You know, the DCMA or whatever they call it in your place....
And then there is the bad hacker, and the small hacker, and the criminals...
Bit short on sleep, 2 oclock last night the 'hack' alarms went of, sirens, flashing lights, but as I was sort of asleep it took a while to turn on the other side, and read the remote display, to see what was happening. What was happening was an attempt to log into the servers using random passwords.
Have to get up, you know, deep sleep, maybe I should just leave it, maybe just unplug the whole thing... got up, once in the computer room turn on monitor, grab keyboard, now more awake, amazingly I typed the right commands: netstat tcp6 0 0 ip51cf87c4.direct-a:ssh ::ffff:201.70.76.:35703 ESTABLISHED tcp6 0 10 ip51cf87c4.direct:50719 ::ffff:201.70.76.4:auth ESTABLISHED tcp6 0 0 ip51cf87c4.direct-a:ssh ::ffff:201.70.76.:34809 TIME_WAIT tcp6 0 0 ip51cf87c4.direct:44236 ::ffff:201.70.76.4:auth TIME_WAIT
mm looks like somebody is trying to log in to the root account.
tail -f /var/log/auth.log Jun 10 01:33:03 grml sshd[24675]: Invalid user usa from 201.70.76.43 Jun 10 01:33:03 grml sshd[24675]: (pam_unix) check pass; user unknown Jun 10 01:33:03 grml sshd[24675]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.70.76.43 Jun 10 01:33:05 grml sshd[24675]: Failed password for invalid user usa from
201.70.76.43 port 33650 ssh2 Jun 10 01:33:08 grml sshd[24702]: Invalid user universal from 201.70.76.43 Jun 10 01:33:08 grml sshd[24702]: (pam_unix) check pass; user unknown Jun 10 01:33:08 grml sshd[24702]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.70.76.43 Jun 10 01:33:10 grml sshd[24702]: Failed password for invalid user universal from 201.70.76.43 port 33940 ssh2 Jun 10 01:33:14 grml sshd[24736]: Invalid user radio from 201.70.76.43 Jun 10 01:33:14 grml sshd[24736]: (pam_unix) check pass; user unknown Jun 10 01:33:14 grml sshd[24736]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.70.76.43 Jun 10 01:33:16 grml sshd[24736]: Failed password for invalid user radio from 201.70.76.43 port 34237 ssh2 Jun 10 01:33:19 grml sshd[24764]: Invalid user ronald from 201.70.76.43 Jun 10 01:33:19 grml sshd[24764]: (pam_unix) check pass; user unknown Jun 10 01:33:19 grml sshd[24764]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.70.76.43 Jun 10 01:33:20 grml sshd[24764]: Failed password for invalid user ronald from 201.70.76.43 port 34556 ssh2 Jun 10 01:33:24 grml sshd[24799]: Invalid user harry from 201.70.76.43 Jun 10 01:33:24 grml sshd[24799]: (pam_unix) check pass; user unknown Jun 10 01:33:24 grml sshd[24799]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.70.76.43 Jun 10 01:33:26 grml sshd[24799]: Failed password for invalid user harry from 201.70.76.43 port 34809 ssh2 Jun 10 01:33:30 grml sshd[24831]: Invalid user zoe from 201.70.76.43 Jun 10 01:33:30 grml sshd[24831]: (pam_unix) check pass; user unknown Jun 10 01:33:30 grml sshd[24831]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.70.76.43 Jun 10 01:33:31 grml sshd[24831]: Failed password for invalid user zoe from 201.70.76.43 port 35151 ssh2 Jun 10 01:33:34 grml sshd[24859]: Invalid user vivi from 201.70.76.43 Jun 10 01:33:34 grml sshd[24859]: (pam_unix) check pass; user unknown Jun 10 01:33:34 grml sshd[24859]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.70.76.43 Jun 10 01:33:36 grml sshd[24859]: Failed password for invalid user vivi from 201.70.76.43 port 35410 ssh2 Jun 10 01:33:39 grml sshd[24890]: Invalid user walter from 201.70.76.43 Jun 10 01:33:39 grml sshd[24890]: (pam_unix) check pass; user unknown Jun 10 01:33:39 grml sshd[24890]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.70.76.43 Jun 10 01:33:42 grml sshd[24890]: Failed password for invalid user walter from 201.70.76.43 port 35703 ssh2 Jun 10 01:33:45 grml sshd[24924]: Invalid user violeta from 201.70.76.43 Jun 10 01:33:45 grml sshd[24924]: (pam_unix) check pass; user unknown Jun 10 01:33:45 grml sshd[24924]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.70.76.43 Jun 10 01:33:47 grml sshd[24924]: Failed password for invalid user violeta from 201.70.76.43 port 36037 ssh2 Jun 10 01:33:50 grml sshd[24951]: Invalid user valentin from 201.70.76.43 Jun 10 01:33:50 grml sshd[24951]: (pam_unix) check pass; user unknown Jun 10 01:33:50 grml sshd[24951]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.70.76.43 etc...so..... somebody IN THIS GROUP has read my posting about 'football on the eeePC', figures there must be some movies and stuff to get, tries to get to it.
ip_to_country -i 201.70.76.4 ip=201.70.76.4 (3376827396) "BR" "BRAZIL"
Yes those guys like football ;-) whois 201.70.76.43 inetnum: 201.70.76/24 nserver: ns.superivitoria.com.br
So, whoever you are, ONE email from me to superivitoria.com.br and you are spending perhaps 25 years in a Brazilian jail in the jungle with alligators ;-). I will not send it, you got blinded by the football, but do not try again. (In fact you cannot try again, as you are forever added to the ip filter, an some other counter measures have been added). But you can still view my site that you seem to like so much, but only via an anonymiser like
Now I had 3 denial of sevice attacks (for which I did strike back) this week, and one password attack, internet is getting a dangerous place. And robbing me of my sleep, do not piss me off.