Possible break-in attempt?
madalin
niladam la gmail.com
Vin Ian 8 12:25:52 GMT 2010
Sfatul asta cu schimbatul portului e intr-adevar util. Dar daca nu
vrei sa-l urmezi cauta dupa csf (configserver.com) sau fa-ti un
firewall bun.
2010/1/8 Alexandru Cucu <cracknel.org at gmail.com>:
> Cele cu "invalid user" sunt parte a unui atac de tip bruteforce pe SSH.
> Sfatul meu: schimba portul serverului SSH.
>
> 2010/1/8 florin <florin at xcellcomputers.ro>:
>> In fisierul log.auth din /var/log am citit urmatoarele:
>>
>> Dec 30 19:09:01 telacad CRON[26205]: pam_unix(cron:session): session
>> opened for user root by (uid=0)
>> Dec 30 19:09:01 telacad dbus-daemon: Rejected send message, 1 matched
>> rules; type="method_call", sender=":1.31" (uid=1000 pid=3643
>> comm="/usr/lib/indicator-$
>> Dec 30 19:09:01 telacad CRON[26205]: pam_unix(cron:session): session
>> closed for user root
>>
>> pam_unix(cron:session): session opened for user root by (uid=0)
>> Dec 30 19:30:03 telacad dbus-daemon: Rejected send message, 1 matched
>> rules; type="method_call", sender=":1.31" (uid=1000 pid=3643
>> comm="/usr/lib/indicator-$
>> Dec 30 19:30:05 telacad CRON[27043]: pam_unix(cron:session): session
>> closed for user root
>> Dec 30 19:33:40 telacad sshd[27344]: Did not receive identification
>> string from 188.121.134.50
>>
>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0
>> tty=ssh ruser= rhost=94.52.203.47 user=root
>> Jan 1 21:43:35 telacad sshd[21374]: Failed password for root from
>> 94.52.203.47 port 32785 ssh2
>> Jan 1 21:43:40 telacad sshd[21376]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.52.203.47 user=root
>> Jan 1 21:43:42 telacad sshd[21376]: Failed password for root from
>> 94.52.203.47 port 33170 ssh2
>>
>> Jan 3 18:25:50 telacad sshd[23891]: Invalid user luxmundi from
>> 74.223.159.121
>> Jan 3 18:25:50 telacad sshd[23891]: pam_unix(sshd:auth): check pass;
>> user unknown
>> Jan 3 18:25:50 telacad sshd[23891]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=74.223.159.121.nw.nuvox.net
>> Jan 3 18:25:50 telacad sshd[23886]: Failed password for invalid user
>> utilidades from 74.223.159.121 port 38618 ssh2
>> Jan 3 18:25:51 telacad sshd[23885]: Failed password for invalid user
>> sol from 74.223.159.121 port 38612 ssh2
>> Jan 3 18:25:51 telacad sshd[23889]: Failed password for invalid user
>> Aarni from 74.223.159.121 port 38713 ssh2
>> Jan 3 18:25:51 telacad sshd[23891]: Failed password for invalid user
>> luxmundi from 74.223.159.121 port 38794 ssh2
>> Jan 3 18:25:53 telacad sshd[23894]: Invalid user perla from 74.223.159.121
>> Jan 3 18:25:53 telacad sshd[23893]: Invalid user Aarno from 74.223.159.121
>>
>>
>> Jan 8 11:56:56 telacad sshd[4156]: reverse mapping checking getaddrinfo
>> for 20.117.127.124.broad.bj.bj.static.163data.com.cn [124.127.117.20]
>> failed - POSSIBLE BREAK-IN ATTEMPT!
>> Jan 8 11:56:56 telacad sshd[4156]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.127.117.20
>> user=root
>> Jan 8 11:56:57 telacad sshd[4156]: Failed password for root from
>> 124.127.117.20 port 57299 ssh2
>> Jan 8 11:57:00 telacad sshd[4159]: reverse mapping checking getaddrinfo
>> for 20.117.127.124.broad.bj.bj.static.163data.com.cn [124.127.117.20]
>> failed - POSSIBLE BREAK-IN ATTEMPT!
>> Jan 8 11:57:00 telacad sshd[4159]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.127.117.20
>> user=root
>>
>>
>> As vrea sa stiu daca am fost atacat sau ce inseamna aceste mesaje, mai
>> ales cel cu POSSIBLE BREAK-IN ATTEMP! ?
>> Mentionez ca numele calculatorului meu "telacad" nu are nimic in comun
>> cu scoala "telacad".
>> Mesaje gen primele de mai sus am cred ca zeci de useri si ip-uri.
>> Ma poate ajuta cineva cu ceva informatii?
>> Va multumesc oricum, sunteti o echipa super cool!
>> Multa bafta in continuare.
>>
>> --
>> ubuntu-ro mailing list
>> ubuntu-ro at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-ro
>>
>
> --
> ubuntu-ro mailing list
> ubuntu-ro at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-ro
>
--
Cu drag,
madalin
http://madalin.eu
Mai multe informații despre lista de discuții ubuntu-ro