Omnimaga

General Discussion => Technology and Development => Web Programming and Design => Topic started by: Netham45 on September 04, 2007, 02:32:00 am

Title: SSH Bulked
Post by: Netham45 on September 04, 2007, 02:32:00 am

someone attempted to crack my SSH server VIA a bulk attack, and I was wondering if anyone knew a website I could report the attack to.

the full log is available at http://netham45.dyndns.org/BulkSSHattack.txt incase anyone wants to see it, this is roughly 1/6 of the deny errors.

The IP seems to be originating in China.

QUOTE

08-29-2007 19:16:33 IP 66.131.94.79 SSH omnimaga disconnected. 08-29-2007 20:28:22 IP 67.190.103.57 SSH omnimaga disconnected. 08-29-2007 20:28:22 IP 192.168.0.107 SSH omnimaga disconnected. 08-31-2007 16:37:58 SSH server started. 08-31-2007 16:37:59 Your freeSSHd is up-to-date. 08-31-2007 16:38:21 IP 67.190.103.57 SSH connection attempt. 08-31-2007 16:38:25 IP 67.190.103.57 SSH nathan ladwig successfully logged on using password. 08-31-2007 16:38:29 IP 67.190.103.57 SSH nathan ladwig submitted a bad password. 08-31-2007 16:38:31 IP 67.190.103.57 SSH nathan ladwig submitted a bad password. 08-31-2007 16:38:34 IP 67.190.103.57 SSH connection attempt. 08-31-2007 16:38:42 IP 67.190.103.57 SSH Title: SSH Bulked Post by: DJ Omnimaga on September 04, 2007, 02:43:00 am hmm did u posted the link on a website somewhere? Because it could be spambots. Plus, if I connected several times in a row at one point it's cuz I logged in, then started uploading and didnt realised it logged me in the root directory so all transfer obviously failed then I accidentally dragged all the files in here to the left section of filezilla window (Omnimaga backup) then I tried to reconnect several times to check if i could succeed in logging in in my own dir. Basically if the IPs match mine it may be why, Idk what is the jesus, mailman, smmsp, rpm, games and that crap is another person that tried to hack into your account, or a bot EDIT: 61.189.0.252 <-is that your server IP or the person IP? Title: SSH Bulked Post by: Netham45 on September 04, 2007, 02:44:00 am Not sure, but a google of one of the IPs on there shows a black-listed IP, that is known for hacking. Also, you did it mabye 4 or 5 times, someone did thousands+ of attacks. Title: SSH Bulked Post by: DJ Omnimaga on September 04, 2007, 02:45:00 am 61.189.0.252 ? that one tried to connect using about 30 usernames at least Title: SSH Bulked Post by: necro on September 04, 2007, 04:03:00 am any way to block the ip adress? Title: SSH Bulked Post by: spengo on September 04, 2007, 05:36:00 am Hahaha, they phail hard. Also, they are probably using a proxy unless they phail even harder than I think so blocking that ip will do you no good. No, what you need to do is wait and see if they attack again and trace their ip to where it originates. Then pwnz them off the internet with fun fun ddos. :3 If you don't got a botnet I know people that do...   Title: SSH Bulked Post by: DJ Omnimaga on September 04, 2007, 06:34:00 am Please no suggesting ddos, ddos/hacking is bad. Just try to track down his ISP/country and even his address. On Epic Programming Studio I remember CrimsonCasio and dysfunction posted the hackers address to public on the forums as punishement, but idk if it's against Invisionfree policies though SMF 2.0.15 | SMF © 2017, Simple Machines Dream Portal 1.1 © 2009–2024 Dream Portal Team