MORE SSH Hacking: heads-up

Ow Mun Heng Ow.Mun.Heng at wdc.com
Wed Aug 4 04:40:18 UTC 2004


On Mon, 2004-08-02 at 12:46, Chris Hewitt wrote:
> On Mon, 2004-08-02 at 20:21, Ow Mun Heng wrote:
> > On Fri, 2004-07-30 at 14:17, Jenkins, Jeremiah wrote:
> > > Not /etc/secure , /var/log/secure....man, I can tell it's friday
> > > 
> > This was in my logs last night at 11.56pm.
> > 
> > Aug  1 23:56:28 neuromancer sshd[22962]: Illegal user test from 203.185.29.89
> > Aug  1 23:56:30 neuromancer sshd[22962]: Failed password for illegal user test from 203.185.29.89 port 40688 ssh2
> > Aug  1 23:56:34 neuromancer sshd[23055]: Illegal user guest from 203.185.29.89
> > Aug  1 23:56:37 neuromancer sshd[23055]: Failed password for illegal user guest from 203.185.29.89 port 40779 ssh2
> 
> I'm getting these once every day or so (I'm in the UK). I only allow
> ssh2, disallow root, there is only one user allowed in and that is with
> a non-trivial username and a non-trivial password. 

This just in.. This time, If it's automated, it's gotta be a bit dumb.
It's trying to log in as root.

Aug  3 21:19:50 neuromancer sshd(pam_unix)[23883]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=ns.rheldev.registeredsite.com  user=root
Aug  3 21:19:53 neuromancer sshd(pam_unix)[23949]: check pass; user unknown

whois registeredsite.com

RegisteredSite Internet Services (SOTSQNYUMD)
   303 Peachtree Center Ave
   Atlanta, GA 30303
   US

   Domain Name: REGISTEREDSITE.COM

   Administrative Contact, Technical Contact:
      RegisteredSite Internet Services  (LTNQQEGSMO)            domreg at registeredsite.com
      303 Peachtree Center Ave
      Atlanta, GA 30303
      US
      678-365-2979


-- 
Ow Mun Heng
Fedora GNU/Linux Core 2 on D600 1.4Ghz CPU kernel
2.6.7-2.jul1-interactive 
Neuromancer 21:23:50 up 8:38, 3 users, load average: 0.59, 0.39, 0.41 





More information about the fedora-list mailing list