[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Automated SSH login attempts?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I also seen since July 22nd, bruteforce login attempts on ftpd (proftpd) from 
same ip ranges. And like you some attempts in sshd. The difference between 
them is that for sshd used users are same as yours, but for ftpd they used a 
usernames dictionary (with hundreds of users, what patience ;) ).
Anyone noticed some similar?



Jul 22 21:23:06 www0 proftpd[4447]: myhost (61.109.251.191[61.109.251.191]) - 
USER invaliduserinvalid: no such user found from 61.109.251.191 
[61.109.251.191] to 82.130.240.230:21
Jul 22 21:23:08 www0 proftpd[4448]: myhost (61.109.251.191[61.109.251.191]) - 
USER board: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:10 www0 proftpd[4449]: myhost (61.109.251.191[61.109.251.191]) - 
USER btraining: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:12 www0 proftpd[4451]: myhost (61.109.251.191[61.109.251.191]) - 
USER distros: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:14 www0 proftpd[4452]: myhost (61.109.251.191[61.109.251.191]) - 
USER forge4os: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:16 www0 proftpd[4453]: myhost (61.109.251.191[61.109.251.191]) - 
USER licentia: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:18 www0 proftpd[4454]: myhost (61.109.251.191[61.109.251.191]) - 
USER linuxnews: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:20 www0 proftpd[4455]: myhost (61.109.251.191[61.109.251.191]) - 
USER localgforge: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:22 www0 proftpd[4456]: myhost (61.109.251.191[61.109.251.191]) - 
USER metalist: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:25 www0 proftpd[4457]: myhost (61.109.251.191[61.109.251.191]) - 
USER myos: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:27 www0 proftpd[4458]: myhost (61.109.251.191[61.109.251.191]) - 
USER newsadmin: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:29 www0 proftpd[4459]: myhost (61.109.251.191[61.109.251.191]) - 
USER osgitestbed: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:31 www0 proftpd[4463]: myhost (61.109.251.191[61.109.251.191]) - 
USER ossnews: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:34 www0 proftpd[4464]: myhost (61.109.251.191[61.109.251.191]) - 
USER osync: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:36 www0 proftpd[4465]: myhost (61.109.251.191[61.109.251.191]) - 
USER peerrating: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:38 www0 proftpd[4466]: myhost (61.109.251.191[61.109.251.191]) - 
USER resolvit: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:40 www0 proftpd[4467]: myhost (61.109.251.191[61.109.251.191]) - 
USER siteadmin: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21


- -- 

un saludo,

Alain Crespo <gazpa@xxxxxxxxxxxxx>

_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_

Why use Windows, since there is a door?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBCDqYP3/+R0rF2wkRAtW3AJ963dd6X7Nf17ZjRV/IDcb3DX4GfQCgjkD4
dbK+EryHfYKhIQDcaYMMiec=
=zLQW
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html