Employee Response - 2010-Aug-09 10:23 (GMT-0600) [Update 1]
SoftLayer Security has received the following HACKING / MALICIOUS ACTIVITY complaint in reference to an IP hosted on your server. A copy of the complaint is listed below or attached to this ticket for your review. Please disable or remove this activity immediately as it is direct abuse of the network services and a violation of your TOS and AUP. Failure to resolve this issue in an expeditious manner could lead to service interruption for this server. Please update this ticket with resolution to this issue. We thank you in advance for your quick action and cooperation.
Regards,
SoftLayer Security Team
Please rate this response
Worst Best
1 2 3 4 5
Employee Response - 2010-Aug-09 10:23 (GMT-0600) [Update 2]
Looks like your customer with IP 67.228.94.234 is doing ssh attacks to my server.
Please take care about
Best Regards
here some logfile output Date
Mon Aug 9 11:45:02 CEST 2010
Aug 9 00:43:44 81-89-97-101 sshd[11971]: Invalid user alyssa from 67.228.94.234 Aug 9 00:43:44 81-89-97-101 sshd[11971]: error: PAM: User not known to the underlying authentication module for illegal user alyssa from 67.228.94.234-static.reverse.softlayer.com
Aug 9 00:43:44 81-89-97-101 sshd[11971]: Failed keyboard-interactive/pam for invalid user alyssa from 67.228.94.234 port 39379 ssh2 Aug 9 02:39:00 81-89-97-101 sshd[13874]: Invalid user ann from 67.228.94.234 Aug 9 02:39:00 81-89-97-101 sshd[13874]: error: PAM: User not known to the underlying authentication module for illegal user ann from 67.228.94.234-static.reverse.softlayer.com
Aug 9 02:39:00 81-89-97-101 sshd[13874]: Failed keyboard-interactive/pam for invalid user ann from 67.228.94.234 port 52336 ssh2 Aug 9 04:11:39 81-89-97-101 sshd[11433]: Invalid user assh from 67.228.94.234 Aug 9 04:11:40 81-89-97-101 sshd[11433]: error: PAM: User not known to the underlying authentication module for illegal user assh from 67.228.94.234-static.reverse.softlayer.com
Aug 9 04:11:40 81-89-97-101 sshd[11433]: Failed keyboard-interactive/pam for invalid user assh from 67.228.94.234 port 57007 ssh2 Aug 9 11:13:36 81-89-97-101 sshd[9613]: Invalid user clark from 67.228.94.234 Aug 9 11:13:36 81-89-97-101 sshd[9613]: error: PAM: User not known to the underlying authentication module for illegal user clark from 67.228.94.234-static.reverse.softlayer.com
Aug 9 11:13:36 81-89-97-101 sshd[9613]: Failed keyboard-interactive/pam for invalid user clark from 67.228.94.234 port 53369 ssh2 Aug 9 11:31:39 81-89-97-101 sshd[15476]: Invalid user clint from 67.228.94.234 Aug 9 11:31:39 81-89-97-101 sshd[15476]: error: PAM: User not known to the underlying authentication module for illegal user clint from 67.228.94.234-static.reverse.softlayer.com
Aug 9 11:31:39 81-89-97-101 sshd[15476]: Failed keyboard-interactive/pam for invalid user clint from 67.228.94.234 port 41680 ssh2
Dear Sir/Madam,
We have detected abuse from the IP address 67.228.94.234, which according to a whois lookup is on your network. We would appreciate if you would investigate and take action as appropriate.
Log lines are given below, but please ask if you require any further information.
(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process. This mail was generated by Fail2Ban.)
Note: Local timezone is +0300 (EEST)
Aug 9 04:27:30 cybershells sshd[12111]: Invalid user arias from 67.228.94.234 Aug 9 04:27:31 cybershells sshd[12111]: error: PAM: User not known to the underlying authentication module for illegal user arias from 67.228.94.234-static.reverse.softlayer.com
Aug 9 04:27:31 cybershells sshd[12111]: Failed keyboard-interactive/pam for invalid user arias from 67.228.94.234 port 36389 ssh2 Aug 9 05:59:31 cybershells sshd[5611]: Invalid user barbara from 67.228.94.234 Aug 9 05:59:31 cybershells sshd[5611]: error: PAM: User not known to the underlying authentication module for illegal user barbara from 67.228.94.234-static.reverse.softlayer.com
Aug 9 05:59:31 cybershells sshd[5611]: Failed keyboard-interactive/pam for invalid user barbara from 67.228.94.234 port 35412 ssh2 Aug 9 13:57:03 cybershells sshd[22612]: Invalid user craig from 67.228.94.234 Aug 9 13:57:04 cybershells sshd[22612]: error: PAM: User not known to the underlying authentication module for illegal user craig from 67.228.94.234-static.reverse.softlayer.com
Aug 9 13:57:04 cybershells sshd[22612]: Failed keyboard-interactive/pam for invalid user craig from 67.228.94.234 port 56894 ssh2
发表于 2010-8-18 19:49:56
