I discover this on my auth.log, Is it an attack?, what can i do?? thanks: May 16 11:23:21 omaxserver sshd[29974]: Failed password for invalid user http from 64.184.4.15 port 39138 ssh2 May 16 11:23:24 omaxserver sshd[29976]: Invalid user httpd from 64.184.4.15 May 16 11:23:24 omaxserver sshd[29976]: Address 64.184.4.15 maps to mx1.citznet.com, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT! May 16 11:23:24 omaxserver sshd[29976]: (pam_unix) check pass; user unknown May 16 11:23:24 omaxserver sshd[29976]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.184.4.15 May 16 11:23:25 omaxserver sshd[29976]: Failed password for invalid user httpd from 64.184.4.15 port 42929 ssh2 May 16 11:23:28 omaxserver sshd[29980]: Invalid user pop from 64.184.4.15 May 16 11:23:28 omaxserver sshd[29980]: Address 64.184.4.15 maps to mx1.citznet.com, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT! .....And a lot of attempts.....
Have a look at this tutorial: http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
