Yep. About 50 minutes after I had stopped working on the webserver it appears someone tried to bruteforce their way into the server via SSH. Why they would be I have no idea and I've denied the IP for now (yay for IP tables) however, have a small sample of the usernames they were trying - Code: Nov 3 03:37:27 control sshd[1300]: input_userauth_request: invalid user admin Nov 3 03:37:27 control sshd[1301]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:37:29 control sshd[1301]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:37:29 control sshd[1301]: Invalid user admin from 186.215.110.66 Nov 3 03:37:29 control sshd[1302]: input_userauth_request: invalid user admin Nov 3 03:37:29 control sshd[1303]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:37:31 control sshd[1303]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:37:31 control sshd[1303]: Invalid user admin from 186.215.110.66 Nov 3 03:37:31 control sshd[1304]: input_userauth_request: invalid user admin Nov 3 03:37:31 control sshd[1305]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:37:32 control sshd[1305]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:37:32 control sshd[1305]: Invalid user admin from 186.215.110.66 Nov 3 03:37:32 control sshd[1306]: input_userauth_request: invalid user admin Nov 3 03:37:33 control sshd[1307]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:37:34 control sshd[1307]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:37:35 control sshd[1308]: Received disconnect from 186.215.110.66: 11: Bye Bye Nov 3 03:37:35 control sshd[1309]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:37:36 control sshd[1309]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:37:36 control sshd[1310]: Received disconnect from 186.215.110.66: 11: Bye Bye Nov 3 03:37:37 control sshd[1311]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:37:38 control sshd[1311]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:37:38 control sshd[1311]: Invalid user test from 186.215.110.66 Nov 3 03:37:38 control sshd[1312]: input_userauth_request: invalid user test Nov 3 03:37:39 control sshd[1313]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:37:40 control sshd[1313]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:37:40 control sshd[1313]: Invalid user test from 186.215.110.66 Nov 3 03:37:40 control sshd[1314]: input_userauth_request: invalid user test Nov 3 03:37:40 control sshd[1315]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:37:42 control sshd[1315]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:37:42 control sshd[1315]: Invalid user webmaster from 186.215.110.66 Nov 3 03:37:42 control sshd[1316]: input_userauth_request: invalid user webmaster A different session - Nov 3 03:36:47 control sshd[1249]: input_userauth_request: invalid user info Nov 3 03:36:47 control sshd[1250]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:36:49 control sshd[1250]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:36:49 control sshd[1250]: Invalid user tony from 186.215.110.66 Nov 3 03:36:49 control sshd[1251]: input_userauth_request: invalid user tony Nov 3 03:36:49 control sshd[1252]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:36:51 control sshd[1252]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:36:51 control sshd[1252]: Invalid user newsletter from 186.215.110.66 Nov 3 03:36:51 control sshd[1253]: input_userauth_request: invalid user newsletter Nov 3 03:36:51 control sshd[1254]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:36:53 control sshd[1254]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:36:53 control sshd[1254]: Invalid user named from 186.215.110.66 Nov 3 03:36:53 control sshd[1255]: input_userauth_request: invalid user named Nov 3 03:36:53 control sshd[1256]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:36:55 control sshd[1256]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:36:55 control sshd[1256]: Invalid user visitor from 186.215.110.66 Nov 3 03:36:55 control sshd[1257]: input_userauth_request: invalid user visitor Nov 3 03:36:55 control sshd[1258]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:36:57 control sshd[1258]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:36:57 control sshd[1258]: Invalid user ftpuser from 186.215.110.66 Nov 3 03:36:57 control sshd[1259]: input_userauth_request: invalid user ftpuser Nov 3 03:36:57 control sshd[1260]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:36:58 control sshd[1260]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:36:58 control sshd[1260]: Invalid user username from 186.215.110.66 Nov 3 03:36:58 control sshd[1261]: input_userauth_request: invalid user username Nov 3 03:36:59 control sshd[1262]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:37:00 control sshd[1262]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:37:00 control sshd[1262]: Invalid user library from 186.215.110.66 Nov 3 03:37:00 control sshd[1263]: input_userauth_request: invalid user library Nov 3 03:37:01 control sshd[1264]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:37:02 control sshd[1264]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:37:02 control sshd[1264]: Invalid user test from 186.215.110.66 Nov 3 03:37:02 control sshd[1265]: input_userauth_request: invalid user test Nov 3 03:37:03 control sshd[1266]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed Nov 3 03:37:04 control sshd[1266]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT! Nov 3 03:37:04 control sshd[1267]: Received disconnect from 186.215.110.66: 11: Bye Bye Now it's technically impossible to bruteforce your way into the webserver seeing as I use a key for authentication, not a password. Also those seem rather generic :v: