Direkt zum Hauptbereich

Skript kiddies und SSH

Anzahl an fehlerhaften Logins ausgeben:

cat /var/logauth.log | grep invalid | wc -l

Für einen Server, der in halbes Jahr im Netz läuft finde ich 68350 Versuche.

Ein Auszug von /var/logauth.log
Jun 3 00:12:02 uhweb69144 sshd[11470]: Invalid user hilary from
201.147.235.91
Jun 3 00:12:02 uhweb69144 sshd[11470]: reverse mapping checking
getaddrinfo for static.customer-201-147-235-91.uninet-ide.com.mx failed
- POSSIBLE BREAK-IN ATTEMPT!
Jun 3 00:12:02 uhweb69144 sshd[11470]: (pam_unix) check pass; user unknown
Jun 3 00:12:02 uhweb69144 sshd[11470]: (pam_unix) authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.147.235.91
Jun 3 00:12:04 uhweb69144 sshd[11470]: Failed password for invalid user
hilary from 201.147.235.91 port 49507 ssh2
Jun 3 00:12:09 uhweb69144 sshd[11530]: Invalid user howard from
201.147.235.91
Jun 3 00:12:09 uhweb69144 sshd[11530]: reverse mapping checking
getaddrinfo for static.customer-201-147-235-91.uninet-ide.com.mx failed
- POSSIBLE BREAK-IN ATTEMPT!
Jun 3 00:12:09 uhweb69144 sshd[11530]: (pam_unix) check pass; user unknown
Jun 3 00:12:09 uhweb69144 sshd[11530]: (pam_unix) authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.147.235.91
Jun 3 00:12:11 uhweb69144 sshd[11530]: Failed password for invalid user
howard from 201.147.235.91 port 49717 ssh2
Jun 3 00:12:13 uhweb69144 sshd[11544]: Invalid user irene from
201.147.235.91
Jun 3 00:12:13 uhweb69144 sshd[11544]: reverse mapping checking
getaddrinfo for static.customer-201-147-235-91.uninet-ide.com.mx failed
- POSSIBLE BREAK-IN ATTEMPT!
Jun 3 00:12:13 uhweb69144 sshd[11544]: (pam_unix) check pass; user unknown
Jun 3 00:12:13 uhweb69144 sshd[11544]: (pam_unix) authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.147.235.91
Jun 3 00:12:15 uhweb69144 sshd[11544]: Failed password for invalid user
irene from 201.147.235.91 port 49891 ssh2
Jun 3 00:12:17 uhweb69144 sshd[11556]: Invalid user isaac from
201.147.235.91
Jun 3 00:12:17 uhweb69144 sshd[11556]: reverse mapping checking
getaddrinfo for static.customer-201-147-235-91.uninet-ide.com.mx failed
- POSSIBLE BREAK-IN ATTEMPT!
Jun 3 00:12:17 uhweb69144 sshd[11556]: (pam_unix) check pass; user unknown
Jun 3 00:12:17 uhweb69144 sshd[11556]: (pam_unix) authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.147.235.91
Jun 3 00:12:19 uhweb69144 sshd[11556]: Failed password for invalid user
isaac from 201.147.235.91 port 49989 ssh2
Jun 3 00:12:21 uhweb69144 sshd[11574]: Invalid user isabel from
201.147.235.91
Jun 3 00:12:21 uhweb69144 sshd[11574]: reverse mapping checking
getaddrinfo for static.customer-201-147-235-91.uninet-ide.com.mx failed
- POSSIBLE BREAK-IN ATTEMPT!
Jun 3 00:12:21 uhweb69144 sshd[11574]: (pam_unix) check pass; user unknown
Jun 3 00:12:21 uhweb69144 sshd[11574]: (pam_unix) authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.147.235.91
Jun 3 00:12:23 uhweb69144 sshd[11574]: Failed password for invalid user
isabel from 201.147.235.91 port 50115 ssh2
Jun 3 00:12:25 uhweb69144 sshd[11592]: Invalid user isabella from
201.147.235.91
Jun 3 00:12:25 uhweb69144 sshd[11592]: reverse mapping checking
getaddrinfo for static.customer-201-147-235-91.uninet-ide.com.mx failed
- POSSIBLE BREAK-IN ATTEMPT!
Jun 3 00:12:25 uhweb69144 sshd[11592]: (pam_unix) check pass; user unknown
Jun 3 00:12:25 uhweb69144 sshd[11592]: (pam_unix) authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.147.235.91
Jun 3 00:12:26 uhweb69144 sshd[11592]: Failed password for invalid user
isabella from 201.147.235.91 port 50234 ssh2
Jun 3 00:12:28 uhweb69144 sshd[11611]: Invalid user jack from
201.147.235.91
Jun 3 00:12:28 uhweb69144 sshd[11611]: reverse mapping checking
getaddrinfo for static.customer-201-147-235-91.uninet-ide.com.mx failed
- POSSIBLE BREAK-IN ATTEMPT!
Jun 3 00:12:28 uhweb69144 sshd[11611]: (pam_unix) check pass; user unknown
Jun 3 00:12:28 uhweb69144 sshd[11611]: (pam_unix) authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.147.235.91
Jun 3 00:12:30 uhweb69144 sshd[11611]: Failed password for invalid user
jack from 201.147.235.91 port 50336 ssh2
Jun 3 00:12:32 uhweb69144 sshd[11627]: Invalid user jacob from
201.147.235.91
Jun 3 00:12:32 uhweb69144 sshd[11627]: reverse mapping checking
getaddrinfo for static.customer-201-147-235-91.uninet-ide.com.mx failed
- POSSIBLE BREAK-IN ATTEMPT!
Jun 3 00:12:32 uhweb69144 sshd[11627]: (pam_unix) check pass; user unknown


Paket zum Bannen von den Bösen:
fail2ban

Befehle:
faillog

Kommentare

Kommentar veröffentlichen

Beliebte Posts aus diesem Blog

Open DRM-Free Unencrypted DVB-T2 Tv and Radio in Austria

Most things in Austria terestical TV got encrypted since DVB-T got shut down, but there are still three TV channels and three Radio Channels unencrypted. I had some hard time to find out how to get it working using linux... and non existing documentation of the sender did not help. Howerver... if you have use for detailed channel setup arround vienna, take a look: Tvheadend seems to lack channel search support using DVB-T2, but puzzeling every value together works fine: Mux A-WNB Channel Frequency: 498000000 Bandwitdh: 8MHz Constellation; QAM/16 Mux B2 Channel Frequency: 578000000 Bandwitdh: 8MHz Constellation; QAM/16 Unstable Twin Tuner I am using some twin tuner. That was not supported on older kernel version, but is now supported on current versions. Great? nope. The system/tvheadend gets unstable if two tuner are enabled running for weeks. After disabling one tuner, tvheadend runs reliable for months. List of unencrypted streams Example stream info tv channel   Surround sound ...
Kommentar veröffentlichen
Mehr anzeigen

Cleanup your windows machine

still working: Use these lines to get your windows system cleaned up a bit and free your disk from old temporary and backup files: RD %temp%\ /S /Q rd /s /q C:\Windows\ServiceProfiles\NetworkService\AppData\Local\VSEQT\QTController rd %windir%\temp\ /s /q rd C:\TEMP\ /s /q rd C:\Quarantine /s /q rd "%userprofile%\AppData\Local\Temp\"  /s /q del C:\Windows\Installer\.tmp RD /S /Q "%SystemRoot%\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\" RD /S /Q "%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\" RD /S /Q "%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\" RD /S /Q "%SystemRoot%\Microsoft.NET\Framework\v3.0\Temporary ASP.NET Files\" RD /S /Q "%SystemRoot%\Microsoft.NET\Framework\v3.5\Temporary ASP.NET Files\" RD /S /Q "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\" RD /S /Q "%userprofile%\AppData\Local\Microso...
Kommentar veröffentlichen
Mehr anzeigen

pdf to dxf

if you get a cad plan in pdf format you have a problem: Pdf can not be loaded in most cad programs. I used pstoedit to solve this problem. Pstoedit is a free tool to convert pdfs to dxf. What you have to do: Install pstoedit Install ghostscript shot at your pdfs: pstoedit.exe <pdfSource> <dxfOutput> -f dxf thanks to the author of pstoedit! Here is the pstoedit.exe -help output: No output format specified (-f option) and format could not be uniquely deduced from suffix .dxf of output file Available formats :     psf:            .fps:    Flattened PostScript (no curves)     (built-in) -------------------------------------------     ps:            .spsc:    Simplified PostScript with curves     (built-in) -------------------------------------------     debug:         ...
Kommentar veröffentlichen
Mehr anzeigen