Hi,
ich beobachte seit Wochen, dass immer wieder versucht wird, per SSH auf meinen Server zuzugreifen:
|
Quellcode
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
Failed logins from these:
admin/password from ::ffff:202.64.162.11: 2 Time(s)
admin/password from ::ffff:218.108.41.100: 4 Time(s)
guest/password from ::ffff:202.64.162.11: 1 Time(s)
guest/password from ::ffff:218.108.41.100: 2 Time(s)
guest/password from ::ffff:62.112.129.94: 2 Time(s)
root/password from ::ffff:202.64.162.11: 3 Time(s)
root/password from ::ffff:218.108.41.100: 6 Time(s)
test/password from ::ffff:200.73.162.10: 2 Time(s)
test/password from ::ffff:202.64.162.11: 2 Time(s)
test/password from ::ffff:218.108.41.100: 4 Time(s)
test/password from ::ffff:62.112.129.94: 2 Time(s)
user/password from ::ffff:202.64.162.11: 1 Time(s)
user/password from ::ffff:218.108.41.100: 2 Time(s)
Illegal users from these:
admin/none from ::ffff:202.64.162.11: 2 Time(s)
admin/none from ::ffff:218.108.41.100: 4 Time(s)
admin/password from ::ffff:202.64.162.11: 2 Time(s)
admin/password from ::ffff:218.108.41.100: 4 Time(s)
guest/none from ::ffff:202.64.162.11: 1 Time(s)
guest/none from ::ffff:218.108.41.100: 2 Time(s)
guest/none from ::ffff:62.112.129.94: 2 Time(s)
guest/password from ::ffff:202.64.162.11: 1 Time(s)
guest/password from ::ffff:218.108.41.100: 2 Time(s)
guest/password from ::ffff:62.112.129.94: 2 Time(s)
test/none from ::ffff:200.73.162.10: 2 Time(s)
test/none from ::ffff:202.64.162.11: 2 Time(s)
test/none from ::ffff:218.108.41.100: 4 Time(s)
test/none from ::ffff:62.112.129.94: 2 Time(s)
test/password from ::ffff:200.73.162.10: 2 Time(s)
test/password from ::ffff:202.64.162.11: 2 Time(s)
test/password from ::ffff:218.108.41.100: 4 Time(s)
test/password from ::ffff:62.112.129.94: 2 Time(s)
user/none from ::ffff:202.64.162.11: 1 Time(s)
user/none from ::ffff:218.108.41.100: 2 Time(s)
user/password from ::ffff:202.64.162.11: 1 Time(s)
user/password from ::ffff:218.108.41.100: 2 Time(s)
|
Da ich solche dümmlichen Usernamen/Paßwörter nicht benutze ist das bisher kein Problem. Allerdings würde mich doch mal interessieren, was die Ursache dafür ist! Da es immer von anderen IPs aus geschieht und die Angriffe wirklich ständig erfolgen, vermute ich fast, dass es irgend ein Virus ist. Kein Skript-Kiddie kann schließlich so dumm sein, ständig die gleiche IP erfolglos anzugreifen (und dafür auch noch seine Kumpels) zu Hilfe bitten.
Weiß eventuell jemand näheres über diese Geschichte hier?