[ale] hack attempts

Jimmy Oliver jimmyoliver at gmail.com
Mon Feb 7 13:05:54 EST 2005


On Sun, 6 Feb 2005 20:35:44 -0800 (PST), Jim Popovitch <jimpop at yahoo.com> wrote:
> --- Jay Loden <jloden at toughguy.net> wrote:
> > I got exactly the same thing on my home desktop (which has ssh so
> > I can log in from away) and i mean exactly...same usernames and
> > everything.
> >
> > I'd also be interested to know what if anything one can do about
> > this, besides blocking the IPs
> 
> Just run ssh on another port, something unlike 22 (don't use 44, 222, 2222,
> 2020, etc).   As someone else mentioned, this looks like a brute force attempt
> to login as stupid users.  Someone probably got a hold of a passwd file and
> decide to use it against the world.   Lame, very lame.
> 
> -Jim P.
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 


Hello all,

I just referenced my logs and have quite an assortment of failed ssh
attempts as well.  Looks like a dictionary file type/brute force
attack.  Since mine was sourced from a 207.x.x.x address, and within
the same time frame, it looks like a botnet attack.

Feb  6 21:13:40 jimbyfs sshd[20256]: Invalid user pub from ::ffff:207.58.131.193
Feb  6 21:13:39 jimbyfs sshd[20254]: Invalid user black from
::ffff:207.58.131.193
Feb  6 21:13:39 jimbyfs sshd[20252]: Invalid user green from
::ffff:207.58.131.193
Feb  6 21:13:39 jimbyfs sshd[20250]: Invalid user yellow from
::ffff:207.58.131.193
Feb  6 21:13:38 jimbyfs sshd[20248]: Invalid user red from ::ffff:207.58.131.193
Feb  6 21:13:38 jimbyfs sshd[20246]: Invalid user blue from
::ffff:207.58.131.193
Feb  6 21:13:37 jimbyfs sshd[20244]: Invalid user dog from ::ffff:207.58.131.193
Feb  6 21:13:37 jimbyfs sshd[20242]: Invalid user jane from
::ffff:207.58.131.193
Feb  6 21:13:37 jimbyfs sshd[20240]: Invalid user shell from
::ffff:207.58.131.193
Feb  6 21:13:36 jimbyfs sshd[20238]: Invalid user larisa from
::ffff:207.58.131.193
Feb  6 21:13:36 jimbyfs sshd[20236]: Invalid user operator from
::ffff:207.58.131.193
Feb  6 21:13:36 jimbyfs sshd[20234]: Invalid user barbara from
::ffff:207.58.131.193
Feb  6 21:13:35 jimbyfs sshd[20232]: Invalid user god from ::ffff:207.58.131.193
Feb  6 21:13:34 jimbyfs sshd[20228]: Invalid user rose from
::ffff:207.58.131.193
Feb  6 21:13:34 jimbyfs sshd[20226]: Invalid user maria from
::ffff:207.58.131.193
Feb  6 21:13:33 jimbyfs sshd[20222]: Invalid user market from
::ffff:207.58.131.193
Feb  6 21:13:33 jimbyfs sshd[20220]: Invalid user lucy from
::ffff:207.58.131.193
Feb  6 21:13:32 jimbyfs sshd[20218]: Invalid user johnny from
::ffff:207.58.131.193
Feb  6 21:13:32 jimbyfs sshd[20216]: Invalid user system from
::ffff:207.58.131.193
Feb  6 21:13:32 jimbyfs sshd[20214]: Invalid user robin from
::ffff:207.58.131.193
Feb  6 21:13:31 jimbyfs sshd[20212]: Invalid user nicholas from
::ffff:207.58.131.193
Feb  6 21:13:31 jimbyfs sshd[20210]: Invalid user max from ::ffff:207.58.131.193
Feb  6 21:13:31 jimbyfs sshd[20208]: Invalid user henry from
::ffff:207.58.131.193
Feb  6 21:13:30 jimbyfs sshd[20206]: Invalid user betty from
::ffff:207.58.131.193
Feb  6 21:13:30 jimbyfs sshd[20204]: Invalid user vampire from
::ffff:207.58.131.193
Feb  6 21:13:29 jimbyfs sshd[20202]: Invalid user jeremy from
::ffff:207.58.131.193
Feb  6 21:13:29 jimbyfs sshd[20200]: Invalid user buddy from
::ffff:207.58.131.193
Feb  6 21:13:29 jimbyfs sshd[20198]: Invalid user billy from
::ffff:207.58.131.193
Feb  6 21:13:28 jimbyfs sshd[20196]: Invalid user tom from ::ffff:207.58.131.193
Feb  6 21:13:28 jimbyfs sshd[20194]: Invalid user joe from ::ffff:207.58.131.193
Feb  6 21:13:27 jimbyfs sshd[20192]: Invalid user eric from
::ffff:207.58.131.193
Feb  6 21:13:27 jimbyfs sshd[20190]: Invalid user emily from
::ffff:207.58.131.193
Feb  6 21:13:27 jimbyfs sshd[20188]: Invalid user angel from
::ffff:207.58.131.193
Feb  6 21:13:26 jimbyfs sshd[20186]: Invalid user william from
::ffff:207.58.131.193
Feb  6 21:13:26 jimbyfs sshd[20184]: Invalid user stephen from
::ffff:207.58.131.193
Feb  6 21:13:26 jimbyfs sshd[20182]: Invalid user brian from
::ffff:207.58.131.193
Feb  6 21:13:25 jimbyfs sshd[20180]: Invalid user brandon from
::ffff:207.58.131.193
Feb  6 21:13:25 jimbyfs sshd[20178]: Invalid user steven from
::ffff:207.58.131.193
Feb  6 21:13:24 jimbyfs sshd[20176]: Invalid user charlie from
::ffff:207.58.131.193
Feb  6 21:13:24 jimbyfs sshd[20174]: Invalid user justin from
::ffff:207.58.131.193
Feb  6 21:13:24 jimbyfs sshd[20172]: Invalid user carmen from
::ffff:207.58.131.193
Feb  6 21:13:23 jimbyfs sshd[20170]: Invalid user ben from ::ffff:207.58.131.193
Feb  6 21:13:23 jimbyfs sshd[20168]: Invalid user jason from
::ffff:207.58.131.193
Feb  6 21:13:22 jimbyfs sshd[20166]: Invalid user david from
::ffff:207.58.131.193
Feb  6 21:13:22 jimbyfs sshd[20164]: Invalid user lion from
::ffff:207.58.131.193
Feb  6 21:13:22 jimbyfs sshd[20162]: Invalid user magic from
::ffff:207.58.131.193
Feb  6 21:13:21 jimbyfs sshd[20160]: Invalid user matthew from
::ffff:207.58.131.193
Feb  6 21:13:21 jimbyfs sshd[20158]: Invalid user nathan from
::ffff:207.58.131.193
Feb  6 21:13:20 jimbyfs sshd[20156]: Invalid user andrew from
::ffff:207.58.131.193
Feb  6 21:13:20 jimbyfs sshd[20154]: Invalid user daniel from
::ffff:207.58.131.193
Feb  6 21:13:20 jimbyfs sshd[20152]: Invalid user nicole from
::ffff:207.58.131.193
Feb  6 21:13:19 jimbyfs sshd[20150]: Invalid user michael from
::ffff:207.58.131.193
Feb  6 21:13:19 jimbyfs sshd[20148]: Invalid user jordan from
::ffff:207.58.131.193
Feb  6 21:00:07 jimbyfs sshd[20147]: Did not receive identification
string from ::ffff:207.58.131.193

________________________
Jimmy Oliver aka jimbo
http://www.gojimbo.com
email:  jimbo at gojimbo.com
lists:  jimmyoliver at gmail.com



More information about the Ale mailing list