SSH login into server - not mine

itmonitor

• September 08, 2015 15:01

Hello, I have a LAMP KVM server, with WHM installed into it. I received an email alert about an SSH login, from another country far from where I am based. Below you have the email report text. Aside this login coming from another country (I blocked the IP at the firewall and at cphulk), I would like to understand: 1. what does it mean "Method: keyboard-interactive/pam authentication". 2. is there any way to force logout from all users logged in into WHM? Any advice is welcome! :) IM
From: Date: 2015-09-08 21:37 GMT+02:00 Subject: lfd on xxxx.xxxx.com: SSH login alert for user root from 85.159.xxx.xxx (NL/Netherlands/tsn85-159-236-219.dyn.nltelcom.net) To: root@xxx.xxx.com Time: Tue Sep 8 15:37:42 2015 -0400 IP: 85.159.xxx.xxx (NL/Netherlands/tsn85-159-236-219.dyn.nltelcom.net) Account: root Method: keyboard-interactive/pam authentication

• 

  Infopro

  • September 08, 2015 21:30

  1) Google is your friend: You should follow proper security procedures and lock the server down a bit more:

  0
• 

  itmonitor

  • September 09, 2015 20:17

  Hi Infopro, many thanks for pointing to me those articles.

  0

Please sign in to leave a comment.