OpenVZ Forum: Support » sshd: [accepted] and other attacks

Home » General » Support » sshd: [accepted] and other attacks

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

sshd: [accepted] and other attacks [message #35448]

Thu, 26 March 2009 17:36

jevelyt
Messages: 19
Registered: January 2009

Junior Member

Hello, I recently noticed that in "top" are unknown processes which eats alot of CPU and server is lagging but not all the time. They starts most in the peak time(evening ~7-9 PM)

Here you can see part of them: http://ikelk.lt/pastes/RXi9meaIlu
17435 ? Ss 0:00 sshd: unknown [priv]
17436 ? Ss 0:00 sshd: unknown [priv]
17437 ? Ss 0:00 sshd: [accepted]
17438 ? Ss 0:00 sshd: unknown [priv]
17442 ? Rs 0:00 sshd: [accepted]
17444 ? Ss 0:00 sshd: unknown [priv]
....................

I think that is sshd and other types of attacks. They are atacking main server and containers.
How to fight with it? How to prevent them of eating so much CPU, because it's consumption are near the 100%..

[Updated on: Thu, 26 March 2009 17:38]

Report message to a moderator

Re: sshd: [accepted] and other attacks [message #35462 is a reply to message #35448]

Fri, 27 March 2009 10:21

maratrus
Messages: 1495
Registered: August 2007
Location: Moscow

Senior Member

Hello,

seems you're right. Someone tries to access your server via ssh.
Look at /var/log/secure to learn more details (ip addresses of the attackers).
Then you may use firewall or just look a little bit for another solution , for example http://denyhosts.sourceforge.net/

Report message to a moderator