[Wien] Hilfe - Attacke?

L. Aaron Kaplan (spam-protected)
Fr Jul 17 21:01:18 CEST 2009 


On Jul 17, 2009, at 8:42 PM, Felix Ehritz wrote:

> habe nachdem ich ja wie schon berichtet auf einem meiner rechner den
> linux umstieg gewagt.
:)

> habe auf meinem anderen rechner auf dem schon debian rennt jetzt mal  
> in
> den logs gestöbert, nachdem mir ein freund sagte es wird alles
> aufgezeichnet, und da kam mir das grausen-ein kleiner auszug:
>

Der ganz normale Wahnsinn im Alltag eines Servers am Internet.

Ja... die einzige Abhilfe ist: mach ein gutes gutes Passwort!
Also mehr als 10 Zeichen. Sonderzeichen, Ziffern Klein und  
Grossbuchstaben.
Wenn du in linux das Programm pwgen installierst, dann kannst du dir  
sichere
Passwoerter generieren lassen und dir eins davon dann merken.

Uebrigens: diese Regeln gilt an sich genauso fuer Linksysen im 0xFF  
Netz :)
Die werden genauso per ssh Woerterbuchattacken drangenommen.

Was dir weiters auch helfen kann ist a) sshd auf einem anderen Port  
laufen zu
lassen (siehe /etc/ssh/sshd_conf Datei) oder b) nur ssh-keys zu  
verwenden.
Zum Beispiel so: http://www.g-loaded.eu/2005/11/10/ssh-with-keys/



Tja,
a.


>
> Jul 12 08:37:02 server sshd[19352]: Invalid user amanda from  
> 83.18.244.4
> Jul 12 08:37:02 server sshd[19352]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:02 server sshd[19352]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:37:02 server sshd[19352]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:37:05 server sshd[19352]: Failed password for invalid user
> amanda from 83.18.244.4 port 42691 ssh2
> Jul 12 08:37:06 server sshd[19354]: Invalid user iris from 83.18.244.4
> Jul 12 08:37:06 server sshd[19354]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:06 server sshd[19354]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:37:06 server sshd[19354]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:37:07 server sshd[19354]: Failed password for invalid user
> iris from 83.18.244.4 port 42825 ssh2
> Jul 12 08:37:08 server sshd[19356]: Invalid user bonnie from  
> 83.18.244.4
> Jul 12 08:37:08 server sshd[19356]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:08 server sshd[19356]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:37:08 server sshd[19356]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:37:10 server sshd[19356]: Failed password for invalid user
> bonnie from 83.18.244.4 port 42933 ssh2
> Jul 12 08:37:11 server sshd[19358]: Invalid user sparky from  
> 83.18.244.4
> Jul 12 08:37:11 server sshd[19358]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:11 server sshd[19358]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:37:11 server sshd[19358]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:37:14 server sshd[19358]: Failed password for invalid user
> sparky from 83.18.244.4 port 43061 ssh2
> Jul 12 08:37:15 server sshd[19360]: Invalid user clasic from  
> 83.18.244.4
> Jul 12 08:37:15 server sshd[19360]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:15 server sshd[19360]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:37:15 server sshd[19360]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:37:17 server sshd[19360]: Failed password for invalid user
> clasic from 83.18.244.4 port 43208 ssh2
> Jul 12 08:37:17 server sshd[19362]: Invalid user jamy from 83.18.244.4
> Jul 12 08:37:17 server sshd[19362]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:17 server sshd[19362]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:37:17 server sshd[19362]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:37:19 server sshd[19362]: Failed password for invalid user
> jamy from 83.18.244.4 port 43307 ssh2
> Jul 12 08:37:20 server sshd[19364]: Invalid user david from  
> 83.18.244.4
> Jul 12 08:37:20 server sshd[19364]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:20 server sshd[19364]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:37:20 server sshd[19364]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:37:23 server sshd[19364]: Failed password for invalid user
> david from 83.18.244.4 port 43417 ssh2
> Jul 12 08:37:23 server sshd[19366]: Invalid user administrator from
> 83.18.244.4
> Jul 12 08:37:23 server sshd[19366]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:23 server sshd[19366]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:37:23 server sshd[19366]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:37:26 server sshd[19366]: Failed password for invalid user
> administrator from 83.18.244.4 port 43546 ssh2
> Jul 12 08:37:27 server sshd[19368]: Invalid user info from 83.18.244.4
> Jul 12 08:37:27 server sshd[19368]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:27 server sshd[19368]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:37:27 server sshd[19368]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:37:28 server sshd[19368]: Failed password for invalid user
> info from 83.18.244.4 port 43660 ssh2
> Jul 12 08:37:29 server sshd[19370]: Invalid user webmaster from
> 83.18.244.4
> Jul 12 08:37:29 server sshd[19370]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:29 server sshd[19370]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:37:29 server sshd[19370]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:37:31 server sshd[19370]: Failed password for invalid user
> webmaster from 83.18.244.4 port 43760 ssh2
> Jul 12 08:37:32 server sshd[19372]: Invalid user rebeca from  
> 83.18.244.4
> Jul 12 08:37:32 server sshd[19372]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:32 server sshd[19372]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:37:32 server sshd[19372]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:37:34 server sshd[19372]: Failed password for invalid user
> rebeca from 83.18.244.4 port 43865 ssh2
> Jul 12 08:37:35 server sshd[19374]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:35 server sshd[19374]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4  user=root
> Jul 12 08:37:37 server sshd[19374]: Failed password for root from
> 83.18.244.4 port 43975 ssh2
> Jul 12 08:37:38 server sshd[19376]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:38 server sshd[19376]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4  user=root
> Jul 12 08:37:41 server sshd[19376]: Failed password for root from
> 83.18.244.4 port 44080 ssh2
> Jul 12 08:37:42 server sshd[19378]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:42 server sshd[19378]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4  user=root
> Jul 12 08:37:43 server sshd[19378]: Failed password for root from
> 83.18.244.4 port 44192 ssh2
> Jul 12 08:37:44 server sshd[19380]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:44 server sshd[19380]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4  user=root
> Jul 12 08:37:47 server sshd[19380]: Failed password for root from
> 83.18.244.4 port 44296 ssh2
> Jul 12 08:37:47 server sshd[19382]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:47 server sshd[19382]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4  user=root
> Jul 12 08:37:49 server sshd[19382]: Failed password for root from
> 83.18.244.4 port 44410 ssh2
> Jul 12 08:37:50 server sshd[19384]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:50 server sshd[19384]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4  user=root
> Jul 12 08:37:53 server sshd[19384]: Failed password for root from
> 83.18.244.4 port 44508 ssh2
> Jul 12 08:37:54 server sshd[19386]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:54 server sshd[19386]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4  user=root
> Jul 12 08:37:56 server sshd[19386]: Failed password for root from
> 83.18.244.4 port 44626 ssh2
> Jul 12 08:37:57 server sshd[19388]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:37:57 server sshd[19388]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4  user=root
> Jul 12 08:37:59 server sshd[19388]: Failed password for root from
> 83.18.244.4 port 44755 ssh2
> Jul 12 08:38:00 server sshd[19390]: Invalid user optic from  
> 83.18.244.4
> Jul 12 08:38:00 server sshd[19390]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:38:00 server sshd[19390]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:38:00 server sshd[19390]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:38:02 server sshd[19390]: Failed password for invalid user
> optic from 83.18.244.4 port 44862 ssh2
> Jul 12 08:38:02 server sshd[19392]: Invalid user service from
> 83.18.244.4
> Jul 12 08:38:02 server sshd[19392]: reverse mapping checking  
> getaddrinfo
> for gw2-4.xnet.org.pl failed - POSSIBLE BREAK-IN ATTEMPT!
> Jul 12 08:38:02 server sshd[19392]: (pam_unix) check pass; user  
> unknown
> Jul 12 08:38:02 server sshd[19392]: (pam_unix) authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=83.18.244.4
> Jul 12 08:38:05 server sshd[19392]: Failed password for invalid user
> service from 83.18.244.4 port 44955 ssh2
> Jul 12 08:38:06 server sshd[19394]: Invalid user admin from  
> 83.18.244.4
>
>
>
> und so gehts die ganze zeit weiter!
> was kann man da machen?
>
> MFG Felix
>
>
> --
> Wien mailing list
> (spam-protected)
> http://lists.funkfeuer.at/mailman/listinfo/wien

Mehr Informationen über die Mailingliste Wien