[LUG] Server intrusions

To: list@xxxxxxxxxxxx
Subject: [LUG] Server intrusions
From: alan <amd@xxxxxxxxx>
Date: Tue, 10 Aug 2004 18:09:40 +0100
Content-disposition: inline
Reply-to: list@xxxxxxxxxxxx

Just to show you what I am having to put up with every day on my webservers -

--------------------- SSHD Begin ------------------------ Failed logins from these: admin/password from 168.215.70.220: 12 time(s) admin/password from 61.196.102.211: 2 time(s) root/password from 168.215.70.220: 18 time(s) root/password from 61.196.102.211: 1 time(s)

Users logging in through sshd: admin logged in from hostxxx-xxx-xxx-xxx.range217-44.btcentralplus.com (xxx.xxx.xxx.xxx) using publickey: 1 Times(s)

**Unmatched Entries** input_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 52002 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user guestFailed password for illegal user guest from 168.215.70.220 port 52032 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user userFailed password for illegal user user from 168.215.70.220 port 52080 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 52148 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for il! legal user test from 168.215.70.220 port 52592 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user guestinput_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 52692 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeFailed password for illegal user guest from 168.215.70.220 port 52627 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user adminFailed password for illegal user admin from 168.215.70.220 port 52651 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user adminFailed password for illegal user admin from 168.215.70.220 port 52696 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user guestFailed password for illegal user guest from 168.215.70.220 port 52708 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user userFailed ! password for illegal user user from 168.215.70.220 port 52714 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeUser root not allowed because shell /dev/null is not executableinput_userauth_request: illegal user rootFailed password for illegal user root from 168.215.70.220 port 52732 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeUser root not allowed because shell /dev/null is not executableinput_userauth_request: illegal user rootFailed password for illegal user root from 168.215.70.220 port 52757 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user userFailed password for illegal user user from 168.215.70.220 port 52768 ssh2User root not allowed because shell /dev/null is not executableinput_userauth_request: illegal user rootFailed password for illegal user root from 168.215.70.220 port 52769 ssh2Received disconnec! t from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 52786 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 52842 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 53561 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user guestFailed password for illegal user guest from 168.215.70.220 port 53575 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.! 215.70.220: 11: Bye Byeinput_userauth_request: illegal user userFailed password for illegal user user from 168.215.70.220 port 53632 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 53706 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 60990 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user guestFailed password for illegal user guest from 168.215.70.220 port 32875 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user use! rFailed password for illegal user user from 168.215.70.220 port 32930 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 33008 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 33364 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user guestFailed password for illegal user guest from 168.215.70.220 port 33390 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user adminFailed password for illegal user admin from 168.215.70.220 port 33401 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user ad! minFailed password for illegal user admin from 168.215.70.220 port 33415 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user userFailed password for illegal user user from 168.215.70.220 port 33436 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeUser root not allowed because shell /dev/null is not executableinput_userauth_request: illegal user rootFailed password for illegal user root from 168.215.70.220 port 33444 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeUser root not allowed because shell /dev/null is not executableinput_userauth_request: illegal user rootFailed password for illegal user root from 168.215.70.220 port 33455 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeUser root not allowed because shell /dev/null is not executableinput_userauth_request: illegal user rootFailed password for illegal user root from 168.215.70.220 port 33478 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_u! serauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 33487 ssh2input_userauth_request: illegal user testReceived disconnect from 168.215.70.220: 11: Bye ByeFailed password for illegal user test from 168.215.70.220 port 33488 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user guestFailed password for illegal user guest from 168.215.70.220 port 33502 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user userFailed password for illegal user user from 168.215.70.220 port 33557 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal u! ser test from 168.215.70.220 port 33638 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 34328 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_re quest: illegal user guestFailed password for illegal user guest from 168.215.70.220 port 34343 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user userFailed password for illegal user user from 168.215.70.220 port 34408 ssh2Received disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye ByeReceived disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal user test from 168.215.70.220 port 34480 ssh2Received disconnect from 168.215.70.220: 11: Bye Byeinput_userauth_request: illegal user testFailed password for illegal user test from 61.196.102.211 port 43890 ssh2Received disconnect from 61.196.102.211: 11: Bye Byeinput_userauth_request: illegal user testinput_userauth_request: illegal user gu! estFailed password for illegal user guest from 61.196.102.211 port 44042 ssh2Received disconnect from 61.196.102.211: 11: Bye ByeReceived disconnect from 61.196.102.211: 11: Bye ByeReceived disconnect from 61.196.102.211: 11: Bye ByeFailed password for illegal user test from 61.196.102.211 port 44038 ssh2input_userauth_request: illegal user userFailed password for illegal user user from 61.196.102.211 port 44352 ssh2Received disconnect from 61.196.102.211: 11: Bye Bye

---------------------- SSHD End -------------------------

This is why it it important to a) TURN OFF TELNET b) Disable direct root logins c) Only use SSH2 d) If at all practicable, disable password based logins (shell access) and implement a public key system.

I could show you my mail logs too, but that would scare you ! Lets just say that in 2 days I have automatically /dev/nulled over 9000 messages, on 1 server alone, just for trying to relay, and most of those have been spam to catch-all addresses (which point to /dev/null anyway now.) My users are quite happy not to receive those 9000 messages, even if it means that the odd badly addressed email may go astray.

Just a heads up,

alan

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.

Re: [LUG] Server intrusions
- From: Simon Waters

Prev by Date: Re: [LUG] Linux network monitoring tools
Next by Date: Re: [LUG] Linux network monitoring tools
Previous by thread: Re: [LUG] Setting up Samsung ML-1510 laser printer under SuSE9.1
Next by thread: Re: [LUG] Server intrusions
Index(es):
- Date
- Thread

Lynx friendly