New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Over 1000+ lines in /var/log/messages
Found below same messages (Over 1000+ lines) in /var/log/messages (Centos).
What is this and what should I do. Many thanks.
web kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=00:16:3e:50:99:e0:00:15:c7:26:3b:00:08:00 SRC=116.31.116.30 DST=MY-IP-ADDRESS LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=18318 DF PROTO=TCP SPT=58125 DPT=22 WINDOW=29200 R$$9200 RES=0x00 SYN URGP=0
Comments
Remove the directives for logging firewall hits from your iptables config.
Traffic from 116.31.116.30 was blocked for port22.
Someone is trying to break-in to your server by brute-forcing SSH.
Install
ufw
and runufw limit ssh
.Install
fail2ban
Use Stribika's tutorial to secure your SSH configuration.
only a thousand lines..............
When you are logging this, use "limit" module (i.e. "-m limit --limit 3/minute -j LOG"). Otherwise you could fill up your log-partition quickly.
But personally I simply moved ssh to different port, and I do not log this at all. Instead I'm using ipsets and move there every source-ip trying to open connection to closed port.
Many thanks for your help