Today my home server encountered 2 attacks, possible a Linux worm.
Hopefully, it survived !!!
The attacks looks like a dumb attempt of password guessing over ssh.
It start probing for users: test, guest, admin, root. After some attempts,
it focuses on root by checking lots of passwords.

Look in /var/log/messages for zilions of lines like:

Mar 10 20:08:03 YourHost sshd[32246]: Connection from ::ffff:xx.xx.xx.xx
port xxxx
Mar 10 20:08:03 YourHost sshd(pam_unix)[32246]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=host.domain.net

The best thing to do is to add a firewall rule to allow ssh ONLY from a
limited numbers of computers you know you are going to be there.
When you are not remote, you may want to block ssh entirelly.


DragonSt0rm