Possible worm warning
Today my home server encountered 2 attacks, possible a Linux worm.
Hopefully, it survived !!!
The attacks looks like a dumb attempt of password guessing over ssh.
It start probing for users: test, guest, admin, root. After some attempts,
it focuses on root by checking lots of passwords.
Look in /var/log/messages for zilions of lines like:
Mar 10 20:08:03 YourHost sshd: Connection from ::ffff:xx.xx.xx.xx
Mar 10 20:08:03 YourHost sshd(pam_unix): authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=host.domain.net
The best thing to do is to add a firewall rule to allow ssh ONLY from a
limited numbers of computers you know you are going to be there.
When you are not remote, you may want to block ssh entirelly.