To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Hi List
Just checked my logs for a few days ago and found this guy knocking hard on my
ssh server, so why would a web server be trying to connect to an ssh server
unless it was compromised!
Feb 2 14:29:15 <snip>7041]: Failed password for illegal user sandra from
212.73.128.138 port 60567 ssh2
<snip>
Trying RIPE lookup...
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '212.73.128.0 - 212.73.129.255'
inetnum: 212.73.128.0 - 212.73.129.255
netname: NETERRA
descr: Neterra Ltd.
country: BG
admin-c: ND621-RIPE
tech-c: AZ1030-RIPE
status: ASSIGNED PA
mnt-by: MNT-NETERRA
source: RIPE # Filtered
person: Neven Dilkov
address: Sofia, Bulgaria
address: Andrej Saharov 26a
phone: +359 2 974 3311
fax-no: +359 2 975 3436
e-mail: [EMAIL PROTECTED]
nic-hdl: ND621-RIPE
remarks:
source: RIPE # Filtered
person: Andon Zlatev
address: Sofia, Bulgaria
address: Andrej Saharov 26a
phone: +359 2 974 3311
fax-no: +359 2 975 3436
e-mail: [EMAIL PROTECTED]
nic-hdl: AZ1030-RIPE
remarks:
source: RIPE # Filtered
% Information related to '212.73.128.0/24AS34224'
route: 212.73.128.0/24
descr: Neterra Ltd.
origin: AS34224
mnt-by: MNT-NETERRA
source: RIPE # Filtered
Mark Bedford
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
