SSH attacks for accounts ftpuser, admin and D-Link / 2014-12-09

Koos van den Hout

2014-12-09 SSH attacks for accounts ftpuser, admin and D-Link
Attention: this item is more than 5 years old, links can be broken and information can have been updated.
Loads of mail from fail2ban-SSH on two separate hosts showing random hosts doing ssh attempts for 3 accounts since 18:58 this evening. The pattern looks like: 
Dec  9 18:58:04 greenblatt sshd[28304]: Invalid user ftpuser from 78.90.110.205
Dec  9 18:58:04 greenblatt sshd[28310]: Invalid user admin from 78.90.110.205
Dec  9 18:58:05 greenblatt sshd[28312]: Invalid user D-Link from 78.90.110.205
Dec  9 19:06:54 greenblatt sshd[29099]: Invalid user ftpuser from 84.19.184.65
Dec  9 19:06:55 greenblatt sshd[29101]: Invalid user admin from 84.19.184.65
Dec  9 19:06:55 greenblatt sshd[29103]: Invalid user D-Link from 84.19.184.65
And it goes on and on...
IP addresses seen doing this on the home server: 
103.28.240.202
106.120.193.126
107.0.105.241
107.21.237.194
109.111.201.234
109.228.20.146
109.228.22.210
112.216.180.190
123.242.229.75
123.30.135.226
123.30.51.25
1.234.21.115
1.234.27.46
1.246.219.50
130.192.119.163
140.121.81.80
14.23.153.98
168.143.160.147
173.193.70.114
174.142.75.150
174.79.103.106
176.223.213.206
178.32.157.103
180.210.205.66
180.42.14.107
184.106.149.144
185.19.94.98
188.65.180.33
192.99.71.15
193.111.202.107
195.235.11.37
200.105.252.74
200.54.183.171
201.191.197.136
201.236.225.173
201.33.235.198
202.131.110.204
202.151.11.244
202.152.178.201
202.164.210.100
202.30.224.180
202.70.75.173
202.77.120.66
202.82.223.24
203.69.143.70
204.232.209.198
204.49.113.105
206.223.180.162
207.150.179.84
209.12.252.254
209.172.55.202
210.14.133.144
210.143.144.87
210.166.220.72
210.255.214.2
210.51.14.181
211.12.240.196
211.151.17.198
211.154.139.196
211.198.34.17
211.234.34.188
211.81.49.199
212.227.20.35
213.141.132.157
213.192.211.186
213.229.93.229
216.93.243.138
217.160.126.16
217.160.168.237
217.160.224.5
217.160.79.205
219.117.247.178
219.144.222.244
220.110.200.129
220.117.218.148
220.128.221.102
220.194.59.176
220.232.241.212
221.231.143.4
222.178.184.102
27.112.106.74
27.112.108.117
27.254.67.139
31.193.192.161
37.205.60.194
42.62.29.54
42.62.29.55
46.38.162.39
50.23.94.106
50.28.45.152
50.56.102.118
50.56.72.152
50.56.87.99
58.211.216.43
58.215.160.219
58.64.153.105
60.241.209.198
61.183.130.170
61.250.94.85
61.47.43.42
62.141.52.31
62.141.60.19
62.149.193.112
62.152.116.57
62.157.226.38
62.193.192.210
62.233.102.119
62.233.108.78
62.75.168.223
62.75.185.133
65.98.57.82
65.99.213.168
66.232.22.49
66.90.103.71
67.192.246.122
67.205.96.11
67.23.47.56
71.179.168.28
71.179.84.208
74.208.222.221
74.208.66.78
74.52.177.182
74.62.217.226
74.81.70.82
74.84.131.93
75.151.29.33
75.1.80.166
76.163.25.52
76.17.253.13
76.74.255.158
77.220.109.15
77.236.97.26
78.129.175.84
78.141.179.254
78.31.49.173
78.38.125.169
78.90.110.205
79.188.64.218
81.169.173.115
81.169.174.65
81.31.148.147
81.4.117.50
81.8.0.22
82.127.146.154
82.165.131.193
82.165.135.34
82.165.139.6
82.165.151.97
82.194.71.46
82.194.75.76
82.194.86.11
83.103.67.197
83.169.47.52
84.105.106.85
84.19.178.180
84.19.184.65
84.19.186.54
84.20.17.150
84.246.224.175
84.246.229.166
84.246.230.158
85.17.45.37
85.214.118.233
85.214.121.68
85.214.225.239
85.214.248.60
85.214.254.252
85.25.195.189
85.25.239.199
85.25.59.38
85.95.227.179
85.95.246.191
86.59.117.242
87.106.130.56
87.106.132.188
87.106.143.189
87.106.151.114
87.106.178.27
87.106.191.12
87.106.20.18
87.106.221.232
87.106.242.123
87.106.243.25
87.106.252.28
87.106.29.180
87.106.3.208
87.106.4.104
87.106.52.113
87.106.62.9
87.118.120.199
87.118.120.90
87.118.64.107
87.118.82.89
87.118.94.69
87.252.3.98
89.145.77.19
89.163.199.82
91.116.137.212
91.121.149.137
91.121.166.96
91.142.210.209
91.142.220.157
91.142.220.231
91.184.3.252
91.209.78.68
91.215.181.156
91.215.181.179
91.227.68.144
92.42.38.211
92.45.24.51
92.51.247.73
94.127.185.155
94.138.205.18
94.247.176.198
94.247.29.253
95.110.232.61
95.169.188.190
95.170.144.111
95.56.234.150
IP addresses seen doing this on another server: 
106.120.193.126
106.120.78.169
107.1.164.186
109.108.146.208
109.169.75.64
109.228.20.237
113.20.10.25
115.29.39.238
123.30.190.56
124.115.18.105
125.141.199.225
132.248.183.20
133.242.16.172
134.169.6.34
134.34.103.145
134.91.19.8
14.23.153.98
147.83.107.13
148.243.237.131
158.58.172.109
158.64.96.130
168.143.160.147
173.224.112.170
173.237.187.145
173.8.170.237
174.142.75.115
174.142.75.150
174.37.199.182
174.37.247.214
174.79.103.106
175.143.54.193
176.32.50.9
178.239.183.199
180.210.207.171
184.106.149.144
185.19.94.207
193.111.202.107
193.111.202.117
195.225.168.19
195.225.170.150
198.145.6.195
201.140.169.92
201.191.197.136
202.126.225.174
202.127.20.45
202.165.183.74
202.185.12.134
202.201.160.3
202.8.156.6
202.86.182.106
203.146.249.63
203.169.143.196
203.169.184.45
203.183.110.188
208.82.180.136
209.172.57.249
209.217.62.123
209.90.101.137
210.166.220.88
210.198.13.187
210.200.0.70
211.119.132.70
211.125.67.103
211.139.127.70
211.151.127.170
211.43.207.113
212.227.98.62
212.25.11.75
212.39.90.87
213.108.203.178
213.144.106.11
213.165.81.142
213.165.83.15
213.165.85.31
213.240.172.219
217.160.224.141
217.160.79.123
217.16.195.102
217.27.158.228
218.26.181.230
219.217.80.140
220.110.200.129
220.117.218.148
220.128.120.49
220.178.118.132
220.194.46.36
221.158.59.7
222.184.126.58
222.33.200.213
222.33.35.48
222.77.190.33
23.21.248.240
31.200.210.47
41.73.210.10
42.62.29.55
50.0.113.214
50.23.250.170
50.56.102.118
50.56.236.169
50.56.80.252
5.39.92.38
54.173.188.71
59.125.40.36
59.152.205.216
60.173.82.156
61.127.222.26
61.128.122.76
61.152.157.50
61.153.0.137
61.176.195.209
61.178.188.36
62.141.36.144
62.141.45.217
62.141.48.60
62.141.54.102
62.152.116.57
62.159.183.82
62.193.192.210
62.2.143.181
62.233.108.169
62.75.148.33
62.75.251.71
66.155.19.142
68.171.206.55
71.41.16.68
74.113.69.6
74.208.174.37
74.208.47.226
74.208.66.78
75.98.169.24
76.12.115.68
76.162.112.172
76.163.25.52
76.74.255.158
77.245.153.116
77.43.21.230
77.92.154.171
78.109.170.71
80.64.18.97
80.87.90.92
81.169.131.135
81.169.170.184
81.169.185.231
81.252.101.253
81.88.37.170
82.137.243.55
82.194.71.46
82.194.76.182
82.194.86.11
82.239.230.102
8.225.197.7
83.12.151.50
83.137.98.219
83.144.84.38
83.230.255.70
83.3.193.238
84.19.184.65
84.19.188.26
85.214.142.15
85.214.147.165
85.214.20.135
85.214.220.17
85.214.243.23
85.214.58.89
85.214.80.149
85.232.60.235
85.25.195.189
85.255.193.216
85.90.72.107
85.95.227.179
87.106.129.11
87.106.129.123
87.106.143.143
87.106.165.32
87.106.177.61
87.106.178.27
87.106.187.166
87.106.191.12
87.106.212.12
87.106.217.142
87.106.219.126
87.106.219.45
87.106.247.35
87.106.29.11
87.106.70.192
87.118.108.204
87.118.116.9
87.118.118.76
87.118.94.69
87.230.56.114
87.252.3.98
87.252.5.48
88.255.236.5
88.38.215.101
89.145.77.19
89.163.199.82
91.102.68.3
91.135.226.34
91.142.220.157
91.184.3.35
91.200.48.220
91.215.181.156
91.217.151.130
92.42.38.211
92.46.62.137
92.61.37.95
92.61.39.46
92.61.46.218
93.175.177.53
93.89.237.114
94.127.2.32
94.177.98.27
94.23.234.60
94.23.47.113
94.46.190.82
94.52.213.121
95.110.225.45
95.110.230.197
95.130.170.231
95.215.60.61
95.56.234.150
98.109.76.36
And the list keeps growing...

Update 2014-12-11: The attack here at home stopped 15:14 CET on 2014-12-10. The interesting thing was that this time it was just me: other sites reported seeing the attack still going strong until several hours later.
Tags: , ,

IPv6 check

Running test...

Archive

Browse the recent archive:
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
December 2022
November 2022
October 2022
News archive
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites
This page generated by $Id: newsitem.cgi,v 1.62 2023/09/19 14:49:50 koos Exp $ in 0.009560 seconds.