ericmurphy
Registered
I was going through my system log recently, for a completely unrelated reason, when I came across the following entries:
Feb 27 17:04:23 DeepBlu DirectoryService[38]: Failed Authentication return is being delayed due to over five recent auth failures for username: <user2>.
Feb 27 17:18:06 DeepBlu DirectoryService[38]: Failed Authentication return is being delayed due to over five recent auth failures for username: <user3>.
Feb 27 17:21:15 DeepBlu DirectoryService[38]: Failed Authentication return is being delayed due to over five recent auth failures for username: <user1>.
Feb 27 17:23:41 DeepBlu DirectoryService[38]: Failed Authentication return is being delayed due to over five recent auth failures for username: <user1>.
(Obviously I replaced the names of actual user accounts with <userx>)
Is this evidence of an attempt to break into my system? It looks like an attempt to login (not sure whether via ssh, ftp, etc) one each of three different accounts (there are five other accounts, but these would be the three most obvious to someone who knows me pretty well). Fortunately, none of the three are administrative accounts, but it's got me worried nevertheless. Only one of these accounts is likely to be used on any given day, and these log entries are all within a few minutes of each other.
Or are these just common system errors?
Feb 27 17:04:23 DeepBlu DirectoryService[38]: Failed Authentication return is being delayed due to over five recent auth failures for username: <user2>.
Feb 27 17:18:06 DeepBlu DirectoryService[38]: Failed Authentication return is being delayed due to over five recent auth failures for username: <user3>.
Feb 27 17:21:15 DeepBlu DirectoryService[38]: Failed Authentication return is being delayed due to over five recent auth failures for username: <user1>.
Feb 27 17:23:41 DeepBlu DirectoryService[38]: Failed Authentication return is being delayed due to over five recent auth failures for username: <user1>.
(Obviously I replaced the names of actual user accounts with <userx>)
Is this evidence of an attempt to break into my system? It looks like an attempt to login (not sure whether via ssh, ftp, etc) one each of three different accounts (there are five other accounts, but these would be the three most obvious to someone who knows me pretty well). Fortunately, none of the three are administrative accounts, but it's got me worried nevertheless. Only one of these accounts is likely to be used on any given day, and these log entries are all within a few minutes of each other.
Or are these just common system errors?