50:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 30 05:53:28 odin sshguard[561]: Blocking 122.225.109.115:4 for >630secs: 40 danger in 4 attacks over 4 seconds (all: 40d in 1 abuses over 4s).
Nov 30 05:57:09 odin sshguard[561]: Blocking 101.64.236.201:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 30 06:46:44 odin sshguard[561]: Blocking 101.64.236.229:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 30 06:46:49 odin sshguard[561]: Blocking 220.177.198.32:4 for >945secs: 40 danger in 4 attacks over 11 seconds (all: 80d in 2 abuses over 192827s).
Nov 30 07:43:11 odin sshguard[561]: Blocking 62.210.172.152:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 30 08:08:22 odin sshguard[561]: Blocking 122.225.109.201:4 for >945secs: 40 danger in 4 attacks over 7 seconds (all: 80d in 2 abuses over 100614s).
Nov 30 08:23:32 odin sshguard[561]: Blocking 101.64.236.202:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
Nov 30 10:19:41 odin sshguard[561]: Blocking 103.41.124.27:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 30 10:35:07 odin sshguard[561]: Blocking 61.174.51.214:4 for >630secs: 40 danger in 4 attacks over 16 seconds (all: 40d in 1 abuses over 16s).
Nov 30 17:44:39 odin sshguard[561]: Blocking 122.225.109.218:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 30 17:56:29 odin sshguard[561]: Blocking 61.174.50.225:4 for >945secs: 40 danger in 4 attacks over 8 seconds (all: 80d in 2 abuses over 85023s).
Nov 30 18:00:05 odin sshguard[561]: Blocking 61.174.50.227:4 for >630secs: 40 danger in 4 attacks over 7 seconds (all: 40d in 1 abuses over 7s).
Nov 30 19:07:53 odin sshguard[561]: Blocking 103.41.124.52:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Nov 30 21:14:42 odin sshguard[561]: Blocking 61.174.50.249:4 for >630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over 6s).
Dec 01 04:30:23 odin sshguard[561]: Blocking 103.41.124.16:4 for >630secs: 40 danger in 4 attacks over 8 seconds (all: 40d in 1 abuses over 8s).
ewaller@odin ~ 1023 %

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#3 2014-12-01 19:41:14

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: SSH connections from China

Wilhelm wrote:

While investigating why my ssh-agent was down I noticed in sshd's log that there's multiple preauth connection from this ip: 61.157.200.222
The usernames were something like hedwig, hanna, heidi and so on.
The ip traces back to china
Country:   China
Country Code: CN (CHN)
Region: Sichuan
City: Chengdu
Local time: 02 Dec 01:26 (CST+0800)
Latitude: 30.6667
Longitude: 104.0667

Is there any way I could check is any harm done?
I have already disabled the sshd, but now and then I still need a ssh connection. Sshd should be running with public key authentication.

So what is the problem? You are running an internet-facing server. Of course people will try to connect to it from all over the globe, that's perfectly allowed. But you have "preauth" connections meaning that SSHD/PAM has denied authentication. Hence, no logins were made and the only harm was done to your HDD storing the logs.

If you have constrained SSHD to accept only keys, and not passwords, then just ignore those login attempts. If you don't want to see these attemtps in the logs, then use a port knoking solution, like knockd or directly via the iptables.

Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#4 2014-12-01 22:21:49

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,231
Website

Re: SSH connections from China

Moving thread to Networking, Server, and Protection

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

Pages: 1

Board footer

Powered by FluxBB