![]() |
| | #1 |
| UT2004 Addict Join Date: Dec 2004
Posts: 645
| SSH Hacker Activity!! AAHHH!! Code: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 69.29.250.67:22 66.128.33.38:40417 TIME_WAIT - tcp 0 0 69.29.250.67:22 66.128.33.38:40553 TIME_WAIT - tcp 0 0 69.29.250.67:22 66.128.33.38:40872 TIME_WAIT - tcp 0 0 69.29.250.67:22 66.128.33.38:40370 TIME_WAIT - tcp 0 0 69.29.250.67:22 66.128.33.38:40689 TIME_WAIT - tcp 0 0 69.29.250.67:22 66.128.33.38:40823 TIME_WAIT - tcp 0 0 69.29.250.67:22 66.128.33.38:40506 TIME_WAIT - tcp 0 0 69.29.250.67:22 66.128.33.38:40642 TIME_WAIT - tcp 0 0 69.29.250.67:22 66.128.33.38:40779 TIME_WAIT - tcp 0 0 69.29.250.67:22 66.128.33.38:40461 TIME_WAIT - tcp 0 0 69.29.250.67:22 66.128.33.38:40592 TIME_WAIT - tcp 1 1 69.29.250.67:22 66.128.33.38:40919 CLOSING - tcp 0 0 69.29.250.67:22 66.128.33.38:40733 TIME_WAIT - Not Cool That isn't too cool, he's spanish too, that means if he takes over my system, then I won't be able to talk to him! "Hey buddy, try not to delete the pr0n files" ya know!? So has anyone else felt like they're being taken over by spanish hackers? |
| Kleid-0 is offline |
| | #2 |
| UT2004 Addict Join Date: Dec 2004
Posts: 645
| He's from the Caribean!!, search up: 66.128.33.38. Those Caribean hackers! Darn them! I think I should report that guy, whoever he was, I wonder if I sent an abuse email, and the administrator would even understand! "I RECEivED packets through SSL port 22, uuhh, could you call him up and tell him he's being a bad person!?" I can just see them, laughing at my face! :( EDIT--------------------- HAHAHAHAHHAHA, THIS GUY IS AWESOME Code: Jan 16 20:43:42 Shiva sshd[32399]: Illegal user jordan from 66.128.33.38 Jan 16 20:43:46 Shiva sshd[32401]: Illegal user michael from 66.128.33.38 Jan 16 20:43:50 Shiva sshd[32403]: Illegal user nicole from 66.128.33.38 Jan 16 20:43:54 Shiva sshd[32405]: Illegal user daniel from 66.128.33.38 Jan 16 20:43:58 Shiva sshd[32407]: Illegal user andrew from 66.128.33.38 Jan 16 20:44:03 Shiva sshd[32409]: Illegal user magic from 66.128.33.38 Jan 16 20:44:07 Shiva sshd[32411]: Illegal user lion from 66.128.33.38 Jan 16 20:44:11 Shiva sshd[32413]: Illegal user david from 66.128.33.38 Jan 16 20:44:16 Shiva sshd[32415]: Illegal user jason from 66.128.33.38 Jan 16 20:44:20 Shiva sshd[32417]: Illegal user carmen from 66.128.33.38 Jan 16 20:44:24 Shiva sshd[32419]: Illegal user justin from 66.128.33.38 Jan 16 20:44:29 Shiva sshd[32421]: Illegal user charlie from 66.128.33.38 Jan 16 20:44:33 Shiva sshd[32423]: Illegal user steven from 66.128.33.38 Jan 16 20:44:38 Shiva sshd[32425]: Illegal user brandon from 66.128.33.38 Jan 16 20:44:42 Shiva sshd[32427]: Illegal user brian from 66.128.33.38 Jan 16 20:44:47 Shiva sshd[32429]: Illegal user stephen from 66.128.33.38 Jan 16 20:44:51 Shiva sshd[32431]: Illegal user william from 66.128.33.38 Jan 16 20:44:56 Shiva sshd[32433]: Illegal user angel from 66.128.33.38 Jan 16 20:45:00 Shiva sshd[32435]: Illegal user emily from 66.128.33.38 Jan 16 20:45:05 Shiva sshd[32445]: Illegal user eric from 66.128.33.38 Jan 16 20:45:09 Shiva sshd[32447]: Illegal user joe from 66.128.33.38 Jan 16 20:45:14 Shiva sshd[32450]: Illegal user tom from 66.128.33.38 Jan 16 20:45:18 Shiva sshd[32452]: Illegal user billy from 66.128.33.38 Jan 16 20:45:23 Shiva sshd[32454]: Illegal user buddy from 66.128.33.38 Jan 16 20:45:27 Shiva sshd[32457]: Illegal user jeremy from 66.128.33.38 Jan 16 20:45:32 Shiva sshd[32460]: Illegal user vampire from 66.128.33.38 Jan 16 20:45:36 Shiva sshd[32462]: Illegal user betty from 66.128.33.38 Jan 16 20:45:41 Shiva sshd[32465]: Illegal user max from 66.128.33.38 Jan 16 20:45:46 Shiva sshd[32467]: Illegal user nicholas from 66.128.33.38 Jan 16 20:45:50 Shiva sshd[32469]: Illegal user robin from 66.128.33.38 Jan 16 20:45:55 Shiva sshd[32471]: Illegal user johnny from 66.128.33.38 Jan 16 20:46:00 Shiva sshd[32473]: Illegal user lucy from 66.128.33.38 Jan 16 20:46:04 Shiva sshd[32475]: Illegal user maria from 66.128.33.38 Jan 16 20:46:09 Shiva sshd[32477]: Illegal user rose from 66.128.33.38 Jan 16 20:46:19 Shiva sshd[32481]: Illegal user god from 66.128.33.38 Jan 16 20:46:24 Shiva sshd[32483]: Illegal user barbara from 66.128.33.38 Jan 16 20:46:28 Shiva sshd[32486]: Illegal user larisa from 66.128.33.38 Jan 16 20:46:33 Shiva sshd[32489]: Illegal user jane from 66.128.33.38 Jan 16 20:46:38 Shiva sshd[32491]: Illegal user dog from 66.128.33.38 Jan 16 20:46:43 Shiva sshd[32493]: Illegal user sparc from 66.128.33.38 Jan 16 20:46:47 Shiva sshd[32495]: Illegal user credit from 66.128.33.38 Jan 16 20:46:52 Shiva sshd[32497]: Illegal user info from 66.128.33.38 Jan 16 20:46:57 Shiva sshd[32499]: Illegal user manager from 66.128.33.38 Jan 16 20:47:02 Shiva sshd[32507]: Illegal user horse from 66.128.33.38 Jan 16 20:47:07 Shiva sshd[32509]: Illegal user nokia from 66.128.33.3 Last edited by Kleid-0; 01-16-2005 at 11:26 PM. |
| Kleid-0 is offline |
| | #3 |
| Banned Join Date: Sep 2002
Posts: 6,334
| id be suprised if that person is in the Carr. Its more likely that they are bouncing off of a bunch of non local servers. Its probably a script kiddie, so long as you rnot allowing any access through unsecured ports you should be fine. |
| RoD is offline |
| | #4 |
| Registered User Join Date: Aug 2001 Location: Newport, South Wales, UK
Posts: 1,094
| Does anyone seriously use their forename as a uid?!? Okay, give a linux newbie the choice and they may well opt for that (Assuming that they understand not to use root all the time), but certainly a business server (i.e. something worth hacking) would not use anything like that form. Although I have to admit my Windows username is "nokia"... ![]() |
| SMurf is offline |
| | #5 |
| and the hat of vanishing Join Date: Aug 2001 Location: The edge of the known universe
Posts: 21,214
| > Jan 16 20:46:19 Shiva sshd[32481]: Illegal user god from 66.128.33.38 Huh-oh, they're onto me ![]() > could you call him up and tell him he's being a bad person!?" Forward your logs to postmaster@loserisp.com and abuse@loserisp.com Or find out how to do this locally on your machine http://labrea.sourceforge.net/labrea-info.html That should slow them down
__________________ If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut. Up to 8Mb PlusNet broadband from only £5.99 a month! |
| Salem is offline |
| | #6 |
| Registered User Join Date: Feb 2003 Location: Mt. Prospect, IL
Posts: 2,602
| hey Kleid-o, look into honeynets, you could have some fun with that guy
__________________ some entropy with that sink? entropysink.com there are two cardinal sins from which all others spring: Impatience and Laziness. - franz kafka |
| axon is offline |
| | #7 | |
| UT2004 Addict Join Date: Dec 2004
Posts: 645
| Quote:
| |
| Kleid-0 is offline |
| | #8 |
| Just one more wrong move. Join Date: Aug 2001
Posts: 3,232
| There used to be some annoying Spanish script kiddie who used constantly try to get into my computer. I got him booted off of his ISP once, but I caught him a week or so later back at it from a new ISP. I tried emailing that ISP too, but it never worked. He stopped sooner or later, but it was clogging up my logs like crazy. >>Does anyone seriously use their forename as a uid?!? Me, but then again, look at my forum name . I'm not afraid of an evil hacker breaking into my OSX or Linux boxes, because the passwords are pretty good on each.
__________________ Gays can't love like real people entropysink.com -- because arses weren't designed for running websites. |
| -KEN- is offline |
| | #9 |
| Me Join Date: Oct 2002 Location: Europe
Posts: 448
| >>Does anyone seriously use their forename as a uid?!? I do. But my linux boxen are behind a NAT. Of course, the nat runs 'that other os', so the point is mainly invalid, but my dad hasn't been able to get the modem to respond properly with Linux. EDIT: Damn! Where's my head? NAT OS changed.
__________________ SoKrA-BTS "Judge not the program I made, but the one I've yet to code" I say what I say, I mean what I mean. IDE: emacs + make + gcc and proud of it. |
| -=SoKrA=- is offline |
| | #10 | |
| and the hat of marbles Join Date: May 2002 Location: Göteborg, Sweden
Posts: 2,038
| Quote:
But the password is 20+ non-alphanumeric characters. I don't think it's a problem to use easy guessable user names.
__________________ Last edited by Sang-drax : Tomorrow at 02:21 AM. Reason: Time travelling | |
| Sang-drax is offline |
| | #11 |
| Nosepicker Join Date: Nov 2001
Posts: 407
| >>I'm not afraid of an evil hacker breaking into my OSX or Linux boxes, because the passwords are pretty good on each.<< who told you "Iliekboiz" is a good password?
__________________ DrakkenKorin Get off my Intarweb!!!! |
| DrakkenKorin is offline |
| | #12 | |
| Just one more wrong move. Join Date: Aug 2001
Posts: 3,232
| Quote:
__________________ Gays can't love like real people entropysink.com -- because arses weren't designed for running websites. | |
| -KEN- is offline |
| | #13 |
| Nosepicker Join Date: Nov 2001
Posts: 407
| yes, but you forgot the numeric character and the special character. you should change it to "1liekbo!z"
__________________ DrakkenKorin Get off my Intarweb!!!! |
| DrakkenKorin is offline |
| | #14 |
| Registered User Join Date: Aug 2003
Posts: 774
| Why not use 1773 |-|4><><0|2 code |
| Shakti is offline |
| | #15 |
| Registered User Join Date: Mar 2005
Posts: 1
| Worm I think what you are seeing here is a worm. I've spent the past few weeks adding information together. I've seen roughly 23 servers with the exact same logs coming from around the world. I recently talked to a gentleman in boston from a legit business and it turns out his computer was compromised. As long as you are seeing the messages in the secure log, you're ok. (I know it's an uneasy feeling) |
| Neonblue is offline |
| Thread Tools | |
| Display Modes | |
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| ssh daemon question | Overworked_PhD | Linux Programming | 4 | 07-07-2009 11:44 AM |
| Windows SSH Wrapper | pobri19 | Networking/Device Communication | 2 | 04-04-2009 04:36 AM |
| SSH via C program | yogesh3073 | C Programming | 3 | 01-11-2007 03:29 PM |
| SSH tunnel | kastrup_carioca | C Programming | 10 | 01-18-2006 04:29 PM |