Log: sshd-failed-password-gitlab
May 12 21:28:26 log1 sshd[31245]: Invalid user gitlab from 216.158.228.199 port 59318
For: Linux/BSD servers running SSHD
Meaning: SSHD failed login attempt for an invalid user. We see them often on brute force attacks, where many users are tried - in this case for gitlab. The IP is from the IS-AS-1 ASN - pointing to santovapor, which is likely compromised.
What to do: Block IP / Use strong passwords via SSH / Only allow SSH keys.
Get
Started