Re: MORE SSH Hacking: heads-up

From: Brad Smith (usernamenumber_at_gmail.com)
Date: 07/30/04

  • Next message: Mikael Abrahamsson: "Re: MORE SSH Hacking: heads-up" 
    Date: Fri, 30 Jul 2004 14:37:03 -0700
To: For users of Fedora Core releases <fedora-list@redhat.com>

    Well I've never had exactly what you seem to be describing, but what
    I've been seeing reported more often are attempts to guess weak
    name/pw combos. It's either a worm I've never heard of or a few sadly
    successfull but otherwise very unimaginative script kiddies. Here's
    some excerpts from my logwatch reports:

    -- 7/29/04 : This one's from Korea --
    Failed logins from these:
       guest/password from 61.109.156.5: 1 Time(s)
       test/password from 61.109.156.5: 1 Time(s)

    -- 7/27/04 : This one's from legatovideo.net. I emailed the admin
    contact w/no reply --
    Failed logins from these:
       guest/password from 12.181.128.5: 2 Time(s)
       test/password from 12.181.128.5: 2 Time(s)

    And a friend gave me these from his logs:
    # Not sure who this is
    Jul 29 04:02:59 www sshd[4037]: Illegal user test from ::ffff:208.145.229.70
    Jul 29 04:03:02 www sshd[4037]: Failed password for illegal user test
    from ::ffff:208.145.229.70 port 4965 ssh2
    Jul 29 04:03:03 www sshd[4044]: Illegal user guest from ::ffff:208.145.229.70
    Jul 29 04:03:05 www sshd[4044]: Failed password for illegal user guest
    from ::ffff:208.145.229.70 port 4967 ssh2

    # A Spanish distance-learning university
    Jul 29 08:59:49 www sshd[5330]: Illegal user test from ::ffff:62.204.197.193
    Jul 29 08:59:54 www sshd[5330]: Failed password for illegal user test
    from ::ffff:62.204.197.193 port 37838 ssh2
    Jul 29 08:59:55 www sshd[5332]: Illegal user guest from ::ffff:62.204.197.193
    Jul 29 08:59:58 www sshd[5332]: Failed password for illegal user guest
    from ::ffff:62.204.197.193 port 38151 ssh2
    Jul 29 09:00:00 www sshd[5334]: Illegal user admin from ::ffff:62.204.197.193
    Jul 29 09:00:02 www sshd[5334]: Failed password for illegal user admin
    from ::ffff:62.204.197.193 port 38342 ssh2
    Jul 29 09:00:04 www sshd[5336]: Illegal user admin from ::ffff:62.204.197.193
    Jul 29 09:00:06 www sshd[5336]: Failed password for illegal user admin
    from ::ffff:62.204.197.193 port 38523 ssh2
    Jul 29 09:00:08 www sshd[5338]: Illegal user user from ::ffff:62.204.197.193
    Jul 29 09:00:10 www sshd[5338]: Failed password for illegal user user
    from ::ffff:62.204.197.193 port 38679 ssh2
    Jul 29 09:00:14 www sshd[5340]: Failed password for root from
    ::ffff:62.204.197.193 port 38860 ssh2
    Jul 29 09:00:18 www sshd[5342]: Failed password for root from
    ::ffff:62.204.197.193 port 38981 ssh2
    Jul 29 09:00:22 www sshd[5350]: Failed password for root from
    ::ffff:62.204.197.193 port 39122 ssh2
    Jul 29 09:00:24 www sshd[5352]: Illegal user test from ::ffff:62.204.197.193
    Jul 29 09:00:27 www sshd[5352]: Failed password for illegal user test
    from ::ffff:62.204.197.193 port 39258 ssh2 

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Mikael Abrahamsson: "Re: MORE SSH Hacking: heads-up"

    Relevant Pages