悪さしてるやつがいる(サーバークラッキング) [インターネット]
うちのサーバーは、外からは許可したネットワークからしかLoginどころかセッション張るのも弾いてます。
DNS落ちたのもアタックがおおかったからなのかな?
Failed logins from these:
admin/password from 85.10.128.220: 2 Time(s)
anonymous/password from 85.10.128.220: 2 Time(s)
ant/password from 119.97.196.156: 1 Time(s)
anthony/password from 85.10.128.220: 2 Time(s)
anti/password from 85.10.128.220: 2 Time(s)
backup/password from 85.10.128.220: 2 Time(s)
bureau/password from 119.97.196.156: 1 Time(s)
craig/password from 85.10.128.220: 2 Time(s)
daemon/password from 85.10.128.220: 2 Time(s)
dragon/password from 85.10.128.220: 2 Time(s)
elite/password from 85.10.128.220: 2 Time(s)
ftpuser/password from 85.10.128.220: 2 Time(s)
gnax/password from 85.10.128.220: 2 Time(s)
guest/password from 85.10.128.220: 2 Time(s)
jasmin/password from 119.97.196.156: 1 Time(s)
jessie/password from 85.10.128.220: 2 Time(s)
laura/password from 119.97.196.156: 1 Time(s)
marta/password from 85.10.128.220: 2 Time(s)
master/password from 85.10.128.220: 2 Time(s)
michael/password from 85.10.128.220: 2 Time(s)
mike/password from 85.10.128.220: 2 Time(s)
music/password from 85.10.128.220: 2 Time(s)
mysql/password from 85.10.128.220: 2 Time(s)
mythtv/password from 85.10.128.220: 4 Time(s)
notes/password from 85.10.128.220: 2 Time(s)
office/password from 119.97.196.156: 1 Time(s)
oracle/password from 85.10.128.220: 2 Time(s)
pc/password from 119.97.196.156: 1 Time(s)
portal/password from 85.10.128.220: 2 Time(s)
postgres/password from 85.10.128.220: 2 Time(s)
radmin/password from 85.10.128.220: 2 Time(s)
root/password from 41.235.159.248: 3 Time(s)
root/password from 41.239.223.13: 6 Time(s)
root/password from 85.10.128.220: 56 Time(s)
sales/password from 85.10.128.220: 2 Time(s)
short/password from 85.10.128.220: 2 Time(s)
spamfiltrer/password from 85.10.128.220: 2 Time(s)
status/password from 85.10.128.220: 2 Time(s)
test/password from 85.10.128.220: 4 Time(s)
tomcat/password from 85.10.128.220: 2 Time(s)
turbo/password from 85.10.128.220: 2 Time(s)
upload/password from 85.10.128.220: 2 Time(s)
user/password from 85.10.128.220: 2 Time(s)
usuario/password from 85.10.128.220: 2 Time(s)
util1/password from 85.10.128.220: 2 Time(s)
webmaster/password from 85.10.128.220: 2 Time(s)
worker/password from 85.10.128.220: 2 Time(s)
**Unmatched Entries**
warning: /etc/hosts.deny, line 19: can't verify hostname: getaddrinfo(host-41.235.159.248.tedata.net, AF_INET) failed
warning: /etc/hosts.deny, line 19: can't verify hostname: getaddrinfo(host-41.235.159.248.tedata.net, AF_INET) failed
warning: /etc/hosts.deny, line 19: can't verify hostname: getaddrinfo(host-41.239.223.13.tedata.net, AF_INET) failed
warning: /etc/hosts.deny, line 19: can't verify hostname: getaddrinfo(host-41.239.223.13.tedata.net, AF_INET) failed
Illegal user ant from 119.97.196.156
Illegal user office from 119.97.196.156
Illegal user pc from 119.97.196.156
Illegal user bureau from 119.97.196.156
Illegal user jasmin from 119.97.196.156
Illegal user laura from 119.97.196.156
Illegal user oracle from 85.10.128.220
Illegal user test from 85.10.128.220
Illegal user guest from 85.10.128.220
Illegal user marta from 85.10.128.220
Illegal user anti from 85.10.128.220
Illegal user dragon from 85.10.128.220
Illegal user test from 85.10.128.220
Illegal user backup from 85.10.128.220
Illegal user mike from 85.10.128.220
Illegal user oracle from 85.10.128.220
Illegal user test from 85.10.128.220
Illegal user mythtv from 85.10.128.220
Illegal user guest from 85.10.128.220
Illegal user marta from 85.10.128.220
Illegal user anti from 85.10.128.220
Illegal user dragon from 85.10.128.220
Illegal user test from 85.10.128.220
Illegal user backup from 85.10.128.220
Illegal user mike from 85.10.128.220
Illegal user gnax from 85.10.128.220
Illegal user mythtv from 85.10.128.220
Illegal user mythtv from 85.10.128.220
Illegal user upload from 85.10.128.220
Illegal user status from 85.10.128.220
Illegal user tomcat from 85.10.128.220
Illegal user gnax from 85.10.128.220
Illegal user anonymous from 85.10.128.220
Illegal user worker from 85.10.128.220
Illegal user mythtv from 85.10.128.220
Illegal user craig from 85.10.128.220
Illegal user upload from 85.10.128.220
Illegal user webmaster from 85.10.128.220
Illegal user status from 85.10.128.220
Illegal user user from 85.10.128.220
Illegal user tomcat from 85.10.128.220
Illegal user michael from 85.10.128.220
Illegal user anonymous from 85.10.128.220
Illegal user short from 85.10.128.220
Illegal user worker from 85.10.128.220
Illegal user admin from 85.10.128.220
Illegal user craig from 85.10.128.220
Illegal user webmaster from 85.10.128.220
Illegal user music from 85.10.128.220
Illegal user user from 85.10.128.220
Illegal user jessie from 85.10.128.220
Illegal user notes from 85.10.128.220
Illegal user turbo from 85.10.128.220
Illegal user michael from 85.10.128.220
Illegal user usuario from 85.10.128.220
Illegal user short from 85.10.128.220
Illegal user spamfiltrer from 85.10.128.220
Illegal user admin from 85.10.128.220
Illegal user elite from 85.10.128.220
Illegal user ftpuser from 85.10.128.220
Illegal user music from 85.10.128.220
Illegal user radmin from 85.10.128.220
Illegal user jessie from 85.10.128.220
Illegal user portal from 85.10.128.220
Illegal user notes from 85.10.128.220
Illegal user master from 85.10.128.220
Illegal user turbo from 85.10.128.220
Illegal user sales from 85.10.128.220
Illegal user usuario from 85.10.128.220
Illegal user util1 from 85.10.128.220
Illegal user spamfiltrer from 85.10.128.220
Illegal user anthony from 85.10.128.220
Illegal user elite from 85.10.128.220
Illegal user ftpuser from 85.10.128.220
Illegal user radmin from 85.10.128.220
Illegal user portal from 85.10.128.220
Illegal user master from 85.10.128.220
Illegal user sales from 85.10.128.220
Illegal user util1 from 85.10.128.220
Illegal user anthony from 85.10.128.220
---------------------- SSHD End -------------------------
DNS落ちたのもアタックがおおかったからなのかな?
Failed logins from these:
admin/password from 85.10.128.220: 2 Time(s)
anonymous/password from 85.10.128.220: 2 Time(s)
ant/password from 119.97.196.156: 1 Time(s)
anthony/password from 85.10.128.220: 2 Time(s)
anti/password from 85.10.128.220: 2 Time(s)
backup/password from 85.10.128.220: 2 Time(s)
bureau/password from 119.97.196.156: 1 Time(s)
craig/password from 85.10.128.220: 2 Time(s)
daemon/password from 85.10.128.220: 2 Time(s)
dragon/password from 85.10.128.220: 2 Time(s)
elite/password from 85.10.128.220: 2 Time(s)
ftpuser/password from 85.10.128.220: 2 Time(s)
gnax/password from 85.10.128.220: 2 Time(s)
guest/password from 85.10.128.220: 2 Time(s)
jasmin/password from 119.97.196.156: 1 Time(s)
jessie/password from 85.10.128.220: 2 Time(s)
laura/password from 119.97.196.156: 1 Time(s)
marta/password from 85.10.128.220: 2 Time(s)
master/password from 85.10.128.220: 2 Time(s)
michael/password from 85.10.128.220: 2 Time(s)
mike/password from 85.10.128.220: 2 Time(s)
music/password from 85.10.128.220: 2 Time(s)
mysql/password from 85.10.128.220: 2 Time(s)
mythtv/password from 85.10.128.220: 4 Time(s)
notes/password from 85.10.128.220: 2 Time(s)
office/password from 119.97.196.156: 1 Time(s)
oracle/password from 85.10.128.220: 2 Time(s)
pc/password from 119.97.196.156: 1 Time(s)
portal/password from 85.10.128.220: 2 Time(s)
postgres/password from 85.10.128.220: 2 Time(s)
radmin/password from 85.10.128.220: 2 Time(s)
root/password from 41.235.159.248: 3 Time(s)
root/password from 41.239.223.13: 6 Time(s)
root/password from 85.10.128.220: 56 Time(s)
sales/password from 85.10.128.220: 2 Time(s)
short/password from 85.10.128.220: 2 Time(s)
spamfiltrer/password from 85.10.128.220: 2 Time(s)
status/password from 85.10.128.220: 2 Time(s)
test/password from 85.10.128.220: 4 Time(s)
tomcat/password from 85.10.128.220: 2 Time(s)
turbo/password from 85.10.128.220: 2 Time(s)
upload/password from 85.10.128.220: 2 Time(s)
user/password from 85.10.128.220: 2 Time(s)
usuario/password from 85.10.128.220: 2 Time(s)
util1/password from 85.10.128.220: 2 Time(s)
webmaster/password from 85.10.128.220: 2 Time(s)
worker/password from 85.10.128.220: 2 Time(s)
**Unmatched Entries**
warning: /etc/hosts.deny, line 19: can't verify hostname: getaddrinfo(host-41.235.159.248.tedata.net, AF_INET) failed
warning: /etc/hosts.deny, line 19: can't verify hostname: getaddrinfo(host-41.235.159.248.tedata.net, AF_INET) failed
warning: /etc/hosts.deny, line 19: can't verify hostname: getaddrinfo(host-41.239.223.13.tedata.net, AF_INET) failed
warning: /etc/hosts.deny, line 19: can't verify hostname: getaddrinfo(host-41.239.223.13.tedata.net, AF_INET) failed
Illegal user ant from 119.97.196.156
Illegal user office from 119.97.196.156
Illegal user pc from 119.97.196.156
Illegal user bureau from 119.97.196.156
Illegal user jasmin from 119.97.196.156
Illegal user laura from 119.97.196.156
Illegal user oracle from 85.10.128.220
Illegal user test from 85.10.128.220
Illegal user guest from 85.10.128.220
Illegal user marta from 85.10.128.220
Illegal user anti from 85.10.128.220
Illegal user dragon from 85.10.128.220
Illegal user test from 85.10.128.220
Illegal user backup from 85.10.128.220
Illegal user mike from 85.10.128.220
Illegal user oracle from 85.10.128.220
Illegal user test from 85.10.128.220
Illegal user mythtv from 85.10.128.220
Illegal user guest from 85.10.128.220
Illegal user marta from 85.10.128.220
Illegal user anti from 85.10.128.220
Illegal user dragon from 85.10.128.220
Illegal user test from 85.10.128.220
Illegal user backup from 85.10.128.220
Illegal user mike from 85.10.128.220
Illegal user gnax from 85.10.128.220
Illegal user mythtv from 85.10.128.220
Illegal user mythtv from 85.10.128.220
Illegal user upload from 85.10.128.220
Illegal user status from 85.10.128.220
Illegal user tomcat from 85.10.128.220
Illegal user gnax from 85.10.128.220
Illegal user anonymous from 85.10.128.220
Illegal user worker from 85.10.128.220
Illegal user mythtv from 85.10.128.220
Illegal user craig from 85.10.128.220
Illegal user upload from 85.10.128.220
Illegal user webmaster from 85.10.128.220
Illegal user status from 85.10.128.220
Illegal user user from 85.10.128.220
Illegal user tomcat from 85.10.128.220
Illegal user michael from 85.10.128.220
Illegal user anonymous from 85.10.128.220
Illegal user short from 85.10.128.220
Illegal user worker from 85.10.128.220
Illegal user admin from 85.10.128.220
Illegal user craig from 85.10.128.220
Illegal user webmaster from 85.10.128.220
Illegal user music from 85.10.128.220
Illegal user user from 85.10.128.220
Illegal user jessie from 85.10.128.220
Illegal user notes from 85.10.128.220
Illegal user turbo from 85.10.128.220
Illegal user michael from 85.10.128.220
Illegal user usuario from 85.10.128.220
Illegal user short from 85.10.128.220
Illegal user spamfiltrer from 85.10.128.220
Illegal user admin from 85.10.128.220
Illegal user elite from 85.10.128.220
Illegal user ftpuser from 85.10.128.220
Illegal user music from 85.10.128.220
Illegal user radmin from 85.10.128.220
Illegal user jessie from 85.10.128.220
Illegal user portal from 85.10.128.220
Illegal user notes from 85.10.128.220
Illegal user master from 85.10.128.220
Illegal user turbo from 85.10.128.220
Illegal user sales from 85.10.128.220
Illegal user usuario from 85.10.128.220
Illegal user util1 from 85.10.128.220
Illegal user spamfiltrer from 85.10.128.220
Illegal user anthony from 85.10.128.220
Illegal user elite from 85.10.128.220
Illegal user ftpuser from 85.10.128.220
Illegal user radmin from 85.10.128.220
Illegal user portal from 85.10.128.220
Illegal user master from 85.10.128.220
Illegal user sales from 85.10.128.220
Illegal user util1 from 85.10.128.220
Illegal user anthony from 85.10.128.220
---------------------- SSHD End -------------------------
アーストラリア と フィンランド からのアタックですか?
これ?それとも 偽装?
by MasaP (2010-10-25 16:15)
IPアドレスは正しいです。digコマンドで確認すみ。
たまにこういうのきますが、久しぶりに盛大にアカウントクラッッキングが来ました。マルウエアに観戦した踏み台PCからのアタックじゃないかな。
これだから、サーバー管理は目が離せません。
かれこれ数年になりますが、いまのところクラッキング被害には遭っていません。安心はできないけど。
by sawada (2010-10-25 16:57)
うちにも来てるよ。日曜の夕方から。
仕事から帰ってきたらルータとファイルサーバーが落ちてた。
by 三相三線 (2010-10-25 23:24)
hosts.denyがうまく効いていないような気がしてならん・・・
ALL: xxx.xxx.xxx.0/24 #china
これで良かったと思うんだけど。
ALLと:の間にスペース居るんだっけ?
末尾にコメントNGなのかな?
by sawada (2010-10-26 09:22)
俺じゃないよー
by R.SHIMIZU (2010-10-27 22:29)