They just started showing up on a couple systems I administer also. Those systems had had that port open for years, so I'm not sure why I was suddenly targeted. I did complain to the administrator for several of the probing systems and one responded that their system had been compromised. I closed port 22 on both of my systems. Eric On Saturday 07 August 2004 09:13, nate at refried.org wrote: > Has anyone else been getting these messages in their logs? It's mostly > attempts to log in as "guest" or "test" through SSH. > > On Tue, Jul 27, 2004 at 04:02:16PM -0000, logcheck at refried.org wrote: > > Security Events > > =-=-=-=-=-=-=-= > > Jul 27 10:26:22 candle sshd[4246]: Failed password for illegal user test > > from 61.109.156.5 port 3995 ssh2 Jul 27 10:26:24 candle sshd[4248]: <snip log entries> > Nate > _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list