Does the output of "last" reset at the start of the month or something?
/var/log/messages contains a ton
of attempts at brute-forcing my password. (A search for "authentication failure" returns 905 lines. 632 came from one LACNIC IP.)
Anyway, the box shows no signs of being hacked (load average of 0.00, almost nothing showing on my ISP's MRTG chart for my box), but I ran "last" just to make sure no one got in.
root pts/0 [my IP here] Tue Nov 1 07:31 still logged in
wtmp begins Tue Nov 1 07:31:34 2005
This is kind of disconcerting, as I log in a lot more often, and there are usually a lot more entries. Is it normal for it to have reset like that?
By the way, isn't the default behavior of ssh to sleep at increasing intervals between unsuccessful login attempts? This guy (actaully, 2 of them) was trying a ton a second.