[ale] hack attempts

Jim Philips jimmyc at speedfactory.net
Sun Feb 6 17:43:38 EST 2005 

There may be a connection to my DNS issue here. When checking logs this 
morning, I found numerous attempts to log on to my system as bogus users 
coming in through ssh. Here are come log entries:

Feb  6 06:36:34 localhost sshd[1629]: Did not receive identification 
string from 62.193.234.89
Feb  6 06:53:54 localhost sshd[1655]: Failed password for nobody from 
62.193.234.89 port 36459 ssh2
Feb  6 06:53:55 localhost sshd[1659]: Invalid user patrick from 
62.193.234.89
Feb  6 06:53:55 localhost sshd[1659]: Failed password for invalid user 
patrick from 62.193.234.89 port 37002 ssh2
Feb  6 06:53:57 localhost sshd[1663]: Invalid user patrick from 
62.193.234.89
Feb  6 06:53:57 localhost sshd[1663]: Failed password for invalid user 
patrick from 62.193.234.89 port 37199 ssh2
Feb  6 06:53:58 localhost sshd[1667]: Failed password for root from 
62.193.234.89 port 37371 ssh2
Feb  6 06:53:59 localhost sshd[1671]: Failed password for root from 
62.193.234.89 port 37529 ssh2
Feb  6 06:54:00 localhost sshd[1675]: Failed password for root from 
62.193.234.89 port 38491 ssh2
Feb  6 06:54:01 localhost sshd[1679]: Failed password for root from 
62.193.234.89 port 38700 ssh2
Feb  6 06:54:03 localhost sshd[1683]: Failed password for root from 
62.193.234.89 port 38863 ssh2
Feb  6 06:54:04 localhost sshd[1687]: Invalid user rolo from 62.193.234.89
Feb  6 06:54:04 localhost sshd[1687]: Failed password for invalid user 
rolo from 62.193.234.89 port 39016 ssh2
Feb  6 06:54:05 localhost sshd[1691]: Invalid user iceuser from 
62.193.234.89
Feb  6 06:54:05 localhost sshd[1691]: Failed password for invalid user 
iceuser from 62.193.234.89 port 39503 ssh2
Feb  6 06:54:06 localhost sshd[1695]: Invalid user horde from 62.193.234.89
Feb  6 06:54:06 localhost sshd[1695]: Failed password for invalid user 
horde from 62.193.234.89 port 40047 ssh2
Feb  6 06:54:07 localhost sshd[1699]: Invalid user cyrus from 62.193.234.89
Feb  6 06:54:07 localhost sshd[1699]: Failed password for invalid user 
cyrus from 62.193.234.89 port 40265 ssh2
Feb  6 06:54:08 localhost sshd[1703]: Invalid user www from 62.193.234.89
Feb  6 06:54:08 localhost sshd[1703]: Failed password for invalid user 
www from 62.193.234.89 port 40467 ssh2
Feb  6 06:54:10 localhost sshd[1707]: Invalid user wwwrun from 62.193.234.89
Feb  6 06:54:10 localhost sshd[1707]: Failed password for invalid user 
wwwrun from 62.193.234.89 port 40952 ssh2
Feb  6 06:54:11 localhost sshd[1711]: Invalid user matt from 62.193.234.89
Feb  6 06:54:11 localhost sshd[1711]: Failed password for invalid user 
matt from 62.193.234.89 port 41520 ssh2
Feb  6 06:54:12 localhost sshd[1715]: Invalid user test from 62.193.234.89
Feb  6 06:54:12 localhost sshd[1715]: Failed password for invalid user 
test from 62.193.234.89 port 41706 ssh2
Feb  6 06:54:13 localhost sshd[1719]: Invalid user test from 62.193.234.89
Feb  6 06:54:13 localhost sshd[1719]: Failed password for invalid user 
test from 62.193.234.89 port 42253 ssh2
Feb  6 06:54:14 localhost sshd[1723]: Invalid user test from 62.193.234.89
Feb  6 06:54:14 localhost sshd[1723]: Failed password for invalid user 
test from 62.193.234.89 port 42750 ssh2
Feb  6 06:54:15 localhost sshd[1727]: Invalid user test from 62.193.234.89
Feb  6 06:54:15 localhost sshd[1727]: Failed password for invalid user 
test from 62.193.234.89 port 42994 ssh2
Feb  6 06:54:17 localhost sshd[1731]: Invalid user www-data from 
62.193.234.89
Feb  6 06:54:17 localhost sshd[1731]: Failed password for invalid user 
www-data from 62.193.234.89 port 43569 ssh2
Feb  6 06:54:18 localhost sshd[1735]: Failed password for mysql from 
62.193.234.89 port 44126 ssh2
Feb  6 06:54:19 localhost sshd[1739]: Failed password for operator from 
62.193.234.89 port 44280 ssh2
Feb  6 06:54:20 localhost sshd[1743]: Failed password for adm from 
62.193.234.89 port 44759 ssh2
Feb  6 06:54:21 localhost sshd[1747]: Invalid user apache from 62.193.234.89
Feb  6 06:54:21 localhost sshd[1747]: Failed password for invalid user 
apache from 62.193.234.89 port 45331 ssh2
Feb  6 06:54:22 localhost sshd[1751]: Invalid user irc from 62.193.234.89

My first response was to remove openssh, since I don't really need it. 
Any further suggestions on checking to see if this goon got anywhere?

More information about the Ale mailing list