lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200407290145.29949.gazpa@euskalnet.net>
From: gazpa at euskalnet.net (Alain Crespo)
Subject: Automated SSH login attempts?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I also seen since July 22nd, bruteforce login attempts on ftpd (proftpd) from 
same ip ranges. And like you some attempts in sshd. The difference between 
them is that for sshd used users are same as yours, but for ftpd they used a 
usernames dictionary (with hundreds of users, what patience ;) ).
Anyone noticed some similar?



Jul 22 21:23:06 www0 proftpd[4447]: myhost (61.109.251.191[61.109.251.191]) - 
USER invaliduserinvalid: no such user found from 61.109.251.191 
[61.109.251.191] to 82.130.240.230:21
Jul 22 21:23:08 www0 proftpd[4448]: myhost (61.109.251.191[61.109.251.191]) - 
USER board: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:10 www0 proftpd[4449]: myhost (61.109.251.191[61.109.251.191]) - 
USER btraining: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:12 www0 proftpd[4451]: myhost (61.109.251.191[61.109.251.191]) - 
USER distros: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:14 www0 proftpd[4452]: myhost (61.109.251.191[61.109.251.191]) - 
USER forge4os: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:16 www0 proftpd[4453]: myhost (61.109.251.191[61.109.251.191]) - 
USER licentia: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:18 www0 proftpd[4454]: myhost (61.109.251.191[61.109.251.191]) - 
USER linuxnews: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:20 www0 proftpd[4455]: myhost (61.109.251.191[61.109.251.191]) - 
USER localgforge: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:22 www0 proftpd[4456]: myhost (61.109.251.191[61.109.251.191]) - 
USER metalist: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:25 www0 proftpd[4457]: myhost (61.109.251.191[61.109.251.191]) - 
USER myos: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:27 www0 proftpd[4458]: myhost (61.109.251.191[61.109.251.191]) - 
USER newsadmin: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:29 www0 proftpd[4459]: myhost (61.109.251.191[61.109.251.191]) - 
USER osgitestbed: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:31 www0 proftpd[4463]: myhost (61.109.251.191[61.109.251.191]) - 
USER ossnews: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:34 www0 proftpd[4464]: myhost (61.109.251.191[61.109.251.191]) - 
USER osync: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:36 www0 proftpd[4465]: myhost (61.109.251.191[61.109.251.191]) - 
USER peerrating: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:38 www0 proftpd[4466]: myhost (61.109.251.191[61.109.251.191]) - 
USER resolvit: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:40 www0 proftpd[4467]: myhost (61.109.251.191[61.109.251.191]) - 
USER siteadmin: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21


- -- 

un saludo,

Alain Crespo <gazpa@...kalnet.net>

_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_

Why use Windows, since there is a door?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBCDqYP3/+R0rF2wkRAtW3AJ963dd6X7Nf17ZjRV/IDcb3DX4GfQCgjkD4
dbK+EryHfYKhIQDcaYMMiec=
=zLQW
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ