Server Fun

Post Reply
User avatar
Cybermancer
Posts: 3772
Joined: 04.09.2015, 17:35
Has thanked: 1 time
Been thanked: 25 times

Server Fun

Post by Cybermancer » 30.01.2016, 23:07

Irgendjemand hat gerade Spaß mit einem meiner Server
Jan 30 00:49:41 xxx sshd[xxx]: Failed password for root from 59.47.0.149 port 13067 ssh2
Jan 30 00:49:41 xxx sshd[xxx]: Failed password for root from 222.186.56.75 port 1424 ssh2
Jan 30 00:49:43 xxx sshd[xxx]: Failed password for root from 222.186.56.75 port 1424 ssh2
Jan 30 00:49:44 xxx sshd[xxx]: Failed password for root from 59.47.0.149 port 62173 ssh2
Jan 30 00:49:44 xxx sshd[xxx]: Disconnecting: Too many authentication failures for root from 59.47.0.149 port 62173 ssh2 [preauth]
Jan 30 00:49:44 xxx sshd[xxx]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.47.0.149 user=root
Jan 30 00:49:44 xxx sshd[xxx]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 30 00:49:44 xxx sshd[xxx]: Failed password for root from 59.47.0.149 port 13067 ssh2
Jan 30 00:49:44 xxx sshd[xxx]: Disconnecting: Too many authentication failures for root from 59.47.0.149 port 13067 ssh2 [preauth]
Jan 30 00:49:44 xxx sshd[xxx]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.47.0.149 user=root
Jan 30 00:49:44 xxx sshd[xxx]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 30 00:49:46 xxx sshd[xxx]: Failed password for root from 222.186.56.75 port 1424 ssh2
Jan 30 00:49:47 xxx sshd[xxx]: reverse mapping checking getaddrinfo for 149.0.47.59.broad.bx.ln.dynamic.163data.com.cn [59.47.0.149] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 00:49:47 xxx sshd[xxx]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.47.0.149 user=root
Jan 30 00:49:47 xxx sshd[xxx]: reverse mapping checking getaddrinfo for 149.0.47.59.broad.bx.ln.dynamic.163data.com.cn [59.47.0.149] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 00:49:48 xxx sshd[xxx]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.47.0.149 user=root
Jan 30 00:49:49 xxx sshd[xxx]: Failed password for root from 222.186.56.75 port 1424 ssh2
Jan 30 00:49:49 xxx sshd[xxx]: fatal: Read from socket failed: Connection reset by peer [preauth]

Das geht so über Stunden und Stunden.
Die IP's der Angreifer liegen in China und darf mich jetzt fragen, ob das der eigentliche Angriff ist oder ob die mir die Logs zuspammen, damit ich den eigentlichen Angriff nicht nachvollziehen kann. :???: :???:

Wird ein nettes Wochenende.
https://pgp.mit.edu/pks/lookup?op=get&s ... CC04F151DE
We have it totally under control. It’s one person coming in from China, and we have it under control. It’s going to be just fine.

User avatar
Cybermancer
Posts: 3772
Joined: 04.09.2015, 17:35
Has thanked: 1 time
Been thanked: 25 times

Re: Server Fun

Post by Cybermancer » 02.02.2016, 23:31

xxx/xxx.xxx.xxx.xxx:xxx Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #45923 ] -
xxx/xxx.xxx.xxx.xxx:xxx Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #45925 ] -

Replay Attack, da hat sich aber jemand auf mich eingeschossen.

Wie ich das liebe.
https://pgp.mit.edu/pks/lookup?op=get&s ... CC04F151DE
We have it totally under control. It’s one person coming in from China, and we have it under control. It’s going to be just fine.

Post Reply