You are not logged in.

#1 2004-08-10 02:45:25

jlvsimoes
Member
From: portugal
Registered: 2002-12-23
Posts: 392
Website

Cool NOt suckkk it Dam :O its a hack fest and im the hacked

whois 210.53.207.209
% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      210.52.0.0 - 210.53.255.255
netname:      CNCNET
descr:        China Netcom Corp.
descr:        New Telecommunication Carrier Based on IP Backbone
country:      CN
admin-c:      YZ213-AP
tech-c:       YZ213-AP
remarks:      This is a replacement object as they have four /17
remarks:      objects in this range so we make it to one /15.
remarks:      for spam complain <tech-group@china-netcom.com>
remarks:      or <abuse@china-netcom.com>
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CN-ZM28
status:       ALLOCATED PORTABLE
changed:      hm-changed@apnic.net 20040206
source:       APNIC

person:       yanping zhao
address:      15/F, Building A, Corporate Square,No
address:      35 Financial Street,Xicheng District,
address:      Beijing
country:      CN
phone:        +86-010-88093588
fax-no:       +86-010-88091442
e-mail:       tech-group@china-netcom.com
nic-hdl:      YZ213-AP
mnt-by:       MAINT-CN-ZM28
changed:      daihy@china-netcom.com 20020618
source:       APNIC/var/log/auth:Aug  8 07:37:54 routty sshd[17105]: Illegal user test from 210.53.207.209
/var/log/auth:Aug  8 07:37:55 routty sshd[17105]: Failed password for illegal user test from 210.53.207.209 port 35050 ssh2
/var/log/auth:Aug  8 07:37:58 routty sshd[17138]: Illegal user guest from 210.53.207.209
/var/log/auth:Aug  8 07:37:58 routty sshd[17138]: Failed password for illegal user guest from 210.53.207.209 port 35132 ssh2
/var/log/auth:Aug  8 07:38:01 routty sshd[17165]: Illegal user admin from 210.53.207.209
/var/log/auth:Aug  8 07:38:01 routty sshd[17165]: Failed password for illegal user admin from 210.53.207.209 port 35209 ssh2
/var/log/auth:Aug  8 07:38:04 routty sshd[17194]: Illegal user admin from 210.53.207.209
/var/log/auth:Aug  8 07:38:04 routty sshd[17194]: Failed password for illegal user admin from 210.53.207.209 port 35277 ssh2
/var/log/auth:Aug  8 07:38:09 routty sshd[17211]: Illegal user user from 210.53.207.209
/var/log/auth:Aug  8 07:38:09 routty sshd[17211]: Failed password for illegal user user from 210.53.207.209 port 35337 ssh2
/var/log/auth:Aug  8 07:38:12 routty sshd[17255]: Failed password for root from 210.53.207.209 port 35435 ssh2
/var/log/auth:Aug  8 07:38:15 routty sshd[17271]: Failed password for root from 210.53.207.209 port 35489 ssh2
/var/log/auth:Aug  8 07:38:18 routty sshd[17301]: Failed password for root from 210.53.207.209 port 35530 ssh2
/var/log/auth:Aug  8 07:38:22 routty sshd[17317]: Illegal user test from 210.53.207.209
/var/log/auth:Aug  8 07:38:22 routty sshd[17317]: Failed password for illegal user test from 210.53.207.209 port 35567 ssh2


-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GU/ d- s: a- C L U P+ L+++ E--- W+
N 0+ K- W-- !O !M V-- PS+ PE- V++ PGP T 5 Z+ R* TV+ B+
DI-- D- G-- e-- h! r++ z+ z*
------END GEEK CODE BLOCK------

Offline

#2 2004-08-10 03:30:45

afu
Member
From: Tuscalooser, Alabummer
Registered: 2004-02-19
Posts: 155

Re: Cool NOt suckkk it Dam :O its a hack fest and im the hacked

This has been pretty heavy for the last couple of weeks. Just about everyday for my servers.

Offline

#3 2004-08-10 13:39:20

jlvsimoes
Member
From: portugal
Registered: 2002-12-23
Posts: 392
Website

Re: Cool NOt suckkk it Dam :O its a hack fest and im the hacked

tongue bastards


-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GU/ d- s: a- C L U P+ L+++ E--- W+
N 0+ K- W-- !O !M V-- PS+ PE- V++ PGP T 5 Z+ R* TV+ B+
DI-- D- G-- e-- h! r++ z+ z*
------END GEEK CODE BLOCK------

Offline

#4 2004-12-15 09:16:41

Father
Member
From: Australia
Registered: 2004-06-01
Posts: 209

Re: Cool NOt suckkk it Dam :O its a hack fest and im the hacked

this is pretty standard. I get some luser trying a dictionary hack a few times a day.

add this to your /etc/ssh/sshd_config file

DenyGroups root

since root is a standard user on all *nix systems (with perhaps the odd exception), its an obvious username to try, which means they only need to work out the password.
by blocking direct root logins, you decrease the probability of being hacked by... well.. ALOT
they need to then guess a valid username AND password, not just a username.

you can still get root access by logging in as a normal user and `su'ing to root.


i also setup some groups so i can restrict the users that use it so i can remove access at will

AllowGroups ssh users

Offline

#5 2004-12-15 16:44:03

phrakture
Arch Overlord
From: behind you
Registered: 2003-10-29
Posts: 7,879
Website

Re: Cool NOt suckkk it Dam :O its a hack fest and im the hacked

I've gotten the same, most from china....
I've sent many emails to the ISPs, just for the record...

In the end I just set my hosts.allow to only my work IP (the only place I ever ssh into my box)...

I was debating setting up a passthrough box... deny root access on it, have a restricted user that can basically only run ssh... and ssh there, then ssh to the other machine which only allows local network ssh'es - messy but pretty secure.....

Offline

#6 2004-12-19 03:24:13

jskier
Member
From: Minnesota, USA
Registered: 2003-07-30
Posts: 356
Website

Re: Cool NOt suckkk it Dam :O its a hack fest and im the hacked

There are other security options in the config file to to help spoil attacks even more such as limitations on authentication tries and 'strict mode'. Google them and you get a wealth of info.


--
JSkier

Offline

Board footer

Powered by FluxBB