MORE SSH Hacking: heads-up
Ow Mun Heng
Ow.Mun.Heng at wdc.com
Wed Aug 4 04:40:18 UTC 2004
On Mon, 2004-08-02 at 12:46, Chris Hewitt wrote:
> On Mon, 2004-08-02 at 20:21, Ow Mun Heng wrote:
> > On Fri, 2004-07-30 at 14:17, Jenkins, Jeremiah wrote:
> > > Not /etc/secure , /var/log/secure....man, I can tell it's friday
> > >
> > This was in my logs last night at 11.56pm.
> >
> > Aug 1 23:56:28 neuromancer sshd[22962]: Illegal user test from 203.185.29.89
> > Aug 1 23:56:30 neuromancer sshd[22962]: Failed password for illegal user test from 203.185.29.89 port 40688 ssh2
> > Aug 1 23:56:34 neuromancer sshd[23055]: Illegal user guest from 203.185.29.89
> > Aug 1 23:56:37 neuromancer sshd[23055]: Failed password for illegal user guest from 203.185.29.89 port 40779 ssh2
>
> I'm getting these once every day or so (I'm in the UK). I only allow
> ssh2, disallow root, there is only one user allowed in and that is with
> a non-trivial username and a non-trivial password.
This just in.. This time, If it's automated, it's gotta be a bit dumb.
It's trying to log in as root.
Aug 3 21:19:50 neuromancer sshd(pam_unix)[23883]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=ns.rheldev.registeredsite.com user=root
Aug 3 21:19:53 neuromancer sshd(pam_unix)[23949]: check pass; user unknown
whois registeredsite.com
RegisteredSite Internet Services (SOTSQNYUMD)
303 Peachtree Center Ave
Atlanta, GA 30303
US
Domain Name: REGISTEREDSITE.COM
Administrative Contact, Technical Contact:
RegisteredSite Internet Services (LTNQQEGSMO) domreg at registeredsite.com
303 Peachtree Center Ave
Atlanta, GA 30303
US
678-365-2979
--
Ow Mun Heng
Fedora GNU/Linux Core 2 on D600 1.4Ghz CPU kernel
2.6.7-2.jul1-interactive
Neuromancer 21:23:50 up 8:38, 3 users, load average: 0.59, 0.39, 0.41
More information about the users
mailing list