New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Need information.
I just found this on my auth.log dated Oct 1:
!(http://picpaste.com/attempt1-ywvZoQFs.jpg)
I'm not sure why it has 5 digits of IP? Because normally i have this:
!(http://picpaste.com/attempt-F1zpNjW7.jpg)
4 digits on IP.
Can someone enlighten me? Thanks in advance.
Comments
It's rDNS I think
Oh i missed the - instead of .
But shouldn't rDNS show the domain also?
The domain is "1984.is"
I also think it is rdns
The recommended install denyhosts protect your sshd
Or fail2ban. Either way, life (or at least log parsing) will become easier if you outright block the source of repeated failed login attempts.
Oh okay, got it now. Missed the .is, I'm currently re-creating my security. Thanks!
Some hosts allows anything as rDNS
I found some IP having rDNS entry as "troll.face" lol
@Asim yes, but decent software verifies that there is a matching forward DNS for the rDNS, otherwise just the IP would be put in logs instead of the name.
I've noticed some providers will actually set up a fake rDNS for their customers such as IP-Address.Sprint.Mobile.com etc to mimic coming from a mobile device. (I guess intended for something like Facebook spam/login/etc).
@rds100 - I've used many control panels for dedicated server, all of them allowed anything to be set without verification. However, the only one that actually checked is OVH's control panel - it verifies.
Sounds like a TOR node.
http://1984.is/ that is a webhosting company
contact 1984.is tell them