From HostThyself

In the /etc/secure log you may see this line

Apr 10 09:20:46 mybox sshd[12974]: Accepted password for mybox from 
::ffff:nnn.nnn.nnn.nnn port 33294 ssh2
Apr 10 17:20:46 mybox sshd[12973]: Accepted password for mybox from 
::ffff:nnn.nnn.nnn.nnn port 33294 ssh2
Apr 10 17:20:46 mybox sshd[12975]: subsystem request for sftp
Apr 10 17:21:29 mybox sshd[12983]: reverse mapping checking getaddrinfo for 
somehost.example.com failed - POSSIBLE BREAKIN ATTEMPT!

This could be due to a failed reverse DNS lookup, and will happen with legit logins too if the host has no reverse DNS. This particular message can be silenced by adding to /etc/ssh/sshd_config:

UseDNS no