[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]






 "http://www.w3.org/TR/html4/loose.dtd">

<li>date: Sun Feb 6 18:06:30 2005</li>
<li>from: jimmyc at speedfactory.net (Jim Philips)</li>
<li>in-reply-to: <<a href="msg00189.html">[email protected]</a>></li>
<li>references: <<a href="msg00188.html">[email protected]</a>> <<a href="msg00189.html">[email protected]</a>></li>
<li>subject: [ale] hack attempts</li>

On Sunday 06 February 2005 05:55 pm, Robert L. Harris wrote:
&gt; This could easily be a standard bruteforce ssh attack.  A number of
&gt; servers at my office are constantly being hit by this.
&gt;
&gt; Thus spake Jim Philips (jimmyc at speedfactory.net):
&gt; &gt; There may be a connection to my DNS issue here. When checking logs this
&gt; &gt; morning, I found numerous attempts to log on to my system as bogus users
&gt; &gt; coming in through ssh. Here are come log entries:
&gt; &gt;
&gt; &gt; Feb  6 06:36:34 localhost sshd[1629]: Did not receive identification
&gt; &gt; string from 62.193.234.89
&gt; &gt; Feb  6 06:53:54 localhost sshd[1655]: Failed password for nobody from
&gt; &gt; 62.193.234.89 port 36459 ssh2
&gt; &gt; Feb  6 06:53:55 localhost sshd[1659]: Invalid user patrick from
&gt; &gt; 62.193.234.89
&gt; &gt; Feb  6 06:53:55 localhost sshd[1659]: Failed password for invalid user
&gt; &gt; patrick from 62.193.234.89 port 37002 ssh2
&gt; &gt; Feb  6 06:53:57 localhost sshd[1663]: Invalid user patrick from
&gt; &gt; 62.193.234.89
&gt; &gt; Feb  6 06:53:57 localhost sshd[1663]: Failed password for invalid user
&gt; &gt; patrick from 62.193.234.89 port 37199 ssh2
&gt; &gt; Feb  6 06:53:58 localhost sshd[1667]: Failed password for root from
&gt; &gt; 62.193.234.89 port 37371 ssh2
&gt; &gt; Feb  6 06:53:59 localhost sshd[1671]: Failed password for root from
&gt; &gt; 62.193.234.89 port 37529 ssh2
&gt; &gt; Feb  6 06:54:00 localhost sshd[1675]: Failed password for root from
&gt; &gt; 62.193.234.89 port 38491 ssh2
&gt; &gt; Feb  6 06:54:01 localhost sshd[1679]: Failed password for root from
&gt; &gt; 62.193.234.89 port 38700 ssh2
&gt; &gt; Feb  6 06:54:03 localhost sshd[1683]: Failed password for root from
&gt; &gt; 62.193.234.89 port 38863 ssh2
&gt; &gt; Feb  6 06:54:04 localhost sshd[1687]: Invalid user rolo from
&gt; &gt; 62.193.234.89 Feb  6 06:54:04 localhost sshd[1687]: Failed password for
&gt; &gt; invalid user rolo from 62.193.234.89 port 39016 ssh2
&gt; &gt; Feb  6 06:54:05 localhost sshd[1691]: Invalid user iceuser from
&gt; &gt; 62.193.234.89
&gt; &gt; Feb  6 06:54:05 localhost sshd[1691]: Failed password for invalid user
&gt; &gt; iceuser from 62.193.234.89 port 39503 ssh2
&gt; &gt; Feb  6 06:54:06 localhost sshd[1695]: Invalid user horde from
&gt; &gt; 62.193.234.89 Feb  6 06:54:06 localhost sshd[1695]: Failed password for
&gt; &gt; invalid user horde from 62.193.234.89 port 40047 ssh2
&gt; &gt; Feb  6 06:54:07 localhost sshd[1699]: Invalid user cyrus from
&gt; &gt; 62.193.234.89 Feb  6 06:54:07 localhost sshd[1699]: Failed password for
&gt; &gt; invalid user cyrus from 62.193.234.89 port 40265 ssh2
&gt; &gt; Feb  6 06:54:08 localhost sshd[1703]: Invalid user www from 62.193.234.89
&gt; &gt; Feb  6 06:54:08 localhost sshd[1703]: Failed password for invalid user
&gt; &gt; www from 62.193.234.89 port 40467 ssh2
&gt; &gt; Feb  6 06:54:10 localhost sshd[1707]: Invalid user wwwrun from
&gt; &gt; 62.193.234.89 Feb  6 06:54:10 localhost sshd[1707]: Failed password for
&gt; &gt; invalid user wwwrun from 62.193.234.89 port 40952 ssh2
&gt; &gt; Feb  6 06:54:11 localhost sshd[1711]: Invalid user matt from
&gt; &gt; 62.193.234.89 Feb  6 06:54:11 localhost sshd[1711]: Failed password for
&gt; &gt; invalid user matt from 62.193.234.89 port 41520 ssh2
&gt; &gt; Feb  6 06:54:12 localhost sshd[1715]: Invalid user test from
&gt; &gt; 62.193.234.89 Feb  6 06:54:12 localhost sshd[1715]: Failed password for
&gt; &gt; invalid user test from 62.193.234.89 port 41706 ssh2
&gt; &gt; Feb  6 06:54:13 localhost sshd[1719]: Invalid user test from
&gt; &gt; 62.193.234.89 Feb  6 06:54:13 localhost sshd[1719]: Failed password for
&gt; &gt; invalid user test from 62.193.234.89 port 42253 ssh2
&gt; &gt; Feb  6 06:54:14 localhost sshd[1723]: Invalid user test from
&gt; &gt; 62.193.234.89 Feb  6 06:54:14 localhost sshd[1723]: Failed password for
&gt; &gt; invalid user test from 62.193.234.89 port 42750 ssh2
&gt; &gt; Feb  6 06:54:15 localhost sshd[1727]: Invalid user test from
&gt; &gt; 62.193.234.89 Feb  6 06:54:15 localhost sshd[1727]: Failed password for
&gt; &gt; invalid user test from 62.193.234.89 port 42994 ssh2
&gt; &gt; Feb  6 06:54:17 localhost sshd[1731]: Invalid user www-data from
&gt; &gt; 62.193.234.89
&gt; &gt; Feb  6 06:54:17 localhost sshd[1731]: Failed password for invalid user
&gt; &gt; www-data from 62.193.234.89 port 43569 ssh2
&gt; &gt; Feb  6 06:54:18 localhost sshd[1735]: Failed password for mysql from
&gt; &gt; 62.193.234.89 port 44126 ssh2
&gt; &gt; Feb  6 06:54:19 localhost sshd[1739]: Failed password for operator from
&gt; &gt; 62.193.234.89 port 44280 ssh2
&gt; &gt; Feb  6 06:54:20 localhost sshd[1743]: Failed password for adm from
&gt; &gt; 62.193.234.89 port 44759 ssh2
&gt; &gt; Feb  6 06:54:21 localhost sshd[1747]: Invalid user apache from
&gt; &gt; 62.193.234.89 Feb  6 06:54:21 localhost sshd[1747]: Failed password for
&gt; &gt; invalid user apache from 62.193.234.89 port 45331 ssh2
&gt; &gt; Feb  6 06:54:22 localhost sshd[1751]: Invalid user irc from 62.193.234.89
&gt; &gt;
&gt; &gt; My first response was to remove openssh, since I don't really need it.
&gt; &gt; Any further suggestions on checking to see if this goon got anywhere?
&gt; &gt;
&gt; &gt; _______________________________________________
&gt; &gt; Ale mailing list
&gt; &gt; Ale at ale.org
&gt; &gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt; &gt;
&gt; :wq!
&gt;
&gt; ---------------------------------------------------------------------------
&gt; Robert L. Harris                     | GPG Key ID: E344DA3B
&gt;                                          @ x-hkp://pgp.mit.edu
&gt; DISCLAIMER:
&gt;       These are MY OPINIONS             With Dreams To Be A King,
&gt;        ALONE.  I speak for              First One Should Be A Man
&gt;        no-one else.                       - Manowar


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00188" href="msg00188.html">[ale] hack attempts</a></strong>
<ul><li><em>From:</em> jimmyc at speedfactory.net (Jim Philips)</li></ul></li>
<li><strong><a name="00189" href="msg00189.html">[ale] hack attempts</a></strong>
<ul><li><em>From:</em> Robert.L.Harris at rdlg.net (Robert L. Harris)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00189.html">[ale] hack attempts</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00191.html">[ale] DNS issues</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00189.html">[ale] hack attempts</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00197.html">[ale] hack attempts</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00190"><strong>Date</strong></a></li>
<li><a href="threads.html#00190"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]
Index(es):
- Date
- Thread