Re: hack attempt on my server...What do you do about this?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok, upon a little further investigation, ripe.net is not the right way
to go.  Instead take a look at this info:

% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum:      130.120.0.0 - 130.120.255.255
netname:      UNITOUL
descr:        Centre Interuniversitaire de Calcul de Toulouse
descr:        CICT, 118, Route de Narbonne, 31062 Toulouse CEDEX, France
country:      FR
admin-c:      DI10-RIPE
tech-c:       DI10-RIPE
remarks:      REMIP
status:       ASSIGNED PA
mnt-by:       RIPE-NCC-LOCKED-MNT
remarks:      Maintainer RIPE-NCC-NONE-MNT removed and object
remarks:      LOCKED by the RIPE NCC due to
remarks:      deprecation of the NONE authentication scheme.
remarks:      Please visit the following URL to unlock this object
remarks:      http://www.ripe.net/db/none-deprecation-042004.html
changed:      ripe-dbm@xxxxxxxx 19990706
changed:      ripe-dbm@xxxxxxxx 20000225
changed:      rensvp@xxxxxxxxxx 20020328
changed:      ripe-dbm@xxxxxxxx 20040430
source:       RIPE
route:        130.120.0.0/16
descr:        RENATER
descr:        Universite Pierre et Marie Curie
descr:        4 place Jussieu 75252 PARIS CEDEX 05
descr:        FRANCE
origin:       AS2200
mnt-by:       RENATER-MNT
changed:      RenSVP@xxxxxxxxxx 19991008
source:       RIPE
person:       Dominique Incerti
address:      Centre Interuniversitaire de Calcul de Toulouse
address:      118, route de Narbonne
address:      F-31062 Toulouse CEDEX, France
e-mail:       incerti@xxxxxxx
phone:        +33 5 61 36 60 12
fax-no:       +33 5 61 52 14 58
nic-hdl:      DI10-RIPE
mnt-by:       RENATER-MNT
changed:      rensvp@xxxxxxxxxx 19961125
changed:      rensvp@xxxxxxxxxx 20030326
source:       RIPE

Which shows that the IP belongs to a french university called Centre Interuniversitaire de Calcul de Toulouse.  You can attempt to locate their webiste and send an email with the log info to them at abuse@{their domain}.  Again, this does not guarantee any response, especially from a foreign country.

On Sat, 2004-07-17 at 12:40, Jonathan T. Steadman wrote:
> Sorry this is yet another lame question, but I am new to hosting web
> server ect. just kinda experimenting actually and in my logs i came
> across some garbage (its at the bottom of this email) what do you do
> about this?  Just let it be? inform ISP?  wait and see if it is more
> continuous?  dont know the proper thing to do i guess just making sure
> with you guys.
> 
> Jul 17 14:42:24 localhost sshd[6746]: Illegal user test from
> 130.120.81.14
> Jul 17 14:42:26 localhost sshd[6746]: Failed password for illegal user
> test from 130.120.81.14 port 48692 ssh2
> Jul 17 14:42:27 localhost sshd[6748]: Illegal user guest from
> 130.120.81.14
> Jul 17 14:42:30 localhost sshd[6748]: Failed password for illegal user
> guest from 130.120.81.14 port 48753 ssh2
> Jul 17 14:42:31 localhost sshd[6750]: Illegal user admin from
> 130.120.81.14
> Jul 17 14:42:33 localhost sshd[6750]: Failed password for illegal user
> admin from 130.120.81.14 port 48807 ssh2
> Jul 17 14:42:34 localhost sshd[6752]: Illegal user admin from
> 130.120.81.14
> Jul 17 14:42:37 localhost sshd[6752]: Failed password for illegal user
> admin from 130.120.81.14 port 48849 ssh2
> Jul 17 14:42:38 localhost sshd[6754]: Illegal user user from
> 130.120.81.14
> Jul 17 14:42:40 localhost sshd[6754]: Failed password for illegal user
> user from 130.120.81.14 port 48879 ssh2
> Jul 17 14:42:43 localhost sshd[6756]: Failed password for root from
> 130.120.81.14 port 48900 ssh2
> Jul 17 14:42:47 localhost sshd[6758]: Failed password for root from
> 130.120.81.14 port 48913 ssh2
> Jul 17 14:42:50 localhost sshd[6760]: Failed password for root from
> 130.120.81.14 port 48924 ssh2
> Jul 17 14:42:51 localhost sshd[6762]: Illegal user test from
> 130.120.81.14
> Jul 17 14:42:54 localhost sshd[6762]: Failed password for illegal user
> test from 130.120.81.14 port 48931 ssh2
-- 
Thanks,
Tom Sapp
http://www.sappsworld.com



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux