Is this server hacked or just login attempts ? See log

ssh hacking login log-files

lastb only shows login failures. Use last to see successful logins.


It shows people trying to upload or download content. The "notty" part means no tty (where tty is short for teletype) which these days means no monitor or gui, and the ssh indicates port 22, which taken together mean something like scp or rsync.

So not hacking or login attempts, but wrong or mistyped passwords. It might be some content was located via google, but required a password which someone tried to guess.

Actually, on reflection, the above is not right. They could be failed login attempts via ssh, as the questioner suspected; and (as I missed first time) they are at regular 21 or 22 minute intervals which suggests a degree of automation, but lastb shows failures by definition, so these results would need to be compared against last to see if any were successful.

Related

How can I connect to the same server in Agar.io? [duplicate]
How do I live-stream games?
What is the best method of getting better at micro in Starcraft 2?
How to determine what your opponent is up to?
Which house is the best investment to build up money?
How do I use the Galaxy Map's View tab to see where I can sell commodities?
Fill up furnaces all at once by hopper
Cannot add or update a child row: a foreign key constraint fails
How do I raise a Response Forbidden in django
Display the current time and date in an Android application
Getting Django admin url for an object
mongo - couldn't connect to server 127.0.0.1:27017