Interesting things in the sshd logs late ... / 2013-11-11

Koos van den Hout

2013-11-11 Interesting things in the sshd logs late ... 8 years ago

Interesting things in the sshd logs lately:

Nov  8 05:46:31 system sshd[xxxx]: Invalid user trash from 176.31.72.71
Nov  8 07:48:06 system sshd[xxxx]: Invalid user trash from 12.35.78.40
Nov  8 08:15:05 system sshd[xxxx]: Invalid user trash from 62.149.196.28
Nov  8 11:23:16 system sshd[xxxx]: Invalid user trash from 216.58.130.126
Nov  8 11:24:07 system sshd[xxxx]: Invalid user trash from 216.58.130.126
Nov  8 11:50:00 system sshd[xxxx]: Invalid user trash from 109.196.34.51
Nov  8 11:54:06 system sshd[xxxx]: Invalid user trash from 89.142.199.126
Nov  8 11:56:21 system sshd[xxxx]: Invalid user trash from 216.58.130.126
Nov  8 13:10:07 system sshd[xxxx]: Invalid user trash from 216.58.130.126

Seems distributed scanning, all trying different passwords for the same username. Or

Nov  6 02:57:50 system sshd[xxxx]: Invalid user apache from 115.114.14.195
Nov  6 03:31:15 system sshd[xxxx]: Invalid user apache from 115.114.14.195
Nov  6 04:04:44 system sshd[xxxx]: Invalid user apache from 115.114.14.195
Nov  6 04:38:11 system sshd[xxxx]: Invalid user apache from 115.114.14.195
Nov  6 05:11:48 system sshd[xxxx]: Invalid user apache from 115.114.14.195
Nov  6 05:45:41 system sshd[xxxx]: Invalid user apache from 115.114.14.195
Nov  6 06:19:31 system sshd[xxxx]: Invalid user apache from 115.114.14.195
Nov  6 06:53:24 system sshd[xxxx]: Invalid user apache from 115.114.14.195

And lots of other usernames beginning with a letter 'a' from 115.114.14.195.

Tags: english, security

IPv6 check

Running test...

Interesting things in the sshd logs late ... / 2013-11-11

Koos van den Hout

IPv6 check

Archive