oh


Rispondi
Avatar utente
ale
Mac
Messaggi: 6797
Iscritto il: 27 apr 2001, 20:31
Località: Romanengo
Contatta:
Contatta ale

oh

Messaggio da ale » 19 lug 2006, 14:05

ma in quanti cacchio tentano di entrare nel mio povero server linux?

Jul 15 20:09:11 server sshd[11739]: Illegal user webadmin from ::ffff:65.183.1.8
6
Jul 15 20:09:12 server sshd[11739]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:14 server sshd[11741]: Illegal user spam from ::ffff:65.183.1.86
Jul 15 20:09:14 server sshd[11741]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:17 server sshd[11743]: Illegal user virus from ::ffff:65.183.1.86
Jul 15 20:09:17 server sshd[11743]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:19 server sshd[11745]: Illegal user cyrus from ::ffff:65.183.1.86
Jul 15 20:09:19 server sshd[11745]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:22 server sshd[11747]: Illegal user oracle from ::ffff:65.183.1.86
Jul 15 20:09:22 server sshd[11747]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:24 server sshd[11749]: Illegal user michael from ::ffff:65.183.1.86
Jul 15 20:09:24 server sshd[11749]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:28 server sshd[11751]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:28 server sshd[11751]: User ftp not allowed because not listed in A
llowUsers
Jul 15 20:09:31 server sshd[11753]: Illegal user test from ::ffff:65.183.1.86
Jul 15 20:09:31 server sshd[11753]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:33 server sshd[11755]: Illegal user webmaster from ::ffff:65.183.1.
86
Jul 15 20:09:34 server sshd[11755]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:36 server sshd[11757]: Illegal user postmaster from ::ffff:65.183.1
.86
Jul 15 20:09:36 server sshd[11757]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:39 server sshd[11759]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:39 server sshd[11759]: User postfix not allowed because not listed
in AllowUsers
Jul 15 20:09:41 server sshd[11761]: Illegal user postgres from ::ffff:65.183.1.8
6
Jul 15 20:09:41 server sshd[11761]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:44 server sshd[11763]: Illegal user paul from ::ffff:65.183.1.86
Jul 15 20:09:44 server sshd[11763]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:46 server sshd[11765]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:46 server sshd[11765]: User root not allowed because not listed in
AllowUsers
Jul 15 20:09:49 server sshd[11767]: Illegal user guest from ::ffff:65.183.1.86
Jul 15 20:09:49 server sshd[11767]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:51 server sshd[11769]: Illegal user admin from ::ffff:65.183.1.86
Jul 15 20:09:51 server sshd[11769]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:54 server sshd[11771]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:54 server sshd[11771]: User linux not allowed because not listed in
AllowUsers
Jul 15 20:09:56 server sshd[11773]: Illegal user user from ::ffff:65.183.1.86
Jul 15 20:09:57 server sshd[11773]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:09:59 server sshd[11775]: Illegal user david from ::ffff:65.183.1.86
Jul 15 20:09:59 server sshd[11775]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:01 server sshd[11777]: Illegal user web from ::ffff:65.183.1.86
Jul 15 20:10:01 server sshd[11777]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:04 server sshd[11779]: Illegal user apache from ::ffff:65.183.1.86
Jul 15 20:10:04 server sshd[11779]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:06 server sshd[11781]: Illegal user pgsql from ::ffff:65.183.1.86
Jul 15 20:10:06 server sshd[11781]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:09 server sshd[11783]: Illegal user mysql from ::ffff:65.183.1.86
Jul 15 20:10:09 server sshd[11783]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:11 server sshd[11785]: Illegal user info from ::ffff:65.183.1.86
Jul 15 20:10:11 server sshd[11785]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:15 server sshd[11787]: Illegal user tony from ::ffff:65.183.1.86
Jul 15 20:10:15 server sshd[11787]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:17 server sshd[11789]: Illegal user core from ::ffff:65.183.1.86
Jul 15 20:10:17 server sshd[11789]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:20 server sshd[11791]: Illegal user newsletter from ::ffff:65.183.1
.86
Jul 15 20:10:21 server sshd[11791]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:23 server sshd[11793]: Illegal user named from ::ffff:65.183.1.86
Jul 15 20:10:23 server sshd[11793]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:25 server sshd[11795]: Illegal user visitor from ::ffff:65.183.1.86
Jul 15 20:10:25 server sshd[11795]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:28 server sshd[11797]: Illegal user ftpuser from ::ffff:65.183.1.86
Jul 15 20:10:28 server sshd[11797]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:30 server sshd[11799]: Illegal user username from ::ffff:65.183.1.8
6
Jul 15 20:10:30 server sshd[11799]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:33 server sshd[11801]: Illegal user administrator from ::ffff:65.18
3.1.86
Jul 15 20:10:33 server sshd[11801]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:37 server sshd[11803]: Illegal user library from ::ffff:65.183.1.86
Jul 15 20:10:37 server sshd[11803]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:40 server sshd[11805]: Illegal user test from ::ffff:65.183.1.86
Jul 15 20:10:40 server sshd[11805]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:43 server sshd[11807]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:43 server sshd[11807]: User root not allowed because not listed in
AllowUsers
Jul 15 20:10:45 server sshd[11809]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:45 server sshd[11809]: User root not allowed because not listed in
AllowUsers
Jul 15 20:10:48 server sshd[11811]: Illegal user admin from ::ffff:65.183.1.86
Jul 15 20:10:48 server sshd[11811]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:50 server sshd[11813]: Illegal user guest from ::ffff:65.183.1.86
Jul 15 20:10:51 server sshd[11813]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:54 server sshd[11815]: Illegal user master from ::ffff:65.183.1.86
Jul 15 20:10:54 server sshd[11815]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:56 server sshd[11817]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:56 server sshd[11817]: User root not allowed because not listed in
AllowUsers
Jul 15 20:10:59 server sshd[11819]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:10:59 server sshd[11819]: User root not allowed because not listed in
AllowUsers
Jul 15 20:11:02 server sshd[11821]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:02 server sshd[11821]: User root not allowed because not listed in
AllowUsers
Jul 15 20:11:05 server sshd[11823]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:05 server sshd[11823]: User root not allowed because not listed in
AllowUsers
Jul 15 20:11:09 server sshd[11825]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:09 server sshd[11825]: User root not allowed because not listed in
AllowUsers
Jul 15 20:11:11 server sshd[11827]: Illegal user admin from ::ffff:65.183.1.86
Jul 15 20:11:12 server sshd[11827]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:14 server sshd[11829]: Illegal user admin from ::ffff:65.183.1.86
Jul 15 20:11:14 server sshd[11829]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:16 server sshd[11831]: Illegal user admin from ::ffff:65.183.1.86
Jul 15 20:11:17 server sshd[11831]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:19 server sshd[11833]: Illegal user admin from ::ffff:65.183.1.86
Jul 15 20:11:19 server sshd[11833]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:22 server sshd[11835]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:22 server sshd[11835]: User root not allowed because not listed in
AllowUsers
Jul 15 20:11:24 server sshd[11837]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:24 server sshd[11837]: User root not allowed because not listed in
AllowUsers
Jul 15 20:11:27 server sshd[11839]: Illegal user test from ::ffff:65.183.1.86
Jul 15 20:11:27 server sshd[11839]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:29 server sshd[11841]: Illegal user test from ::ffff:65.183.1.86
Jul 15 20:11:29 server sshd[11841]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:33 server sshd[11843]: Illegal user webmaster from ::ffff:65.183.1.
86
Jul 15 20:11:34 server sshd[11843]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:39 server sshd[11845]: Illegal user username from ::ffff:65.183.1.8
6
Jul 15 20:11:39 server sshd[11845]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:41 server sshd[11847]: Illegal user user from ::ffff:65.183.1.86
Jul 15 20:11:42 server sshd[11847]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:51 server sshd[11849]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:51 server sshd[11849]: User root not allowed because not listed in
AllowUsers
Jul 15 20:11:55 server sshd[11851]: Illegal user admin from ::ffff:65.183.1.86
Jul 15 20:11:55 server sshd[11851]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:11:57 server sshd[11853]: Illegal user test from ::ffff:65.183.1.86
Jul 15 20:11:57 server sshd[11853]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:12:00 server sshd[11855]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:12:00 server sshd[11855]: User root not allowed because not listed in
AllowUsers
Jul 15 20:12:02 server sshd[11857]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:12:02 server sshd[11857]: User root not allowed because not listed in
AllowUsers
Jul 15 20:12:06 server sshd[11859]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:12:06 server sshd[11859]: User root not allowed because not listed in
AllowUsers
Jul 15 20:12:08 server sshd[11861]: Illegal user danny from ::ffff:65.183.1.86
Jul 15 20:12:09 server sshd[11861]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:12:11 server sshd[11863]: Illegal user alex from ::ffff:65.183.1.86
Jul 15 20:12:11 server sshd[11863]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:12:13 server sshd[11865]: Illegal user brett from ::ffff:65.183.1.86
Jul 15 20:12:16 server sshd[11867]: Illegal user mike from ::ffff:65.183.1.86
Jul 15 20:12:19 server sshd[11869]: Illegal user alan from ::ffff:65.183.1.86
Jul 15 20:12:19 server sshd[11865]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:12:19 server sshd[11869]: reverse mapping checking getaddrinfo for por
t86.flowja.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 15 20:12:19 server sshd[11867]: reverse mapping checking getaddrinfo for por
--Ancora--


questo è una piccola porzione del file messages ottenuta con:
cat messages|grep sshd|more

mah, potrò stare sicuro?
ho paura a fare l'aggiornamento software sulla mia suse, ho avuto brutte brutte esperienze a fare l'aggiornamento su mandriva con la sua funzione di update software e con debian con apt-get.
in tutte e due i casi ho dovuto reinstallare tutto e ho paura che anche suse faccia allo stesso modo con la sua versione dell'update software.
speriamo che il demone ssh non sia troppo fallato! :)
E pluribus unum
Top
Avatar utente
nikez
Nudo
Messaggi: 3498
Iscritto il: 21 apr 2002, 14:11
Località: Vaiano
Contatta:
Contatta nikez

Messaggio da nikez » 19 lug 2006, 14:13

perchè hai dovuto reinstallare tutto? che combinanvano?
/* NO COMMENT */
Top
Avatar utente
ale
Mac
Messaggi: 6797
Iscritto il: 27 apr 2001, 20:31
Località: Romanengo
Contatta:
Contatta ale

Messaggio da ale » 19 lug 2006, 14:42

nikez ha scritto:perchè hai dovuto reinstallare tutto? che combinanvano?
non partivano più :)
mentre erano accese non permettevano di lanciare nuovi programmi e al riavvio non partivano più se non in modalità safe boot...
una reinstallazione ha sistemato tutto in entrambi i casi.
in fondo è sempre dura aggiornare cose come libtool il kernel e altre cose profonde nel sistema.
finché si aggiorna firefox o magari anche kde va tutto bene.
potrei fare selettivamente gli aggiornamenti riguardanti ssh, credo, e risolvere i problemi di sicurezza avendo aperto solo quel servizio verso l'esterno, o no?
ho notato tanti tentativi che durano anche diverse ore con quello che credo essere un dizionario di username.
ma come sperano di beccare anche la password? credono che il mio utente sia alex con password alex?
mah...
E pluribus unum
Top
Avatar utente
berto
GranGianGnomo
Messaggi: 2343
Iscritto il: 10 lug 2001, 16:04
Contatta:
Contatta berto

Messaggio da berto » 19 lug 2006, 15:01

Tantissima gente usa username e password banali, anche su server "di produzione".
Per quanto riguarda i log, credo che sia normale vedersi scannati dai dementi di mezzo mondo... comunque chiedi su linux.sys se vuoi sapere cosa stanno cercando di fare esattamente.

Strano che l'aggiornamento di mandriva ti abbia rotto il sistema... non è che avevi impostato come fonti la cooker o cose simili?
Se c'è un aggiornamento di sshd, meglio metterlo.
Visto che il tuo server sta sempre acceso, potresti fargli fare un bel backup ogni notte... anche solo di /etc.

Se stai sul cazzo a Chuck Norris sei un uomo morto... o una donna viva.
Top
Avatar utente
Alì Baobab
GranGianGnomo
Messaggi: 2389
Iscritto il: 04 ott 2005, 16:41
Località: Ripalta Guerina

Messaggio da Alì Baobab » 19 lug 2006, 21:09

contrattacchiamo?
Top
Rispondi

Torna a “Linux”