It seems someone really tried to get into the webserver today.

Discussion in 'General Chat' started by Teddi, Nov 4, 2011.

  1. Teddi

    Teddi Well-Known Member Bear

    Joined:
    Jul 21, 2007
    Messages:
    9,636
    Likes Received:
    1,119
    Yep. About 50 minutes after I had stopped working on the webserver it appears someone tried to bruteforce their way into the server via SSH. Why they would be I have no idea and I've denied the IP for now (yay for IP tables) however, have a small sample of the usernames they were trying -

    Code:
    Nov  3 03:37:27 control sshd[1300]: input_userauth_request: invalid user admin
Nov  3 03:37:27 control sshd[1301]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:37:29 control sshd[1301]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:37:29 control sshd[1301]: Invalid user admin from 186.215.110.66
Nov  3 03:37:29 control sshd[1302]: input_userauth_request: invalid user admin
Nov  3 03:37:29 control sshd[1303]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:37:31 control sshd[1303]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:37:31 control sshd[1303]: Invalid user admin from 186.215.110.66
Nov  3 03:37:31 control sshd[1304]: input_userauth_request: invalid user admin
Nov  3 03:37:31 control sshd[1305]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:37:32 control sshd[1305]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:37:32 control sshd[1305]: Invalid user admin from 186.215.110.66
Nov  3 03:37:32 control sshd[1306]: input_userauth_request: invalid user admin
Nov  3 03:37:33 control sshd[1307]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:37:34 control sshd[1307]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:37:35 control sshd[1308]: Received disconnect from 186.215.110.66: 11: Bye Bye
Nov  3 03:37:35 control sshd[1309]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:37:36 control sshd[1309]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:37:36 control sshd[1310]: Received disconnect from 186.215.110.66: 11: Bye Bye
Nov  3 03:37:37 control sshd[1311]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:37:38 control sshd[1311]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:37:38 control sshd[1311]: Invalid user test from 186.215.110.66
Nov  3 03:37:38 control sshd[1312]: input_userauth_request: invalid user test
Nov  3 03:37:39 control sshd[1313]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:37:40 control sshd[1313]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:37:40 control sshd[1313]: Invalid user test from 186.215.110.66
Nov  3 03:37:40 control sshd[1314]: input_userauth_request: invalid user test
Nov  3 03:37:40 control sshd[1315]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:37:42 control sshd[1315]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:37:42 control sshd[1315]: Invalid user webmaster from 186.215.110.66
Nov  3 03:37:42 control sshd[1316]: input_userauth_request: invalid user webmaster

A different session - 


Nov  3 03:36:47 control sshd[1249]: input_userauth_request: invalid user info
Nov  3 03:36:47 control sshd[1250]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:36:49 control sshd[1250]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:36:49 control sshd[1250]: Invalid user tony from 186.215.110.66
Nov  3 03:36:49 control sshd[1251]: input_userauth_request: invalid user tony
Nov  3 03:36:49 control sshd[1252]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:36:51 control sshd[1252]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:36:51 control sshd[1252]: Invalid user newsletter from 186.215.110.66
Nov  3 03:36:51 control sshd[1253]: input_userauth_request: invalid user newsletter
Nov  3 03:36:51 control sshd[1254]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:36:53 control sshd[1254]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:36:53 control sshd[1254]: Invalid user named from 186.215.110.66
Nov  3 03:36:53 control sshd[1255]: input_userauth_request: invalid user named
Nov  3 03:36:53 control sshd[1256]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:36:55 control sshd[1256]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:36:55 control sshd[1256]: Invalid user visitor from 186.215.110.66
Nov  3 03:36:55 control sshd[1257]: input_userauth_request: invalid user visitor
Nov  3 03:36:55 control sshd[1258]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:36:57 control sshd[1258]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:36:57 control sshd[1258]: Invalid user ftpuser from 186.215.110.66
Nov  3 03:36:57 control sshd[1259]: input_userauth_request: invalid user ftpuser
Nov  3 03:36:57 control sshd[1260]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:36:58 control sshd[1260]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:36:58 control sshd[1260]: Invalid user username from 186.215.110.66
Nov  3 03:36:58 control sshd[1261]: input_userauth_request: invalid user username
Nov  3 03:36:59 control sshd[1262]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:37:00 control sshd[1262]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:37:00 control sshd[1262]: Invalid user library from 186.215.110.66
Nov  3 03:37:00 control sshd[1263]: input_userauth_request: invalid user library
Nov  3 03:37:01 control sshd[1264]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:37:02 control sshd[1264]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:37:02 control sshd[1264]: Invalid user test from 186.215.110.66
Nov  3 03:37:02 control sshd[1265]: input_userauth_request: invalid user test
Nov  3 03:37:03 control sshd[1266]: warning: /etc/hosts.deny, line 21: can't verify hostname: getaddrinfo(186.215.110.66.static.host.gvt.net.br, AF_INET) failed
Nov  3 03:37:04 control sshd[1266]: reverse mapping checking getaddrinfo for 186.215.110.66.static.host.gvt.net.br [186.215.110.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov  3 03:37:04 control sshd[1267]: Received disconnect from 186.215.110.66: 11: Bye Bye

    Now it's technically impossible to bruteforce your way into the webserver seeing as I use a key for authentication, not a password. Also those seem rather generic :v:
     
    Teddi, Nov 4, 2011
    #1
  2. Zephyr1551

    Zephyr1551 The Slayer of Bob

    Joined:
    Jul 14, 2008
    Messages:
    1,507
    Likes Received:
    2
    Fail
     
    Zephyr1551, Nov 4, 2011
    #2
  3. Sin Vida*

    Sin Vida* Slayer of the Beast

    Joined:
    May 7, 2008
    Messages:
    792
    Likes Received:
    19
    Nov 3 03:36:49 control sshd[1251]: input_userauth_request: invalid user tony

    Tony...?
     
    Sin Vida*, Nov 4, 2011
    #3
  4. Teddi

    Teddi Well-Known Member Bear

    Joined:
    Jul 21, 2007
    Messages:
    9,636
    Likes Received:
    1,119
    There was a whole bunch of them, varying from stuff like Jack to Jimbob.
     
    Teddi, Nov 4, 2011
    #4
  5. Zeke

    Zeke [BB] Sub Admin Sub Admin

    Joined:
    May 2, 2008
    Messages:
    4,209
    Likes Received:
    12
    ssh...lol
     
    Zeke, Nov 4, 2011
    #5
  6. Kaiden

    Kaiden Administrator Community Manager

    Joined:
    Feb 13, 2008
    Messages:
    4,845
    Likes Received:
    774
    Fail.
     
    Kaiden, Nov 4, 2011
    #6
  7. Whitefang

    Whitefang ( ͡° ͜ʖ ͡°)

    Joined:
    Jul 12, 2008
    Messages:
    4,009
    Likes Received:
    43
    BR huehueheuheu
     
    Whitefang, Nov 4, 2011
    #7