Wednesday, February 29, 2012

Whoops!

My home server is configured to send me daily e-mails with any security events. Typically this means SSH brute force login attempts, and I occasionally take the opportunity notify people that their servers were breached and are being used for attacks.

Today I found something amusing in the logs. Apparently some idiot hacker mixed up their username and password files for their attack:
Feb 28 02:32:53 buddha sshd[57691]: Invalid user QFhGj8kE7D3Vs from 223.4.115.46
Feb 28 02:32:55 buddha sshd[57693]: Invalid user aMb0lgX8umqqQGpFRjiGiP from 223.4.115.46
Feb 28 02:32:58 buddha sshd[57695]: Invalid user crinalove from 223.4.115.46
Feb 28 02:33:00 buddha sshd[57697]: Invalid user xyzsun123 from 223.4.115.46
Feb 28 02:33:02 buddha sshd[57699]: Invalid user 20090924 from 223.4.115.46
Feb 28 02:33:05 buddha sshd[57713]: Invalid user aicumine from 223.4.115.46
Feb 28 02:33:07 buddha sshd[57715]: Invalid user Router#32SOS from 223.4.115.46
Feb 28 02:33:10 buddha sshd[57717]: Invalid user cotinga from 223.4.115.46
Feb 28 02:33:13 buddha sshd[57719]: Invalid user cornalito from 223.4.115.46
Feb 28 02:33:15 buddha sshd[57721]: Invalid user l0p33os from 223.4.115.46
Feb 28 02:33:18 buddha sshd[57723]: Invalid user !mir@nine from 223.4.115.46
Feb 28 02:33:20 buddha sshd[57725]: Invalid user mucleus.caca.root from 223.4.115.46
Feb 28 02:33:23 buddha sshd[57727]: Invalid user !@#$%^ from 223.4.115.46
Feb 28 02:33:25 buddha sshd[57729]: Invalid user easy2use from 223.4.115.46
Feb 28 02:33:28 buddha sshd[57731]: Invalid user diana4ever from 223.4.115.46
Feb 28 02:33:33 buddha sshd[57733]: Invalid user pw2009inx from 223.4.115.46
Feb 28 02:33:36 buddha sshd[57735]: Invalid user eth0eth1254 from 223.4.115.46
Feb 28 02:33:38 buddha sshd[57737]: Invalid user eth0eth0 from 223.4.115.46
Feb 28 02:33:40 buddha sshd[57739]: Invalid user 1q2w3e4r5t6y7u8i9o0p from 223.4.115.46
Feb 28 02:33:43 buddha sshd[57741]: Invalid user kentlung from 223.4.115.46
Feb 28 02:33:45 buddha sshd[57743]: Invalid user 1q2w3e4r5t6y from 223.4.115.46
Feb 28 02:33:48 buddha sshd[57745]: Invalid user kta1234 from 223.4.115.46
Feb 28 02:33:50 buddha sshd[57747]: Invalid user Kt@1234 from 223.4.115.46
Feb 28 02:33:53 buddha sshd[57749]: Invalid user !mi$ from 223.4.115.46
Feb 28 02:33:55 buddha sshd[57751]: Invalid user perfectpassword from 223.4.115.46
Feb 28 02:33:58 buddha sshd[57753]: Invalid user !mir@ninie from 223.4.115.46
Feb 28 02:34:00 buddha sshd[57755]: Invalid user !mir@Ninie from 223.4.115.46
Feb 28 02:34:03 buddha sshd[57757]: Invalid user !Mir@nine from 223.4.115.46
Feb 28 02:34:05 buddha sshd[57759]: Invalid user vkvadaclasa from 223.4.115.46
Feb 28 02:34:08 buddha sshd[57761]: Invalid user vkvadaclasa from 223.4.115.46
Feb 28 02:34:10 buddha sshd[57763]: Invalid user vkvadaclasa from 223.4.115.46
Feb 28 02:34:13 buddha sshd[57765]: Invalid user vkvadaclasa from 223.4.115.46
Feb 28 02:34:15 buddha sshd[57767]: Invalid user d3v__3f__j3b0n from 223.4.115.46
Feb 28 02:34:17 buddha sshd[57769]: Invalid user kany123kany from 223.4.115.46
Feb 28 02:34:20 buddha sshd[57771]: Invalid user gywjddl!@!* from 223.4.115.46
Feb 28 02:34:22 buddha sshd[57773]: Invalid user aprkvkldf!!! from 223.4.115.46
Feb 28 02:34:25 buddha sshd[57775]: Invalid user dnjao123! from 223.4.115.46
Feb 28 02:34:28 buddha sshd[57777]: Invalid user eltmzm!!! from 223.4.115.46
Feb 28 02:34:31 buddha sshd[57779]: Invalid user #7364! from 223.4.115.46
Feb 28 02:34:34 buddha sshd[57781]: Invalid user disk!!! from 223.4.115.46
Feb 28 02:34:36 buddha sshd[57783]: Invalid user @#Rq92u8fjewRweqf45y43tgh3 from 223.4.115.46
Feb 28 02:34:39 buddha sshd[57785]: Invalid user @n!md@mP#$@&#3141$&#@!#mTadm!n$@ from 223.4.115.46
Feb 28 02:34:41 buddha sshd[57787]: Invalid user BUNdAS@#$RT%GQ~EQW#%^QW from 223.4.115.46
Feb 28 02:34:44 buddha sshd[57789]: Invalid user 163typist from 223.4.115.46
Feb 28 02:34:46 buddha sshd[57791]: Invalid user dudejr5542 from 223.4.115.46
Feb 28 02:34:48 buddha sshd[57793]: Invalid user E1T1RDs7 from 223.4.115.46
Feb 28 02:34:51 buddha sshd[57795]: Invalid user 198287 from 223.4.115.46
Feb 28 02:34:54 buddha sshd[57797]: Invalid user r9A6YOFYEh from 223.4.115.46
Feb 28 02:34:56 buddha sshd[57799]: Invalid user 9swL2k5Cp7 from 223.4.115.46
Feb 28 02:34:59 buddha sshd[57801]: Invalid user oxbow@852 from 223.4.115.46
Feb 28 02:35:01 buddha sshd[57803]: Invalid user frigfurg from 223.4.115.46
Feb 28 02:35:03 buddha sshd[57805]: Invalid user xew4upjg from 223.4.115.46
Feb 28 02:35:06 buddha sshd[57809]: Invalid user K4tp0ng from 223.4.115.46
Feb 28 02:35:08 buddha sshd[57811]: Invalid user dkagh!@#$ from 223.4.115.46
Feb 28 02:35:11 buddha sshd[57813]: Invalid user rhg0704 from 223.4.115.46
Feb 28 02:35:13 buddha sshd[57815]: Invalid user 654312 from 223.4.115.46
Feb 28 02:35:16 buddha sshd[57817]: Invalid user glaemsp!!! from 223.4.115.46
Feb 28 02:35:18 buddha sshd[57819]: Invalid user whznskwhdk from 223.4.115.46
Feb 28 02:35:21 buddha sshd[57821]: Invalid user globalpass from 223.4.115.46
Feb 28 02:35:23 buddha sshd[57823]: Invalid user punglor21 from 223.4.115.46
Feb 28 02:35:26 buddha sshd[57825]: Invalid user nic#!@ruc148 from 223.4.115.46
Feb 28 02:35:29 buddha sshd[57827]: Invalid user dudejrqwer!@#$ from 223.4.115.46
There are a LOT more in the log, but you get the picture.

No comments: