Toon posts:

Inbraken op Linux door Novell???

Pagina: 1
Acties:
  • 55 views sinds 30-01-2008

maandag 20 juni 2005 10:29

Acties:

Verwijderd

Topicstarter
Ik heb het volgende in mijn "messages" logfile:
Jun 20 05:44:27 <servername> sshd[31163]: Invalid user webmaster from 221.194.26.166
Jun 20 05:44:36 <servername> sshd[31173]: Invalid user oracle from 221.194.26.166
Jun 20 05:44:40 <servername> sshd[31178]: Invalid user library from 221.194.26.166
Jun 20 05:44:45 <servername> sshd[31183]: Invalid user info from 221.194.26.166
Jun 20 05:44:49 <servername> sshd[31188]: Invalid user shell from 221.194.26.166
Jun 20 05:44:53 <servername> sshd[31193]: Invalid user linux from 221.194.26.166
Jun 20 05:44:58 <servername> sshd[31198]: Invalid user unix from 221.194.26.166
Jun 20 05:45:02 <servername> sshd[31203]: Invalid user webadmin from 221.194.26.166
Jun 20 05:45:11 <servername> sshd[31213]: Invalid user test from 221.194.26.166
Jun 20 05:45:20 <servername> sshd[31223]: Invalid user admin from 221.194.26.166
Jun 20 05:45:24 <servername> sshd[31228]: User guest not allowed because shell /dev/null is not executable
Jun 20 05:45:29 <servername> sshd[31233]: Invalid user master from 221.194.26.166
Jun 20 05:46:09 <servername> sshd[31278]: Invalid user admin from 221.194.26.166
Jun 20 05:46:13 <servername> sshd[31283]: Invalid user admin from 221.194.26.166
Jun 20 05:46:17 <servername> sshd[31288]: Invalid user admin from 221.194.26.166
Jun 20 05:46:22 <servername> sshd[31293]: Invalid user admin from 221.194.26.166
Jun 20 05:46:35 <servername> sshd[31308]: Invalid user test from 221.194.26.166
Jun 20 05:46:39 <servername> sshd[31313]: Invalid user test from 221.194.26.166
Jun 20 05:46:44 <servername> sshd[31318]: Invalid user webmaster from 221.194.26.166
Jun 20 05:46:48 <servername> sshd[31323]: Invalid user user from 221.194.26.166
Jun 20 05:46:53 <servername> sshd[31328]: Invalid user username from 221.194.26.166
Jun 20 05:46:57 <servername> sshd[31333]: Invalid user username from 221.194.26.166
Jun 20 05:47:01 <servername> sshd[31338]: Invalid user user from 221.194.26.166
Jun 20 05:47:10 <servername> sshd[31348]: Invalid user admin from 221.194.26.166
Jun 20 05:47:15 <servername> sshd[31353]: Invalid user test from 221.194.26.166
Jun 20 05:47:37 <servername> sshd[31378]: Invalid user danny from 221.194.26.166
Jun 20 05:47:41 <servername> sshd[31383]: Invalid user sharon from 221.194.26.166
Jun 20 05:47:46 <servername> sshd[31388]: Invalid user aron from 221.194.26.166
Jun 20 05:47:50 <servername> sshd[31393]: Invalid user alex from 221.194.26.166
Jun 20 05:47:55 <servername> sshd[31398]: Invalid user brett from 221.194.26.166
Jun 20 05:47:59 <servername> sshd[31403]: Invalid user mike from 221.194.26.166
Jun 20 05:48:04 <servername> sshd[31408]: Invalid user alan from 221.194.26.166
Jun 20 05:48:08 <servername> sshd[31413]: Invalid user data from 221.194.26.166
Jun 20 05:48:13 <servername> sshd[31418]: Invalid user www-data from 221.194.26.166
Jun 20 05:48:17 <servername> sshd[31423]: Invalid user http from 221.194.26.166
Jun 20 05:48:21 <servername> sshd[31428]: Invalid user httpd from 221.194.26.166
Jun 20 05:48:35 <servername> sshd[31443]: Invalid user backup from 221.194.26.166
Jun 20 05:48:39 <servername> sshd[31448]: Invalid user info from 221.194.26.166
Jun 20 05:48:44 <servername> sshd[31453]: Invalid user shop from 221.194.26.166

Het IP adres als http://221.194.26.166/ leidt tot: Novell Nterprise Linux Services

Waarom proberen hun in te breken op mijn systeem??? Of is het fake op de een of andere manier???

maandag 20 juni 2005 10:32

Acties:
  • DGTL_Magician
  • Registratie: Februari 2001
  • Laatst online: 30-01 15:53

DGTL_Magician

Kijkt regelmatig vooruit

Dat is een standaard pagina van een NNLS installatie. Is dus een klant van novell, niet Novell zelf. Blijkbaar is die gekraakt.

IP Whois info:
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

Location: China

ARIN says that this IP belongs to APNIC; I'm looking it up there.


Using 21367996 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).

% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      221.192.0.0 - 221.195.255.255
netname:      CNCGROUP-HE
descr:        CNCGROUP Hebei Province Network
descr:        China Network Communications Group Corporation
descr:        No.156,Fu-Xing-Men-Nei Street,
descr:        Beijing 100031
country:      CN
admin-c:      CH455-AP
tech-c:       ZC24-AP
remarks:      service provider
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CNCGROUP-HE
status:       ALLOCATED PORTABLE
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      This object can only be updated by APNIC hostmasters.
remarks:      To update this object, please contact APNIC
remarks:      hostmasters and include your organisation's account
remarks:      name in the subject line.
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed:      **********@apnic.net 20040329
source:       APNIC

role:         CNCGroup Hostmaster
e-mail:       *****@cnc-noc.net
address:      No.156,Fu-Xing-Men-Nei Street,
address:      Beijing,100031,P.R.China
nic-hdl:      CH455-AP
phone:        +86-10-82993155
fax-no:       +86-10-82993102
country:      CN
admin-c:      CH444-AP
tech-c:       CH444-AP
changed:      *****@cnc-noc.net 20041119
mnt-by:       MAINT-CNCGROUP
source:       APNIC

person:       zhiyong chen
nic-hdl:      ZC24-AP
e-mail:       *****@heinfo.net
address:      hebei province shijiazhuang
address:      fanxi road No.19
address:      hebei shuju tongxin ju
phone:        +86-311-6672767
fax-no:       +86-311-6672895
country:      CN
changed:      ***@heinfo.net 20030423
mnt-by:       MAINT-CHINANET-HE
source:       APNIC

Klik hier

[ Voor 92% gewijzigd door DGTL_Magician op 20-06-2005 10:33 ]

Blog | aaZoo - (Wireless) Networking, Security, DDoS Mitigatie, Virtualisatie en Storage

maandag 20 juni 2005 10:36

Acties:

Verwijderd

Topicstarter
8)7 oops.... zo had ik het nog niet bekeken...

beetje te enthousiast gepost.... :)

maandag 20 juni 2005 10:53

Acties:
  • blaataaps
  • Registratie: Juli 2001
  • Niet online

blaataaps

Volgende keer even wat verder kijken dan je neus lang is inderdaad, whois is de bron voor dergelijke informatie, niet http :)
Voor de rest is alles al gezegd in poging tot "inbraak" via SSH denk ik, je niet teveel zorgen maken dus.

Dit topic is gesloten.

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2026 Hosting door TrueFullstaq