Author Topic: SSH Bulked  (Read 2739 times)

0 Members and 1 Guest are viewing this topic.

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
SSH Bulked
« on: September 04, 2007, 02:32:00 am »
someone attempted to crack my SSH server VIA a bulk attack, and I was wondering if anyone knew a website I could report the attack to.

the full log is available at http://netham45.dyndns.org/BulkSSHattack.txt incase anyone wants to see it, this is roughly 1/6 of the deny errors.

The IP seems to be originating in China.

QUOTE
08-29-2007 19:16:33 IP 66.131.94.79 SSH omnimaga disconnected.
08-29-2007 20:28:22 IP 67.190.103.57 SSH omnimaga disconnected.
08-29-2007 20:28:22 IP 192.168.0.107 SSH omnimaga disconnected.
08-31-2007 16:37:58 SSH server started.
08-31-2007 16:37:59 Your freeSSHd is up-to-date.
08-31-2007 16:38:21 IP 67.190.103.57 SSH connection attempt.
08-31-2007 16:38:25 IP 67.190.103.57 SSH nathan ladwig successfully logged on using password.
08-31-2007 16:38:29 IP 67.190.103.57 SSH nathan ladwig submitted a bad password.
08-31-2007 16:38:31 IP 67.190.103.57 SSH nathan ladwig submitted a bad password.
08-31-2007 16:38:34 IP 67.190.103.57 SSH connection attempt.
08-31-2007 16:38:42 IP 67.190.103.57 SSH
Omnimaga Admin

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
SSH Bulked
« Reply #1 on: September 04, 2007, 02:43:00 am »
hmm

did u posted the link on a website somewhere? Because it could be spambots. Plus, if I connected several times in a row at one point it's cuz I logged in, then started uploading and didnt realised it logged me in the root directory so all transfer obviously failed then I accidentally dragged all the files in here to the left section of filezilla window (Omnimaga backup)

then I tried to reconnect several times to check if i could succeed in logging in in my own dir. Basically if the IPs match mine it may be why, Idk what is the jesus, mailman, smmsp, rpm, games and that crap is another person that tried to hack into your account, or a bot

EDIT: 61.189.0.252 <-is that your server IP or the person IP?

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
SSH Bulked
« Reply #2 on: September 04, 2007, 02:44:00 am »
Not sure, but a google of one of the IPs on there shows a black-listed IP, that is known for hacking.

Also, you did it mabye 4 or 5 times, someone did thousands+ of attacks.
Omnimaga Admin

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
SSH Bulked
« Reply #3 on: September 04, 2007, 02:45:00 am »
61.189.0.252 ? that one tried to connect using about 30 usernames at least

Offline necro

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1295
  • Rating: +17/-2
  • +3 vaporal mustache
    • View Profile
SSH Bulked
« Reply #4 on: September 04, 2007, 04:03:00 am »
any way to block the ip adress?
I'm like a woot burger with awesome fries


VB.Net, C#, C++, Java, Game Maker

spengo

  • Guest
SSH Bulked
« Reply #5 on: September 04, 2007, 05:36:00 am »
Hahaha, they phail hard. Also, they are probably using a proxy unless they phail even harder than I think so blocking that ip will do you no good. No, what you need to do is wait and see if they attack again and trace their ip to where it originates. Then pwnz them off the internet with fun fun ddos. :3 If you don't got a botnet I know people that do...  

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
SSH Bulked
« Reply #6 on: September 04, 2007, 06:34:00 am »
Please no suggesting ddos, ddos/hacking is bad. Just try to track down his ISP/country and even his address.

On Epic Programming Studio I remember CrimsonCasio and dysfunction posted the hackers address to public on the forums as punishement, but idk if it's against Invisionfree policies though