Page 1 of 1

Server Fun

Posted: 30.01.2016, 23:07
by Cybermancer
Irgendjemand hat gerade Spaß mit einem meiner Server
Jan 30 00:49:41 xxx sshd[xxx]: Failed password for root from 59.47.0.149 port 13067 ssh2
Jan 30 00:49:41 xxx sshd[xxx]: Failed password for root from 222.186.56.75 port 1424 ssh2
Jan 30 00:49:43 xxx sshd[xxx]: Failed password for root from 222.186.56.75 port 1424 ssh2
Jan 30 00:49:44 xxx sshd[xxx]: Failed password for root from 59.47.0.149 port 62173 ssh2
Jan 30 00:49:44 xxx sshd[xxx]: Disconnecting: Too many authentication failures for root from 59.47.0.149 port 62173 ssh2 [preauth]
Jan 30 00:49:44 xxx sshd[xxx]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.47.0.149 user=root
Jan 30 00:49:44 xxx sshd[xxx]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 30 00:49:44 xxx sshd[xxx]: Failed password for root from 59.47.0.149 port 13067 ssh2
Jan 30 00:49:44 xxx sshd[xxx]: Disconnecting: Too many authentication failures for root from 59.47.0.149 port 13067 ssh2 [preauth]
Jan 30 00:49:44 xxx sshd[xxx]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.47.0.149 user=root
Jan 30 00:49:44 xxx sshd[xxx]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 30 00:49:46 xxx sshd[xxx]: Failed password for root from 222.186.56.75 port 1424 ssh2
Jan 30 00:49:47 xxx sshd[xxx]: reverse mapping checking getaddrinfo for 149.0.47.59.broad.bx.ln.dynamic.163data.com.cn [59.47.0.149] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 00:49:47 xxx sshd[xxx]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.47.0.149 user=root
Jan 30 00:49:47 xxx sshd[xxx]: reverse mapping checking getaddrinfo for 149.0.47.59.broad.bx.ln.dynamic.163data.com.cn [59.47.0.149] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 30 00:49:48 xxx sshd[xxx]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.47.0.149 user=root
Jan 30 00:49:49 xxx sshd[xxx]: Failed password for root from 222.186.56.75 port 1424 ssh2
Jan 30 00:49:49 xxx sshd[xxx]: fatal: Read from socket failed: Connection reset by peer [preauth]

Das geht so über Stunden und Stunden.
Die IP's der Angreifer liegen in China und darf mich jetzt fragen, ob das der eigentliche Angriff ist oder ob die mir die Logs zuspammen, damit ich den eigentlichen Angriff nicht nachvollziehen kann. :???: :???:

Wird ein nettes Wochenende.

Re: Server Fun

Posted: 02.02.2016, 23:31
by Cybermancer
xxx/xxx.xxx.xxx.xxx:xxx Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #45923 ] -
xxx/xxx.xxx.xxx.xxx:xxx Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #45925 ] -

Replay Attack, da hat sich aber jemand auf mich eingeschossen.

Wie ich das liebe.