[Wien] Hilfe - Attacke?
Felix Ehritz
(spam-protected)
Fr Jul 17 21:28:06 CEST 2009
dann sag ich mal herzlichen Dank für die schnellen antworten.
traurig, dass das zum alltag gehört. wie fad muss es leuten sein... aber
das würde das thema sprengen wenn wir über sowas diskutieren.
werde mir das tool ansehen!
werde den port 22 auf einen anderen ändern. (wäre das nicht auch auf den
funkfeuer-routern interessant?)
herzlichen dank
Am Freitag, den 17.07.2009, 21:01 +0200 schrieb L. Aaron Kaplan:
>
> On Jul 17, 2009, at 8:42 PM, Felix Ehritz wrote:
>
> > habe nachdem ich ja wie schon berichtet auf einem meiner rechner den
> > linux umstieg gewagt.
> :)
>
> > habe auf meinem anderen rechner auf dem schon debian rennt jetzt mal
> > in
> > den logs gestöbert, nachdem mir ein freund sagte es wird alles
> > aufgezeichnet, und da kam mir das grausen-ein kleiner auszug:
> >
>
> Der ganz normale Wahnsinn im Alltag eines Servers am Internet.
>
> Ja... die einzige Abhilfe ist: mach ein gutes gutes Passwort!
> Also mehr als 10 Zeichen. Sonderzeichen, Ziffern Klein und
> Grossbuchstaben.
> Wenn du in linux das Programm pwgen installierst, dann kannst du dir
> sichere
> Passwoerter generieren lassen und dir eins davon dann merken.
>
> Uebrigens: diese Regeln gilt an sich genauso fuer Linksysen im 0xFF
> Netz :)
> Die werden genauso per ssh Woerterbuchattacken drangenommen.
>
> Was dir weiters auch helfen kann ist a) sshd auf einem anderen Port
> laufen zu
> lassen (siehe /etc/ssh/sshd_conf Datei) oder b) nur ssh-keys zu
> verwenden.
> Zum Beispiel so: http://www.g-loaded.eu/2005/11/10/ssh-with-keys/
>
>
>
> Tja,
> a.
>
>
> >
> > Jul 12 08:37:02 server sshd[19352]: Invalid user amanda from
> > 83.18.244.4
> > Jul 12 08:37:02 server sshd[19352]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:02 server sshd[19352]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:37:02 server sshd[19352]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:37:05 server sshd[19352]: Failed password for invalid user
> > amanda from 83.18.244.4 port 42691 ssh2
> > Jul 12 08:37:06 server sshd[19354]: Invalid user iris from 83.18.244.4
> > Jul 12 08:37:06 server sshd[19354]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:06 server sshd[19354]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:37:06 server sshd[19354]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:37:07 server sshd[19354]: Failed password for invalid user
> > iris from 83.18.244.4 port 42825 ssh2
> > Jul 12 08:37:08 server sshd[19356]: Invalid user bonnie from
> > 83.18.244.4
> > Jul 12 08:37:08 server sshd[19356]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:08 server sshd[19356]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:37:08 server sshd[19356]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:37:10 server sshd[19356]: Failed password for invalid user
> > bonnie from 83.18.244.4 port 42933 ssh2
> > Jul 12 08:37:11 server sshd[19358]: Invalid user sparky from
> > 83.18.244.4
> > Jul 12 08:37:11 server sshd[19358]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:11 server sshd[19358]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:37:11 server sshd[19358]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:37:14 server sshd[19358]: Failed password for invalid user
> > sparky from 83.18.244.4 port 43061 ssh2
> > Jul 12 08:37:15 server sshd[19360]: Invalid user clasic from
> > 83.18.244.4
> > Jul 12 08:37:15 server sshd[19360]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:15 server sshd[19360]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:37:15 server sshd[19360]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:37:17 server sshd[19360]: Failed password for invalid user
> > clasic from 83.18.244.4 port 43208 ssh2
> > Jul 12 08:37:17 server sshd[19362]: Invalid user jamy from 83.18.244.4
> > Jul 12 08:37:17 server sshd[19362]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:17 server sshd[19362]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:37:17 server sshd[19362]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:37:19 server sshd[19362]: Failed password for invalid user
> > jamy from 83.18.244.4 port 43307 ssh2
> > Jul 12 08:37:20 server sshd[19364]: Invalid user david from
> > 83.18.244.4
> > Jul 12 08:37:20 server sshd[19364]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:20 server sshd[19364]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:37:20 server sshd[19364]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:37:23 server sshd[19364]: Failed password for invalid user
> > david from 83.18.244.4 port 43417 ssh2
> > Jul 12 08:37:23 server sshd[19366]: Invalid user administrator from
> > 83.18.244.4
> > Jul 12 08:37:23 server sshd[19366]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:23 server sshd[19366]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:37:23 server sshd[19366]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:37:26 server sshd[19366]: Failed password for invalid user
> > administrator from 83.18.244.4 port 43546 ssh2
> > Jul 12 08:37:27 server sshd[19368]: Invalid user info from 83.18.244.4
> > Jul 12 08:37:27 server sshd[19368]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:27 server sshd[19368]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:37:27 server sshd[19368]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:37:28 server sshd[19368]: Failed password for invalid user
> > info from 83.18.244.4 port 43660 ssh2
> > Jul 12 08:37:29 server sshd[19370]: Invalid user webmaster from
> > 83.18.244.4
> > Jul 12 08:37:29 server sshd[19370]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:29 server sshd[19370]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:37:29 server sshd[19370]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:37:31 server sshd[19370]: Failed password for invalid user
> > webmaster from 83.18.244.4 port 43760 ssh2
> > Jul 12 08:37:32 server sshd[19372]: Invalid user rebeca from
> > 83.18.244.4
> > Jul 12 08:37:32 server sshd[19372]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:32 server sshd[19372]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:37:32 server sshd[19372]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:37:34 server sshd[19372]: Failed password for invalid user
> > rebeca from 83.18.244.4 port 43865 ssh2
> > Jul 12 08:37:35 server sshd[19374]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:35 server sshd[19374]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4 user=root
> > Jul 12 08:37:37 server sshd[19374]: Failed password for root from
> > 83.18.244.4 port 43975 ssh2
> > Jul 12 08:37:38 server sshd[19376]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:38 server sshd[19376]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4 user=root
> > Jul 12 08:37:41 server sshd[19376]: Failed password for root from
> > 83.18.244.4 port 44080 ssh2
> > Jul 12 08:37:42 server sshd[19378]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:42 server sshd[19378]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4 user=root
> > Jul 12 08:37:43 server sshd[19378]: Failed password for root from
> > 83.18.244.4 port 44192 ssh2
> > Jul 12 08:37:44 server sshd[19380]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:44 server sshd[19380]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4 user=root
> > Jul 12 08:37:47 server sshd[19380]: Failed password for root from
> > 83.18.244.4 port 44296 ssh2
> > Jul 12 08:37:47 server sshd[19382]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:47 server sshd[19382]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4 user=root
> > Jul 12 08:37:49 server sshd[19382]: Failed password for root from
> > 83.18.244.4 port 44410 ssh2
> > Jul 12 08:37:50 server sshd[19384]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:50 server sshd[19384]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4 user=root
> > Jul 12 08:37:53 server sshd[19384]: Failed password for root from
> > 83.18.244.4 port 44508 ssh2
> > Jul 12 08:37:54 server sshd[19386]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:54 server sshd[19386]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4 user=root
> > Jul 12 08:37:56 server sshd[19386]: Failed password for root from
> > 83.18.244.4 port 44626 ssh2
> > Jul 12 08:37:57 server sshd[19388]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:37:57 server sshd[19388]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4 user=root
> > Jul 12 08:37:59 server sshd[19388]: Failed password for root from
> > 83.18.244.4 port 44755 ssh2
> > Jul 12 08:38:00 server sshd[19390]: Invalid user optic from
> > 83.18.244.4
> > Jul 12 08:38:00 server sshd[19390]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:38:00 server sshd[19390]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:38:00 server sshd[19390]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:38:02 server sshd[19390]: Failed password for invalid user
> > optic from 83.18.244.4 port 44862 ssh2
> > Jul 12 08:38:02 server sshd[19392]: Invalid user service from
> > 83.18.244.4
> > Jul 12 08:38:02 server sshd[19392]: reverse mapping checking
> > getaddrinfo
> > for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> > Jul 12 08:38:02 server sshd[19392]: (pam_unix) check pass; user
> > unknown
> > Jul 12 08:38:02 server sshd[19392]: (pam_unix) authentication failure;
> > logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> > Jul 12 08:38:05 server sshd[19392]: Failed password for invalid user
> > service from 83.18.244.4 port 44955 ssh2
> > Jul 12 08:38:06 server sshd[19394]: Invalid user admin from
> > 83.18.244.4
> >
> >
> >
> > und so gehts die ganze zeit weiter!
> > was kann man da machen?
> >
> > MFG Felix
> >
> >
> > --
> > Wien mailing list
> > (spam-protected)
> > http://lists.funkfeuer.at/mailman/listinfo/wien
Mehr Informationen über die Mailingliste Wien