Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Need information.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Need information.

juanjuan Member
edited November 2012 in Help

I just found this on my auth.log dated Oct 1:

!(http://picpaste.com/attempt1-ywvZoQFs.jpg)

I'm not sure why it has 5 digits of IP? Because normally i have this:

!(http://picpaste.com/attempt-F1zpNjW7.jpg)

4 digits on IP.

Can someone enlighten me? Thanks in advance.

Comments

  • It's rDNS I think

  • Oh i missed the - instead of .

    But shouldn't rDNS show the domain also?

  • The domain is "1984.is"

  • XSXXSX Member, Host Rep

    I also think it is rdns
    The recommended install denyhosts protect your sshd

  • Or fail2ban. Either way, life (or at least log parsing) will become easier if you outright block the source of repeated failed login attempts.

  • Oh okay, got it now. Missed the .is, I'm currently re-creating my security. Thanks!

  • Some hosts allows anything as rDNS :)
    I found some IP having rDNS entry as "troll.face" lol

  • @Asim yes, but decent software verifies that there is a matching forward DNS for the rDNS, otherwise just the IP would be put in logs instead of the name.

  • kbeeziekbeezie Member
    edited November 2012

    I've noticed some providers will actually set up a fake rDNS for their customers such as IP-Address.Sprint.Mobile.com etc to mimic coming from a mobile device. (I guess intended for something like Facebook spam/login/etc).

  • rskrsk Member, Patron Provider

    @rds100 said: @Asim yes, but decent software verifies that there is a matching forward DNS for the rDNS, otherwise just the IP would be put in logs instead of the name.

    @rds100 - I've used many control panels for dedicated server, all of them allowed anything to be set without verification. However, the only one that actually checked is OVH's control panel - it verifies.

  • joepie91joepie91 Member, Patron Provider

    @rds100 said: The domain is "1984.is"

    Sounds like a TOR node.

  • http://1984.is/ that is a webhosting company

  • contact 1984.is tell them

Sign In or Register to comment.