Author Topic: SSH Bulked (Read 2694 times)

Netham45 · « **on:** September 04, 2007, 02:32:00 am »

someone attempted to crack my SSH server VIA a bulk attack, and I was wondering if anyone knew a website I could report the attack to.

the full log is available at http://netham45.dyndns.org/BulkSSHattack.txt incase anyone wants to see it, this is roughly 1/6 of the deny errors.

The IP seems to be originating in China.

QUOTE

08-29-2007 19:16:33 IP 66.131.94.79 SSH omnimaga disconnected.
08-29-2007 20:28:22 IP 67.190.103.57 SSH omnimaga disconnected.
08-29-2007 20:28:22 IP 192.168.0.107 SSH omnimaga disconnected.
08-31-2007 16:37:58 SSH server started.
08-31-2007 16:37:59 Your freeSSHd is up-to-date.
08-31-2007 16:38:21 IP 67.190.103.57 SSH connection attempt.
08-31-2007 16:38:25 IP 67.190.103.57 SSH nathan ladwig successfully logged on using password.
08-31-2007 16:38:29 IP 67.190.103.57 SSH nathan ladwig submitted a bad password.
08-31-2007 16:38:31 IP 67.190.103.57 SSH nathan ladwig submitted a bad password.
08-31-2007 16:38:34 IP 67.190.103.57 SSH connection attempt.
08-31-2007 16:38:42 IP 67.190.103.57 SSH

Logged

Omnimaga Admin

DJ Omnimaga

Clacualters are teh gr33t
CoT Emeritus
LV15 Omnimagician (Next: --)
Posts: 55943
Rating: +3154/-232
CodeWalrus founder & retired Omnimaga founder

SSH Bulked

« Reply #1 on: September 04, 2007, 02:43:00 am »

hmm

did u posted the link on a website somewhere? Because it could be spambots. Plus, if I connected several times in a row at one point it's cuz I logged in, then started uploading and didnt realised it logged me in the root directory so all transfer obviously failed then I accidentally dragged all the files in here to the left section of filezilla window (Omnimaga backup)

then I tried to reconnect several times to check if i could succeed in logging in in my own dir. Basically if the IPs match mine it may be why, Idk what is the jesus, mailman, smmsp, rpm, games and that crap is another person that tried to hack into your account, or a bot

EDIT: 61.189.0.252 <-is that your server IP or the person IP?

Logged

Netham45

LV11 Super Veteran (Next: 3000)
Posts: 2103
Rating: +213/-4
*explodes*

SSH Bulked

« Reply #2 on: September 04, 2007, 02:44:00 am »

Not sure, but a google of one of the IPs on there shows a black-listed IP, that is known for hacking.

Also, you did it mabye 4 or 5 times, someone did thousands+ of attacks.

Logged

Omnimaga Admin

DJ Omnimaga

Clacualters are teh gr33t
CoT Emeritus
LV15 Omnimagician (Next: --)
Posts: 55943
Rating: +3154/-232
CodeWalrus founder & retired Omnimaga founder

SSH Bulked

« Reply #3 on: September 04, 2007, 02:45:00 am »

61.189.0.252 ? that one tried to connect using about 30 usernames at least

Logged

necro

LV9 Veteran (Next: 1337)
Posts: 1295
Rating: +17/-2
+3 vaporal mustache

SSH Bulked

« Reply #4 on: September 04, 2007, 04:03:00 am »

any way to block the ip adress?

Logged

I'm like a woot burger with awesome fries

VB.Net, C#, C++, Java, Game Maker

spengo

Guest

SSH Bulked

« Reply #5 on: September 04, 2007, 05:36:00 am »

Hahaha, they phail hard. Also, they are probably using a proxy unless they phail even harder than I think so blocking that ip will do you no good. No, what you need to do is wait and see if they attack again and trace their ip to where it originates. Then pwnz them off the internet with fun fun ddos.

If you don't got a botnet I know people that do...

Logged

DJ Omnimaga

Clacualters are teh gr33t
CoT Emeritus
LV15 Omnimagician (Next: --)
Posts: 55943
Rating: +3154/-232
CodeWalrus founder & retired Omnimaga founder

SSH Bulked

« Reply #6 on: September 04, 2007, 06:34:00 am »

Please no suggesting ddos, ddos/hacking is bad. Just try to track down his ISP/country and even his address.

On Epic Programming Studio I remember CrimsonCasio and dysfunction posted the hackers address to public on the forums as punishement, but idk if it's against Invisionfree policies though

Logged

Print

Pages: [1] Go Up

« previous next »