[Zeffie-Users] (raq4) hack attempt

Thu Apr 21 01:40:12 EDT 2005

I already blocked this script kidie... actually I blocked the whole range on 
the firewall :

Looking up 221.242.57.202...
Using whois server whois.arin.net.

OrgName:    Asia Pacific Network Information Centre
OrgID:      APNIC
Address:    PO Box 2131
City:       Milton
StateProv:  QLD
PostalCode: 4064
Country:    AU

ReferralServer: whois://whois.apnic.net

NetRange:   221.0.0.0 - 221.255.255.255

----- Original Message ----- 
From: "Arthur Sherman" <cobalt-list at compros.co.il>
To: "'Cobalt Users'" <cobalt-users at lists.qbalt.com>; "Zeffie-Users" 
<Zeffie-Users at zeffie.net>
Sent: Thursday, April 21, 2005 5:01 AM
Subject: [Zeffie-Users] (raq4) hack attempt

>
> Hi,
>
> How are you doing?
>
>
> I have mentioned this in auth log:
>
> ---start---
> [root spamassassin]# tail -n 50 /var/log/auth
> Apr 20 20:14:05 baby sshd[18765]: error: Could not get shadow information
> for NOUSER
> Apr 20 20:14:05 baby sshd[18765]: Failed password for illegal user backup
> from 221.242.57.202 port 55826 ssh2
> Apr 20 20:14:08 baby sshd[18767]: Illegal user server from 221.242.57.202
> Apr 20 20:14:08 baby sshd[18767]: error: Could not get shadow information
> for NOUSER
> Apr 20 20:14:08 baby sshd[18767]: Failed password for illegal user server
> from 221.242.57.202 port 55901 ssh2
> Apr 20 20:14:11 baby sshd[18769]: Illegal user adam from 221.242.57.202
> Apr 20 20:14:11 baby sshd[18769]: error: Could not get shadow information
> for NOUSER
> Apr 20 20:14:11 baby sshd[18769]: Failed password for illegal user adam 
> from
> 221.242.57.202 port 55966 ssh2
> Apr 20 20:14:15 baby sshd[18771]: Illegal user alan from 221.242.57.202
> Apr 20 20:14:15 baby sshd[18771]: error: Could not get shadow information
> for NOUSER
> Apr 20 20:14:15 baby sshd[18771]: Failed password for illegal user alan 
> from
> 221.242.57.202 port 56060 ssh2
> Apr 20 20:14:18 baby sshd[18773]: Illegal user frank from 221.242.57.202
> Apr 20 20:14:18 baby sshd[18773]: error: Could not get shadow information
> for NOUSER
> Apr 20 20:14:18 baby sshd[18773]: Failed password for illegal user frank
> from 221.242.57.202 port 56142 ssh2
> Apr 20 20:14:21 baby sshd[18777]: Illegal user george from 221.242.57.202
> Apr 20 20:14:21 baby sshd[18777]: error: Could not get shadow information
> for NOUSER
> Apr 20 20:14:21 baby sshd[18777]: Failed password for illegal user george
> from 221.242.57.202 port 56211 ssh2
> ---end---
>
> Some potz from Japan is probing my server.
> How could I make my server block for a hour/day that IP?
>
> Best,
>
> --
> Arthur Sherman
>
> ComPros Team
> +972-52-4689432
>
>
>
>
>
> _______________________________________________
> Zeffie-Users mailing list
> Zeffie-Users at zeffie.net
> http://zeffie.net/mailman/listinfo/zeffie-users_zeffie.net
> 

-----------------------------------------------------------------------
This mail has been checked and is virus free.