What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dropbear[31615]: login attempt for nonexistent user from

L

Logi

Senior Member
Hi, today I was checking the router's System Log and found the following messages, is it possible that somebody is trying to hack the router? I do not have WAN access enabled, but I did have SSH enabled, now I have changed SSH to LAN Only. Any other suggestion to secure the router against these type of attacks? thanks

Apr 1 18:50:17 dropbear[31615]: login attempt for nonexistent user from ::ffff:103.231.211.250:34800
Apr 1 18:50:20 dropbear[31616]: login attempt for nonexistent user from ::ffff:103.231.211.250:35790
Apr 1 18:50:23 dropbear[31619]: login attempt for nonexistent user from ::ffff:103.231.211.250:36714
Apr 1 18:50:26 dropbear[31700]: login attempt for nonexistent user from ::ffff:103.231.211.250:37688
Apr 1 18:50:29 dropbear[31701]: login attempt for nonexistent user from ::ffff:103.231.211.250:38668
Apr 1 18:50:32 dropbear[31702]: login attempt for nonexistent user from ::ffff:103.231.211.250:39646
Apr 1 18:50:35 dropbear[31703]: login attempt for nonexistent user from ::ffff:103.231.211.250:40557
Apr 1 18:50:38 dropbear[31704]: login attempt for nonexistent user from ::ffff:103.231.211.250:41416
Apr 1 18:50:41 dropbear[31705]: login attempt for nonexistent user from ::ffff:103.231.211.250:42368
Apr 1 18:50:44 dropbear[31706]: login attempt for nonexistent user from ::ffff:103.231.211.250:43255
Apr 1 18:50:47 dropbear[31707]: login attempt for nonexistent user from ::ffff:103.231.211.250:44189
Apr 1 18:50:50 dropbear[31708]: login attempt for nonexistent user from ::ffff:103.231.211.250:44952
Apr 1 18:50:54 dropbear[31712]: login attempt for nonexistent user from ::ffff:103.231.211.250:45798
Apr 1 18:50:56 dropbear[31793]: login attempt for nonexistent user from ::ffff:103.231.211.250:46704
Apr 1 18:50:59 dropbear[31794]: login attempt for nonexistent user from ::ffff:103.231.211.250:47549
Apr 1 18:51:02 dropbear[31795]: login attempt for nonexistent user from ::ffff:103.231.211.250:48306
Apr 1 18:51:05 dropbear[31796]: login attempt for nonexistent user from ::ffff:103.231.211.250:49050
Apr 1 18:51:08 dropbear[31798]: login attempt for nonexistent user from ::ffff:103.231.211.250:49817
Apr 1 18:51:11 dropbear[31799]: login attempt for nonexistent user from ::ffff:103.231.211.250:50587
Apr 1 18:51:14 dropbear[31800]: login attempt for nonexistent user from ::ffff:103.231.211.250:51395
Apr 1 18:51:17 dropbear[31801]: login attempt for nonexistent user from ::ffff:103.231.211.250:52077
Apr 1 18:51:20 dropbear[31802]: login attempt for nonexistent user from ::ffff:103.231.211.250:52820
Apr 1 18:51:23 dropbear[31805]: login attempt for nonexistent user from ::ffff:103.231.211.250:53509
Apr 1 18:51:26 dropbear[31886]: login attempt for nonexistent user from ::ffff:103.231.211.250:54218
Apr 1 18:51:29 dropbear[31887]: login attempt for nonexistent user from ::ffff:103.231.211.250:54841
Apr 1 18:51:31 dropbear[31888]: login attempt for nonexistent user from ::ffff:103.231.211.250:55481
Apr 1 18:51:34 dropbear[31889]: login attempt for nonexistent user from ::ffff:103.231.211.250:56114
Apr 1 18:51:37 dropbear[31890]: login attempt for nonexistent user from ::ffff:103.231.211.250:56779
Apr 1 18:51:40 dropbear[31891]: login attempt for nonexistent user from ::ffff:103.231.211.250:57345
Apr 1 18:51:43 dropbear[31892]: login attempt for nonexistent user from ::ffff:103.231.211.250:58001
Apr 1 18:51:46 dropbear[31893]: login attempt for nonexistent user from ::ffff:103.231.211.250:58654
Apr 1 18:51:49 dropbear[31894]: login attempt for nonexistent user from ::ffff:103.231.211.250:59305
Apr 1 18:51:52 dropbear[31898]: login attempt for nonexistent user from ::ffff:103.231.211.250:59907
Apr 1 18:51:55 dropbear[31899]: login attempt for nonexistent user from ::ffff:103.231.211.250:60555
Apr 1 18:51:58 dropbear[31980]: login attempt for nonexistent user from ::ffff:103.231.211.250:32961
Apr 1 18:52:01 dropbear[31981]: login attempt for nonexistent user from ::ffff:103.231.211.250:33611
Apr 1 18:52:04 dropbear[31982]: login attempt for nonexistent user from ::ffff:103.231.211.250:34258
Apr 1 18:52:06 dropbear[31984]: login attempt for nonexistent user from ::ffff:103.231.211.250:34840
Apr 1 18:52:09 dropbear[31985]: login attempt for nonexistent user from ::ffff:103.231.211.250:35494
Apr 1 18:52:13 dropbear[31986]: login attempt for nonexistent user from ::ffff:103.231.211.250:36063
Apr 1 18:52:16 dropbear[31987]: login attempt for nonexistent user from ::ffff:103.231.211.250:36810
Apr 1 18:52:19 dropbear[31988]: login attempt for nonexistent user from ::ffff:103.231.211.250:37424
Apr 1 18:52:22 dropbear[31991]: login attempt for nonexistent user from ::ffff:103.231.211.250:38040
Apr 1 18:52:25 dropbear[31992]: login attempt for nonexistent user from ::ffff:103.231.211.250:38614
Apr 1 18:52:27 dropbear[32073]: login attempt for nonexistent user from ::ffff:103.231.211.250:39247
Apr 1 18:52:30 dropbear[32074]: login attempt for nonexistent user from ::ffff:103.231.211.250:39844
Apr 1 18:52:33 dropbear[32075]: login attempt for nonexistent user from ::ffff:103.231.211.250:40452
Apr 1 18:52:36 dropbear[32076]: login attempt for nonexistent user from ::ffff:103.231.211.250:41062
Apr 1 18:52:39 dropbear[32077]: login attempt for nonexistent user from ::ffff:103.231.211.250:41698
Apr 1 18:52:42 dropbear[32078]: login attempt for nonexistent user from ::ffff:103.231.211.250:42276
Apr 1 18:52:45 dropbear[32079]: login attempt for nonexistent user from ::ffff:103.231.211.250:42889
Apr 1 18:52:49 dropbear[32084]: login attempt for nonexistent user from ::ffff:103.231.211.250:43467
Apr 1 18:52:52 dropbear[32091]: login attempt for nonexistent user from ::ffff:103.231.211.250:44263
 
Logi said:
Hi, today I was checking the router's System Log and found the following messages, is it possible that somebody is trying to hack the router? I do not have WAN access enabled, but I did have SSH enabled, now I have changed SSH to LAN Only. Any other suggestion to secure the router against these type of attacks? thanks
Click to expand...

Someone is rattling the door to see if it's locked on the standard SSH port - happens all the time...

If you don't need external SSH, then turn it off... if you need it, have a strong password or keys, and/or move SSH to another port...

From my logs in the last 24 hours, nothing to worry about - it's just noise:

--------------------- SSHD Begin ------------------------

Disconnecting after too many authentication failures for user:
root : 22 Time(s)

Illegal users from:
undef: 9 times
23.96.237.46: 4 times
58.218.199.166: 2 times
58.218.204.30: 2 times
58.218.204.211: 2 times
58.218.204.248: 2 times
58.218.205.97: 2 times
58.218.205.101: 2 times
58.218.211.11: 2 times
58.218.211.244: 2 times
62.138.2.209 (astra4206.startdedicated.com): 2 times
70.168.209.22 (wsip-70-168-209-22.hr.hr.cox.net): 2 times
91.227.222.62 (audio.happilymarriedeverafter.com): 2 times
103.17.54.169: 2 times
103.39.133.244 (static-133-39-103.rackbank.com): 1 time
111.166.154.19 (dns19.online.tj.cn): 2 times
117.145.177.59: 2 times
169.50.15.75 (4b.0f.32a9.ip4.static.sl-reverse.com): 2 times
183.3.202.88: 2 times
185.103.252.12: 2 times
200.214.188.162: 3 times
217.112.92.36 (217-112-92-36.hosting.jpcompserv.net): 2 times
221.229.162.7: 2 times

Login attempted when not in AllowUsers list:
root : 35 Time(s)

Received disconnect:
11: Bye Bye [preauth] : 17 Time(s)
11: Normal Shutdown [preauth] : 2 Time(s)
11: disconnected by user : 1 Time(s)

**Unmatched Entries**
error: maximum authentication attempts exceeded for invalid user root from 183.3.202.88 port 56474 ssh2 [preauth] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 221.229.162.7 port 55712 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.204.248 port 34665 ssh2] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.211.11 port 53380 ssh2 [preauth] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.204.248 port 34665 ssh2 [preauth] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.204.30 port 50226 ssh2] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.205.97 port 32886 ssh2 [preauth] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.204.30 port 59387 ssh2] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.204.211 port 39248 ssh2 [preauth] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.204.248 port 58807 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 221.229.162.7 port 46554 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.211.11 port 53441 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.204.211 port 39248 ssh2] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.211.244 port 36602 ssh2 [preauth] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.199.166 port 39343 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.199.166 port 44217 ssh2] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.199.166 port 39343 ssh2 [preauth] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 183.3.202.88 port 56474 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.205.97 port 32886 ssh2] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.211.244 port 34089 ssh2 [preauth] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 111.166.154.19 port 50569 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.205.97 port 38826 ssh2] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.204.30 port 50226 ssh2 [preauth] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.204.211 port 38342 ssh2 [preauth] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 183.3.202.88 port 22847 ssh2 [preauth] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.205.101 port 59596 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.211.11 port 53380 ssh2] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.199.166 port 44217 ssh2 [preauth] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.204.248 port 58807 ssh2 [preauth] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.205.101 port 59596 ssh2 [preauth] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.204.30 port 59387 ssh2 [preauth] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 221.229.162.7 port 55712 ssh2 [preauth] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.205.101 port 37040 ssh2 [preauth] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.211.11 port 53441 ssh2 [preauth] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 111.166.154.19 port 50532 ssh2 [preauth] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 111.166.154.19 port 50532 ssh2] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 58.218.205.97 port 38826 ssh2 [preauth] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.211.244 port 34089 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 183.3.202.88 port 22847 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.205.101 port 37040 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.204.211 port 38342 ssh2] : 1 time(s)
message repeated 2 times: [ Failed password for invalid user root from 58.218.211.244 port 36602 ssh2] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 111.166.154.19 port 50569 ssh2 [preauth] : 1 time(s)
error: maximum authentication attempts exceeded for invalid user root from 221.229.162.7 port 46554 ssh2 [preauth] : 1 time(s)

---------------------- SSHD End -------------------------
 
You must log in or register to reply here.

Similar threads

I
dropbear[...]: Login attempt for nonexistent user from [External IP]
Replies
4
Views
510
igor469
I
T
Having some problems with my home network. Please Help!
Replies
3
Views
1K
triggerh4ppy
T
K
Issue with system log for Asus AX88U
Replies
1
Views
1K
ColinTaylor
C
L
Under attack? Tons of child connections attempts and tons of network issues
Replies
4
Views
3K
ColinTaylor
C
garycnew
Tutorial [SOLUTION] Asuswrt-Merlin DropBear SSH-Key Based Auth To/From AiMesh Nodes & Workstations Tutorial
Replies
0
Views
6K
garycnew
garycnew

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 959 (members: 17, guests: 942)
Back
Top