To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hi Mark, sure it's trying to brute force your ssh accounts. Contact the owner of the server to let they know what's happening.
En/na Mark Bedford ha escrit: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > > __________ Información de NOD32, revisión 2061 (20070214) __________ > > Este mensaje ha sido analizado con NOD32 antivirus system > http://www.nod32.com > > > > ------------------------------------------------------------------------ > > Hi List > > > > Just checked my logs for a few days ago and found this guy knocking > hard on my ssh server, so why would a web server be trying to connect > to an ssh server unless it was compromised! > > > > Feb 2 14:29:15 <snip>7041]: Failed password for illegal user sandra > from 212.73.128.138 port 60567 ssh2 > > <snip> > > > > Trying RIPE lookup... > > % This is the RIPE Whois query server #2. > > % The objects are in RPSL format. > > % > > % Note: the default output of the RIPE Whois server > > % is changed. Your tools may need to be adjusted. See > > % http://www.ripe.net/db/news/abuse-proposal-20050331.html > > % for more details. > > % > > % Rights restricted by copyright. > > % See http://www.ripe.net/db/copyright.html > > > > % Note: This output has been filtered. > > % To receive output for a database update, use the "-B" flag > > > > % Information related to '212.73.128.0 - 212.73.129.255' > > > > inetnum: 212.73.128.0 - 212.73.129.255 > > netname: NETERRA > > descr: Neterra Ltd. > > country: BG > > admin-c: ND621-RIPE > > tech-c: AZ1030-RIPE > > status: ASSIGNED PA > > mnt-by: MNT-NETERRA > > source: RIPE # Filtered > > > > person: Neven Dilkov > > address: Sofia, Bulgaria > > address: Andrej Saharov 26a > > phone: +359 2 974 3311 > > fax-no: +359 2 975 3436 > > e-mail: [EMAIL PROTECTED] > > nic-hdl: ND621-RIPE > > remarks: > > source: RIPE # Filtered > > > > person: Andon Zlatev > > address: Sofia, Bulgaria > > address: Andrej Saharov 26a > > phone: +359 2 974 3311 > > fax-no: +359 2 975 3436 > > e-mail: [EMAIL PROTECTED] > > nic-hdl: AZ1030-RIPE > > remarks: > > source: RIPE # Filtered > > > > % Information related to '212.73.128.0/24AS34224' > > > > route: 212.73.128.0/24 > > descr: Neterra Ltd. > > origin: AS34224 > > mnt-by: MNT-NETERRA > > source: RIPE # Filtered > > > > > > > > Mark Bedford > > > > > > __________ Información de NOD32, revisión 2061 (20070214) __________ > > Este mensaje ha sido analizado con NOD32 antivirus system > http://www.nod32.com > ------------------------------------------------------------------------ > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > > > __________ Información de NOD32, revisión 2061 (20070214) __________ > > Este mensaje ha sido analizado con NOD32 antivirus system > http://www.nod32.com > > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
