hack attempt on my server...What do you do about this?

Thomas Sapp tpsapp at hotmail.com
Sat Jul 17 19:59:57 UTC 2004 

Honestly, I would forward the logfile that you got that from, with
non-pertinent info removed of course, to abuse at ripe.net.  The reason I
say this is because of the following information:

130.120.81.14 Record Type:   IP Address 

OrgName:    RIPE Network Coordination Centre 
OrgID:      RIPE
Address:    Singel 258
Address:    1016 AB
City:       Amsterdam
StateProv:  
PostalCode: 
Country:    NL

ReferralServer: whois://whois.ripe.net:43

NetRange:   130.120.0.0 - 130.120.255.255 
CIDR:       130.120.0.0/16 
NetName:    RIPE-ERX-130-120-0-0
NetHandle:  NET-130-120-0-0-1
Parent:     NET-130-0-0-0-0
NetType:    Early Registrations, Transferred to RIPE NCC
Comment:    These addresses have been further assigned to users in
Comment:    the RIPE NCC region. Contact information can be found in
Comment:    the RIPE database at http://www.ripe.net/whois
RegDate:    2003-11-12
Updated:    2004-03-02

Which I obtained from a whois query.  No guarantee that anything will become of the report but it's always better to be safe than sorry.

On Sat, 2004-07-17 at 12:40, Jonathan T. Steadman wrote:
> Sorry this is yet another lame question, but I am new to hosting web
> server ect. just kinda experimenting actually and in my logs i came
> across some garbage (its at the bottom of this email) what do you do
> about this?  Just let it be? inform ISP?  wait and see if it is more
> continuous?  dont know the proper thing to do i guess just making sure
> with you guys.
> 
> Jul 17 14:42:24 localhost sshd[6746]: Illegal user test from
> 130.120.81.14
> Jul 17 14:42:26 localhost sshd[6746]: Failed password for illegal user
> test from 130.120.81.14 port 48692 ssh2
> Jul 17 14:42:27 localhost sshd[6748]: Illegal user guest from
> 130.120.81.14
> Jul 17 14:42:30 localhost sshd[6748]: Failed password for illegal user
> guest from 130.120.81.14 port 48753 ssh2
> Jul 17 14:42:31 localhost sshd[6750]: Illegal user admin from
> 130.120.81.14
> Jul 17 14:42:33 localhost sshd[6750]: Failed password for illegal user
> admin from 130.120.81.14 port 48807 ssh2
> Jul 17 14:42:34 localhost sshd[6752]: Illegal user admin from
> 130.120.81.14
> Jul 17 14:42:37 localhost sshd[6752]: Failed password for illegal user
> admin from 130.120.81.14 port 48849 ssh2
> Jul 17 14:42:38 localhost sshd[6754]: Illegal user user from
> 130.120.81.14
> Jul 17 14:42:40 localhost sshd[6754]: Failed password for illegal user
> user from 130.120.81.14 port 48879 ssh2
> Jul 17 14:42:43 localhost sshd[6756]: Failed password for root from
> 130.120.81.14 port 48900 ssh2
> Jul 17 14:42:47 localhost sshd[6758]: Failed password for root from
> 130.120.81.14 port 48913 ssh2
> Jul 17 14:42:50 localhost sshd[6760]: Failed password for root from
> 130.120.81.14 port 48924 ssh2
> Jul 17 14:42:51 localhost sshd[6762]: Illegal user test from
> 130.120.81.14
> Jul 17 14:42:54 localhost sshd[6762]: Failed password for illegal user
> test from 130.120.81.14 port 48931 ssh2
-- 
Thanks,
Tom Sapp
http://www.sappsworld.com

More information about the users mailing list