Hack attempts

Scot L. Harris webid at cfl.rr.com
Sat Jul 24 13:46:15 UTC 2004


On Sat, 2004-07-24 at 09:32, Colin Paul Adams wrote:
> >>>>> "Edwin" == Edwin Dicker <edwin at dicker.nl> writes:
> 
>     Edwin> The last two days i got bugged by someone from korea and
>     Edwin> someone from japan.  his is what i find in my LogWatch :
>     Edwin> --------------------- SSHD Begin ------------------------
> 
> 
>     Edwin> Failed logins from these: guest/password from
>     Edwin> ::ffff:211.119.136.170: 1 Time(s) test/password from
>     Edwin> ::ffff:211.119.136.170: 1 Time(s)
> 
>     Edwin> Illegal users from these: guest/none from
>     Edwin> ::ffff:211.119.136.170: 1 Time(s) guest/password from
>     Edwin> ::ffff:211.119.136.170: 1 Time(s) test/none from
>     Edwin> ::ffff:211.119.136.170: 1 Time(s) test/password from
>     Edwin> ::ffff:211.119.136.170: 1 Time(s)
> 
>     Edwin> is this a known hack attempt by some sort of program ?
>     Edwin> because for both tries the same usernames have been tried
>     Edwin> to use : guest and test
> 
> I've also seen this the last couple of days, and from the same IP address.
> -- 
> Colin Paul Adams
> Preston Lancashire

Are you using DSL or cable modem?  If so you really should invest in a
cheap hardware router.  It is amazing how much that will protect you.

You may want to block that IP address in iptables just to be on the safe
side.  

Most likely a script kiddie running some software they found.
-- 
Scot L. Harris
webid at cfl.rr.com

Necessity is a mother. 





More information about the users mailing list