We have to be honest, logs are often an after thought to most developers. Many logs are pretty cryptic unless you can look at the code and see what is going on. In this section, we will share what we think of a specific log: - the cryptic ones, the fun ones and some of the ones we see more often.
May 12 21:28:26 log1 sshd[31245]: Invalid user gitlab from 216.158.228.199 port 59318ID: sshd-failed-password-gitlab
For: Linux/BSD servers running SSHD
Meaning: SSHD failed login attempt for an invalid user. We see them often on brute force attacks, where many users are tried - in this case for gitlab. The IP is from the IS-AS-1 ASN - pointing to santovapor, which is likely compromised.
What to do: Block IP / Use strong passwords via SSH / Only allow SSH keys.