Hack attempts
Scot L. Harris
webid at cfl.rr.com
Sat Jul 24 13:46:15 UTC 2004
On Sat, 2004-07-24 at 09:32, Colin Paul Adams wrote:
> >>>>> "Edwin" == Edwin Dicker <edwin at dicker.nl> writes:
>
> Edwin> The last two days i got bugged by someone from korea and
> Edwin> someone from japan. his is what i find in my LogWatch :
> Edwin> --------------------- SSHD Begin ------------------------
>
>
> Edwin> Failed logins from these: guest/password from
> Edwin> ::ffff:211.119.136.170: 1 Time(s) test/password from
> Edwin> ::ffff:211.119.136.170: 1 Time(s)
>
> Edwin> Illegal users from these: guest/none from
> Edwin> ::ffff:211.119.136.170: 1 Time(s) guest/password from
> Edwin> ::ffff:211.119.136.170: 1 Time(s) test/none from
> Edwin> ::ffff:211.119.136.170: 1 Time(s) test/password from
> Edwin> ::ffff:211.119.136.170: 1 Time(s)
>
> Edwin> is this a known hack attempt by some sort of program ?
> Edwin> because for both tries the same usernames have been tried
> Edwin> to use : guest and test
>
> I've also seen this the last couple of days, and from the same IP address.
> --
> Colin Paul Adams
> Preston Lancashire
Are you using DSL or cable modem? If so you really should invest in a
cheap hardware router. It is amazing how much that will protect you.
You may want to block that IP address in iptables just to be on the safe
side.
Most likely a script kiddie running some software they found.
--
Scot L. Harris
webid at cfl.rr.com
Necessity is a mother.
More information about the users
mailing list