Hi Guys, As a matter of interest, after I installed fail2ban I got this on ssh:
################################################################################################### Hi, The IP 122.225.109.103 has just been banned by Fail2Ban after 3 attempts against ssh. Here are more information about 122.225.109.103: % [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html % Information related to '122.225.109.0 - 122.225.109.127' inetnum: 122.225.109.0 - 122.225.109.127 netname: DINGQI-NETWORK-TECHNOLOGY country: CN descr: Shaoxing Dingqi Network Technology Co., Ltd. descr: admin-c: JS2095-AP tech-c: CH119-AP mnt-irt: IRT-CHINANET-ZJ status: ASSIGNED NON-PORTABLE changed: auto-...@dcb.hz.zj.cn 20110707 mnt-by: MAINT-CN-CHINANET-ZJ-HU source: APNIC irt: IRT-CHINANET-ZJ address: Hangzhou, 288 fucun Road, China e-mail: lf...@pubinfo.com.cn abuse-mailbox: antis...@dcb.hz.zj.cn admin-c: CZ61-AP tech-c: CZ61-AP auth: # Filtered mnt-by: MAINT-CHINANET-ZJ changed: auto-...@dcb.hz.zj.cn 20101129 source: APNIC role: CHINANET-ZJ Huzhou address: No.18 Hongqi Road,Huzhou,Zhejiang.313000 country: CN phone: +86-572-2022163 fax-no: +86-572-2210609 e-mail: anti_s...@mail.huptt.zj.cn remarks: send spam reports to anti_s...@mail.huptt.zj.cn remarks: and abuse reports to anti_s...@mail.huptt.zj.cn remarks: Please include detailed information and times in UTC admin-c: CH50-AP tech-c: CH50-AP nic-hdl: CH119-AP mnt-by: MAINT-CHINANET-ZJ changed: mas...@dcb.hz.zj.cn 20031204 source: APNIC changed: hm-chan...@apnic.net 20111114 person: Jinwei Sun nic-hdl: JS2095-AP e-mail: anti_s...@mail.huptt.zj.cn address: Huzhou,Zhejiang.Postcode:313000 phone: +86-18657530001 country: CN changed: auto-...@dcb.hz.zj.cn 20110707 mnt-by: MAINT-CN-CHINANET-ZJ-HU source: APNIC % This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS1) Lines containing IP:122.225.109.103 in /var/log/auth.log Dec 24 21:13:10 fever sshd[3565]: Connection from 122.225.109.103 port 24974 Dec 24 21:13:18 fever sshd[3565]: User root from 122.225.109.103 not allowed because not listed in AllowUsers Dec 24 21:13:19 fever sshd[3565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.225.109.103 user=root Dec 24 21:13:21 fever sshd[3565]: Failed password for invalid user root from 122.225.109.103 port 24974 ssh2 Dec 24 21:13:23 fever sshd[3565]: Failed password for invalid user root from 122.225.109.103 port 24974 ssh2 Dec 24 21:13:23 fever sshd[3565]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.225.109.103 user=root Dec 24 21:13:24 fever sshd[3702]: Connection from 122.225.109.103 port 33237 Regards, Fail2Ban ################################################################################################### and: ################################################################################################### Hi, The IP 182.18.134.5 has just been banned by Fail2Ban after 3 attempts against ssh. Here are more information about 182.18.134.5: % [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html % Information related to '182.18.128.0 - 182.18.191.255' inetnum: 182.18.128.0 - 182.18.191.255 netname: PEL-IN descr: Pioneer Elabs Ltd. country: IN admin-c: PSR1-AP tech-c: II45-AP mnt-by: MAINT-IN-IRINN mnt-lower: MAINT-IN-IPAPELABS mnt-routes: MAINT-IN-IPAPELABS mnt-irt: IRT-PEL-IN status: ALLOCATED PORTABLE changed: hm-chan...@apnic.net 20130705 source: APNIC irt: IRT-PEL-IN address: Pioneer Elabs Ltd. address: #3D, Samrat Commercial Complex, address: Saifabad, hyderabad - 500004 address: Andra Pradesh, India e-mail: ab...@ctrls.in abuse-mailbox: ab...@ctrls.in admin-c: PSR1-AP tech-c: II45-AP auth: # Filtered mnt-by: MAINT-IN-IPAPELABS changed: ab...@ctrls.in 20101202 source: APNIC person: IP Administrator IP Administrator Pioneer Elabs nic-hdl: II45-AP e-mail: ip.ad...@pioneerelabs.com address: Ground Floor, Pioneer Towers, Plot No.16, address: APIIC Software Units Layout, address: Madhapur, address: Hyderabad - 500081 phone: +91-404-2030700 fax-no: +91-402-3116055 country: IN changed: ip.ad...@pioneerelabs.com 20121128 mnt-by: MAINT-IN-IPAPELABS changed: hm-chan...@apnic.net 20121130 source: APNIC person: Pinnapureddy Sridhar Reddy address: CtrlS Datacenters Ltd. address: 7th Floor, Pioneer Towers, address: Plot No.16, APIIC Software Units Layout, address: Madhapur, address: Hyderabad - 500081 country: IN phone: +91-40-42030700 fax-no: +91-40-23116055 e-mail: ad...@ctrls.in nic-hdl: PSR1-AP mnt-by: MAINT-IN-PSREDDY changed: hostmas...@apnic.net 19990702 changed: hm-chan...@apnic.net 20101230 changed: nirmal...@pioneerelabs.com 20101230 changed: nirmal...@pioneerelabs.com 20111129 source: APNIC % Information related to '182.18.134.0/24AS18229' route: 182.18.134.0/24 descr: CtrlS origin: AS18229 mnt-by: MAINT-IN-IPAPELABS changed: ip.ad...@pioneerelabs.com 20130107 source: APNIC % This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS4) Lines containing IP:182.18.134.5 in /var/log/auth.log Dec 24 20:10:05 fever sshd[30724]: Connection from 182.18.134.5 port 44125 Dec 24 20:10:09 fever sshd[30724]: reverse mapping checking getaddrinfo for static-182.18.134-5.ctrls.in [182.18.134.5] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 24 20:10:09 fever sshd[30724]: Invalid user a from 182.18.134.5 Dec 24 20:10:09 fever sshd[30724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.134.5 Dec 24 20:10:12 fever sshd[30724]: Failed password for invalid user a from 182.18.134.5 port 44125 ssh2 Dec 24 20:10:12 fever sshd[30724]: Received disconnect from 182.18.134.5: 11: Bye Bye [preauth] Dec 24 20:10:12 fever sshd[30729]: Connection from 182.18.134.5 port 46657 Dec 24 20:10:16 fever sshd[30729]: reverse mapping checking getaddrinfo for static-182.18.134-5.ctrls.in [182.18.134.5] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 24 20:10:16 fever sshd[30729]: Invalid user accessops from 182.18.134.5 Dec 24 20:10:16 fever sshd[30729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.134.5 Dec 24 20:10:18 fever sshd[30729]: Failed password for invalid user accessops from 182.18.134.5 port 46657 ssh2 Regards, Fail2Ban ################################################################################################### and ################################################################################################### Hi, The IP 61.174.50.251 has just been banned by Fail2Ban after 3 attempts against ssh. Here are more information about 61.174.50.251: % [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html % Information related to '61.174.48.0 - 61.174.55.255' inetnum: 61.174.48.0 - 61.174.55.255 netname: CHINANET-ZJ-HU country: CN descr: CHINANET-ZJ Huzhou node network descr: Zhejiang Telecom admin-c: CZ4-AP tech-c: CH119-AP mnt-irt: IRT-CHINANET-ZJ status: ALLOCATED NON-PORTABLE changed: 15325819...@189.cn 20111231 mnt-by: MAINT-CHINANET-ZJ mnt-lower: MAINT-CN-CHINANET-ZJ-HU source: APNIC irt: IRT-CHINANET-ZJ address: Hangzhou, 288 fucun Road, China e-mail: lf...@pubinfo.com.cn abuse-mailbox: antis...@dcb.hz.zj.cn admin-c: CZ61-AP tech-c: CZ61-AP auth: # Filtered mnt-by: MAINT-CHINANET-ZJ changed: auto-...@dcb.hz.zj.cn 20101129 source: APNIC role: CHINANET-ZJ Huzhou address: No.18 Hongqi Road,Huzhou,Zhejiang.313000 country: CN phone: +86-572-2022163 fax-no: +86-572-2210609 e-mail: anti_s...@mail.huptt.zj.cn remarks: send spam reports to anti_s...@mail.huptt.zj.cn remarks: and abuse reports to anti_s...@mail.huptt.zj.cn remarks: Please include detailed information and times in UTC admin-c: CH50-AP tech-c: CH50-AP nic-hdl: CH119-AP mnt-by: MAINT-CHINANET-ZJ changed: mas...@dcb.hz.zj.cn 20031204 source: APNIC changed: hm-chan...@apnic.net 20111114 role: CHINANET ZHEJIANG address: No. 257 Qingjiang Road, Hangzhou, Zhejiang.310066 country: CN phone: +86-571-86821752 fax-no: +86-571-86988329 e-mail: antis...@dcb.hz.zj.cn remarks: send spam reports to antis...@dcb.hz.zj.cn remarks: and abuse reports to antis...@dcb.hz.zj.cn remarks: Please include detailed information and times in UTC admin-c: CZ61-AP tech-c: CZ61-AP nic-hdl: CZ4-AP mnt-by: MAINT-CHINANET-ZJ changed: h...@dcb.hz.zj.cn 20050914 source: APNIC changed: hm-chan...@apnic.net 20111114 % This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS1) Lines containing IP:61.174.50.251 in /var/log/auth.log Dec 24 19:07:59 fever sshd[25682]: Connection from 61.174.50.251 port 44941 Dec 24 19:08:04 fever sshd[25682]: reverse mapping checking getaddrinfo for 251.50.174.61.dial.wz.zj.dynamic.163data.com.cn [61.174.50.251] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 24 19:08:04 fever sshd[25682]: User root from 61.174.50.251 not allowed because not listed in AllowUsers Dec 24 19:08:04 fever sshd[25682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.174.50.251 user=root Dec 24 19:08:06 fever sshd[25682]: Failed password for invalid user root from 61.174.50.251 port 44941 ssh2 Dec 24 19:08:09 fever sshd[25682]: Failed password for invalid user root from 61.174.50.251 port 44941 ssh2 Dec 24 19:08:09 fever sshd[25682]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.174.50.251 user=root Dec 24 19:08:10 fever sshd[25733]: Connection from 61.174.50.251 port 47735 Regards, Fail2Ban ################################################################################################### and ################################################################################################### Hi, The IP 122.225.103.124 has just been banned by Fail2Ban after 3 attempts against ssh. Here are more information about 122.225.103.124: Lines containing IP:122.225.103.124 in /var/log/auth.log Dec 24 16:19:16 fever sshd[10766]: Connection from 122.225.103.124 port 12625 Dec 24 16:19:31 fever sshd[10766]: User root from 122.225.103.124 not allowed because not listed in AllowUsers Dec 24 16:19:32 fever sshd[10766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.225.103.124 user=root Dec 24 16:19:33 fever sshd[10766]: Failed password for invalid user root from 122.225.103.124 port 12625 ssh2 Dec 24 16:19:36 fever sshd[10766]: Failed password for invalid user root from 122.225.103.124 port 12625 ssh2 Dec 24 16:19:36 fever sshd[10766]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.225.103.124 user=root Regards, Fail2Ban ################################################################################################### Thank You Danny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141224194803.GA7615@fever.havannah.local