I set up a new user yesterday and went to check /var/log/auth to see if they had logged in yet.
I noticed that there were a ton of entries from a Chinese IP address that looks as if they were trying to brute force the root account. Root login is disabled, so there are tons of other logs trying various administrative accounts. Password login is disabled on my personal account, I use a key.
What's the best way to stop this before someone happens to compromise something?
[link][24 comments]