less /var/log/kern.log ... Jan 15 11:47:54 dwaves kernel: [166700.063394] UDP: bad checksum. From 116.224.66.209:53 to 78.47.157.226:14402 ulen 108 whois 116.224.66.209 inetnum: 116.224.0.0 - 116.239.255.255 netname: CHINANET-SH descr: CHINANET Shanghai province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032
fuck those CHINESE (!) spammers… trying to brute force hack my mail server:
/var/log# less dovecot.log ... Dec 30 03:54:55 auth: Info: passwd-file(adolfo,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:55:20 auth: Info: passwd-file(bertha,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:55:45 auth: Info: passwd-file(control,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:56:10 auth: Info: passwd-file(ftp,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:56:35 auth: Info: passwd-file(admin,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:57:00 auth: Info: passwd-file(vanessa,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:57:25 auth: Info: passwd-file(admin,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:57:50 auth: Info: passwd-file(sophie,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:58:15 auth: Info: passwd-file(agent,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:58:40 auth: Info: passwd-file(webmaster,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:59:05 auth: Info: passwd-file(cs,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:59:30 auth: Info: passwd-file(postgres,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 03:59:54 auth: Info: passwd-file(alexandre,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:00:19 auth: Info: passwd-file(webmail,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:00:44 auth: Info: passwd-file(admin,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:01:09 auth: Info: passwd-file(test,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:01:33 auth: Info: passwd-file(test,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:01:58 auth: Info: passwd-file(lee,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:02:23 auth: Info: passwd-file(carrington,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:02:48 auth: Info: passwd-file(apache,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:03:12 auth: Info: passwd-file(cathrin,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:03:37 auth: Info: passwd-file(testmail,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:04:02 auth: Info: passwd-file(testmail,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:04:27 auth: Info: passwd-file(cricket,118.123.243.13): no passwd file: /etc/exim4/domains//passwd Dec 30 04:04:51 auth: Info: passwd-file(install,118.123.243.13): no passwd file: /etc/exim4/domains//passwd whois 118.123.243.13 # CHINA AGAIN. role: CHINANET SICHUAN address: No.72,Wen Miao Qian Str Chengdu SiChuan PR China country: CN phone: +86-28-86190657 fax-no: +86-25-86190641 e-mail: scipadmin2013@189.cn remarks: send anti-spam reports to scipadmin2013@189.cn
this time from italy with love: ssh brute force attacks:
/var/log# less auth.log ... Jan 4 06:26:51 dwaves sshd[27945]: reverse mapping checking getaddrinfo for joker.wwsi [212.141.54.155] failed - POSSIBLE BREAK-IN ATTEMPT! Jan 4 06:26:51 dwaves sshd[27945]: Invalid user oracle from 212.141.54.155 Jan 4 06:26:51 dwaves sshd[27945]: input_userauth_request: invalid user oracle [preauth] Jan 4 06:26:51 dwaves sshd[27945]: Received disconnect from 212.141.54.155: 11: Bye Bye [preauth] Jan 4 06:26:51 dwaves sshd[27947]: reverse mapping checking getaddrinfo for joker.wwsi [212.141.54.155] failed - POSSIBLE BREAK-IN ATTEMPT! Jan 4 06:26:51 dwaves sshd[27947]: Invalid user pi from 212.141.54.155 whois 212.141.54.155 inetnum: 212.141.54.0 - 212.141.54.255 netname: WIND descr: WIND-IT-CSI2 descr: Wind Telecomunicazioni SpA country: IT admin-c: GT1655-RIPE tech-c: GT1655-RIPE status: ASSIGNED PA mnt-by: WIND-MNT source: RIPE # Filtered person: Gaspare Tripi address: Wind Telecomunicazioni SpA address: Information Technology Dept. address: Via C. Veneziani 56 address: I-00148 Roma (RM) address: Italy phone: +39 06 83115252 fax-no: +39 06 83115252 nic-hdl: GT1655-RIPE source: RIPE # Filtered
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!