Thread: South Koreans trying to hack my shit

Results 1 to 6 of 6
  1. #1 South Koreans trying to hack my shit 
    Registered Member

    Join Date
    Oct 2007
    Posts
    2,413
    Thanks given
    254
    Thanks received
    479
    Rep Power
    2785
    Code:
    Sep 11 13:35:04 blinky sshd[6721]: Invalid user com from 211.115.234.142
    Sep 11 13:35:04 blinky sshd[6721]: pam_unix(sshd:auth): check pass; user unknown
    Sep 11 13:35:04 blinky sshd[6721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.115.234.142 
    Sep 11 13:35:07 blinky sshd[6721]: Failed password for invalid user com from 211.115.234.142 port 47677 ssh2
    Sep 11 13:35:08 blinky sshd[6724]: Invalid user com from 211.115.234.142
    Sep 11 13:35:08 blinky sshd[6724]: pam_unix(sshd:auth): check pass; user unknown
    Sep 11 13:35:08 blinky sshd[6724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.115.234.142 
    Sep 11 13:35:11 blinky sshd[6724]: Failed password for invalid user com from 211.115.234.142 port 47821 ssh2
    Sep 11 13:35:12 blinky sshd[6727]: Invalid user com from 211.115.234.142
    Sep 11 13:35:12 blinky sshd[6727]: pam_unix(sshd:auth): check pass; user unknown
    Sep 11 13:35:12 blinky sshd[6727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.115.234.142 
    Sep 11 13:35:14 blinky sshd[6727]: Failed password for invalid user com from 211.115.234.142 port 47908 ssh2
    http://whatismyipaddress.com/ip/211.115.234.142

    What is this hackery and how did they even get my server's IP in the first place.

    I don't understand, it says invalid user com. Does that mean they're trying to authenticate via ssh with the username 'com'? dafuq
    Reply With Quote  
     

  2. #2  
    Programmer, Contributor, RM and Veteran




    Join Date
    Mar 2007
    Posts
    5,147
    Thanks given
    2,656
    Thanks received
    3,731
    Rep Power
    5000
    The IPv4 space is small enough for people to realistically just scan through all of it looking for computers with ports open. I've had it happening after a few hours of setting up a new server before.

    So long as you have strong passwords or use public/private key auth in ssh, you should be fine. Disabling root login over ssh is also worth considering too.
    .
    Reply With Quote  
     

  3. #3  
    Registered Member

    Join Date
    Oct 2007
    Posts
    2,413
    Thanks given
    254
    Thanks received
    479
    Rep Power
    2785
    Quote Originally Posted by Graham View Post
    The IPv4 space is small enough for people to realistically just scan through all of it looking for computers with ports open. I've had it happening after a few hours of setting up a new server before.

    So long as you have strong passwords or use public/private key auth in ssh, you should be fine. Disabling root login over ssh is also worth considering too.
    Mass bruteforce attacks on random IPs?
    Reply With Quote  
     

  4. #4  
    Respected Member

    Revil's Avatar
    Join Date
    Nov 2010
    Age
    30
    Posts
    4,860
    Thanks given
    3,715
    Thanks received
    2,228
    Rep Power
    5000
    Well this explains it, maybe some kid on your server raging for being downed in the wilderness or some shit.

    http://d24w6bsrhbeh9d.cloudfront.net...38_700b_v1.jpg
    Reply With Quote  
     

  5. #5  
    Registered Member

    Join Date
    Oct 2007
    Posts
    2,413
    Thanks given
    254
    Thanks received
    479
    Rep Power
    2785
    Quote Originally Posted by Revil View Post
    Well this explains it, maybe some kid on your server raging for being downed in the wilderness or some shit.

    http://d24w6bsrhbeh9d.cloudfront.net...38_700b_v1.jpg
    this has nothing to do with rsps
    Reply With Quote  
     

  6. #6  
    Programmer, Contributor, RM and Veteran




    Join Date
    Mar 2007
    Posts
    5,147
    Thanks given
    2,656
    Thanks received
    3,731
    Rep Power
    5000
    Quote Originally Posted by Gnarly View Post
    Mass bruteforce attacks on random IPs?
    Probably not random, they just iterate through the whole IP space until they find IPs with the SSH port open, then brute force common usernames/passwords on those.

    Also happens with security vulnerabilities in common applications.
    .
    Reply With Quote  
     


Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. NPC facing south
    By Rukin1 in forum Help
    Replies: 6
    Last Post: 06-11-2012, 06:04 AM
  2. shit shit shit crowns lol
    By sexyrussian in forum Help
    Replies: 0
    Last Post: 05-30-2010, 09:09 AM
  3. Lets Go To The South-west!
    By AlexMason in forum RS2 Server
    Replies: 16
    Last Post: 05-07-2008, 10:16 AM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •