HFX Forum

Network Administration => Admin War Stories => Topic started by: Metgod on September 16, 2005, 10:24:05 AM

Title: ssh and stupid would be (windows ?) hacker
Post by: Metgod on September 16, 2005, 10:24:05 AM
This is pretty amusing.

I left one of my servers up last night, and had ssh open (had a friend using my sftp server). ONE NIGHT!!

So when I wake up and look in the logs I see the below:

Quote

Sep 16 03:12:41 deranged sshd[11140]: Did not receive identification string from 202.198.128.147
Sep 16 03:20:50 deranged sshd[11156]: Invalid user admin from 202.198.128.147
Sep 16 03:20:51 deranged sshd(pam_unix)[11156]: check pass; user unknown
Sep 16 03:20:51 deranged sshd(pam_unix)[11156]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rh
ost=202.198.128.147
Sep 16 03:20:53 deranged sshd[11156]: Failed password for invalid user admin from 202.198.128.147 port 40002 ss
h2
Sep 16 03:21:03 deranged sshd[11161]: Invalid user administrator from 202.198.128.147
Sep 16 03:21:03 deranged sshd(pam_unix)[11161]: check pass; user unknown
Sep 16 03:21:03 deranged sshd(pam_unix)[11161]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rh
ost=202.198.128.147
Sep 16 03:21:06 deranged sshd[11161]: Failed password for invalid user administrator from 202.198.128.147 port
41396 ssh2

Sep 16 04:54:02 deranged sshd[11278]: Did not receive identification string from 67.153.120.12
Sep 16 05:02:45 deranged sshd(pam_unix)[11297]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rh
ost=ip67-153-120-12.z120-153-67.customer.algx.net  user=root
Sep 16 05:02:48 deranged sshd[11297]: Failed password for root from 67.153.120.12 port 46080 ssh2
Sep 16 05:02:52 deranged sshd[11302]: Invalid user admin from 67.153.120.12
Sep 16 05:02:53 deranged sshd(pam_unix)[11302]: check pass; user unknown
Sep 16 05:02:53 deranged sshd(pam_unix)[11302]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rh
ost=ip67-153-120-12.z120-153-67.customer.algx.net
Sep 16 05:02:55 deranged sshd[11302]: Failed password for invalid user admin from 67.153.120.12 port 48593 ssh2
Sep 16 05:03:03 deranged sshd[11307]: Invalid user test from 67.153.120.12
Sep 16 05:03:03 deranged sshd(pam_unix)[11307]: check pass; user unknown
Sep 16 05:03:03 deranged sshd(pam_unix)[11307]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rh
ost=ip67-153-120-12.z120-153-67.customer.algx.net
Sep 16 05:03:06 deranged sshd[11307]: Failed password for invalid user test from 67.153.120.12 port 55389 ssh2


I think the above quote says enough by itself. Will be interesting to see who else will try this. I wonder if it's a script or what ...

Oh well. It's to be expected. But it's always amusing when the person is just trying random login names (whether they exist on other OS's or not).