Skip to main content

Thread: Victim of a Bad Chinese Hacker?

-

well, randomly taking @ vsftpd log today, , came across unusual myself. week ago computer tried connect computer repeatedly bogus default usernames. there many attempted connections usernames such 'user', 'root', 'linux', , 'login'. 1000 attempts, within 2 seconds of each other.

here small excerpt:

code:
sun aug 29 08:53:10 2010 [pid 1] [root] fail login: client "218.15.221.82" sun aug 29 08:53:13 2010 [pid 1] [root] fail login: client "218.15.221.82" sun aug 29 08:53:17 2010 [pid 1] [root] fail login: client "218.15.221.82" sun aug 29 08:53:19 2010 [pid 2] connect: client "218.15.221.82" sun aug 29 08:53:21 2010 [pid 1] [root] fail login: client "218.15.221.82" sun aug 29 08:53:26 2010 [pid 1] [root] fail login: client "218.15.221.82" sun aug 29 08:53:30 2010 [pid 1] [root] fail login: client "218.15.221.82" sun aug 29 08:53:31 2010 [pid 2] connect: client "218.15.221.82" sun aug 29 08:53:34 2010 [pid 1] [user] fail login: client "218.15.221.82" sun aug 29 08:53:38 2010 [pid 1] [user] fail login: client "218.15.221.82" sun aug 29 08:53:41 2010 [pid 1] [user] fail login: client "218.15.221.82"
i looked ip , beijing. don't understand how in china come across ip, worries me little bit. obviously, hacker wasn't good, since connection never made, should concerned?

also, 2 hours after incident, there 50 connections made ip addresses around world, no attempted logins or data transfers, within hour.

looks this:
code:
sun aug 29 11:24:32 2010 [pid 2] connect: client "110.55.97.65" sun aug 29 11:26:04 2010 [pid 2] connect: client "121.54.46.67" sun aug 29 11:27:57 2010 [pid 2] connect: client "82.181.129.80" sun aug 29 11:28:16 2010 [pid 2] connect: client "95.13.64.75" sun aug 29 11:28:16 2010 [pid 2] connect: client "119.152.31.22" sun aug 29 11:29:17 2010 [pid 2] connect: client "95.13.64.75" sun aug 29 11:29:18 2010 [pid 2] connect: client "119.152.31.22" sun aug 29 11:30:47 2010 [pid 2] connect: client "95.13.64.75" sun aug 29 11:32:33 2010 [pid 2] connect: client "95.13.64.75" sun aug 29 11:34:01 2010 [pid 2] connect: client "95.13.64.75" sun aug 29 11:35:27 2010 [pid 2] connect: client "95.13.64.75" sun aug 29 11:36:15 2010 [pid 2] connect: client "95.13.64.75" sun aug 29 11:37:19 2010 [pid 2] connect: client "95.13.64.75" sun aug 29 11:38:14 2010 [pid 2] connect: client "119.152.31.22" sun aug 29 11:41:16 2010 [pid 2] connect: client "95.13.64.75" sun aug 29 11:42:14 2010 [pid 2] connect: client "119.152.31.22" sun aug 29 11:42:45 2010 [pid 2] connect: client "95.13.64.75" sun aug 29 11:43:17 2010 [pid 2] connect: client "119.152.31.22" sun aug 29 11:43:44 2010 [pid 2] connect: client "95.13.64.75" sun aug 29 11:44:22 2010 [pid 2] connect: client "78.177.246.141"
i never broadcast ftp. it's used transferring files friends. ip address available using tor network, don't understand why want files. odd since ips scattered around world.

in advance advice.

there's lot of people out there doing network scans trying find vulnerable machines. nothing out of ordinary here. make sure have strong passwords.

found ip because randomly scan wide ranges of ips.

shieldsup scan of self make sure nothing obvious open , vulnerable,
https://www.grc.com/x/ne.dll?bh0bkyd2

, don't enable vnc (remote desktop) without @ least strong password.


Forum The Ubuntu Forum Community Ubuntu Specialised Support Security [SOLVED] Victim of a Bad Chinese Hacker?


Ubuntu

Comments

Post a Comment

Popular posts from this blog

Hur installera Joomla på One.com - Joomla! Forum - community, help and support

-
Image
hej! var hittar jag bra installations beskrivning och mjukvara som fungerar på one.com. har letat över allt forumet? ja det var min fråga. att hitta det på forumet gick inte, vist många hade installerat men hallå dela med er... jag fick googla och kom över denna fina platsen: http://www.wkdesign.se/index.php?option ... 96&lang=se så nu är jag uppe och går hoppas jag. har dålig erfarenhet med öppen källkod, många kockar... men man ska aldrig säga aldrig ;-) mvh ola a. hej och välkommen. vi delar med oss här på forumet, men tyvärr så är sökfunktionen inte så bra. nu hoppas jag att du har postat fel forum. detta är forumet för gamla joomla 1.0.x och gör du en nyinstallation så ska det vara senaste versionen 1.5.15 eftersom one.com nyligen gjort en uppdatering på sina servrar så ingen annan joomla-version utom den senaste går att köra där. här är en tråd om hur man installerar joomla 1.5.x på one.com viewtopic.php?f=449&t=365418&start=0 lycka till och posta forumet för jooml...
Read more

removing index.php from URL address - Joomla! Forum - community, help and support

-
hi. does know how remove index.php url address? in globalization under seo settings set search engine friendly urls yes, , took out bunch of stuff in url, index.php still showing before page name. thanks! leah hello, tick yes 3 things in seo settings in global, , rename htaccess.txt .htaccess in home folder. in experience, pages come as www.domain.com/articlename.html Board index Joomla! Older Version Support Joomla! 1.5 General Questions/New to Joomla! 1.5
Read more

「イメージマップのアンカー名には、...」のエラーが出ないようにしたい

-
illustrator csで.jpgのデジカメ写真を開いて、それに全角10文字ほど加筆して、「データ書き出し」で.jpgでファイルで書き出そうとすると、「イメージマップのアンカー名には、英数字またはア ンダースコアのみを使用してください。」のメッセージが出てエラーになることがあります。   そのときに、「データ書き出し」ダイアログボックスの「ファイル名」を半角英数字だけにするとこのエラーが出なくて書き出せます。 しかし、ファイル名を全角文字にして「データ書き出し」してもいつも必ず上記のエラーが出るわけではなく、出ないで書き出せることもあります。 全角文字ファイル名で.jpgファイルに「データ書き出し」するときにこのエラーが出ないようにするにはどうしたらいいのでしょうか。 警告ダイアログに「再表示しない」というチェックボックスはありませんか? それをチェックすれば、次回からこの警告が出ないようになります。   森房 Illustratorコミュニティフォーラム (Japan) でのその他のディスカッション adobe
Read more