OVH Community, your new community space.

ataque desde ip 62.193.192.145


rockeye
06/11/2008, 19:20
si habilitas el modulo [apache-noscript] de fail2ban, te sirve para bloquear escaneos de archivos y directorios de apache.

y el modulo [apache] para bloquear accesos a sitios con autenticación http auth.

gabrielcz
06/11/2008, 09:39
Cita Publicado inicialmente por Raikkon
Fuerza bruta. Aquí tienes la solución:

http://foros.ovh.es/showthread.php?p=9019#post9019

Saludos!
como dicen en mi pueblo... "la po _ _ _ este Fail2Ban"
Gracias, ya habia cambiado el puerto y quitado root, pero este Fail2Ban me gusta, quizá lo cate ver que tal va

itimag
05/11/2008, 17:06
también es importante deshabilitar el acceso con el usuario root.

sdzzds
05/11/2008, 12:19
eso es normal, aunque sea el server nuevo hay intentos de fuerza bruta por rangos de ip, osea que te puede tocar, lo mejor es cambiar el puerto 22 a otro puerto y se acaban los problemas

Raikkon
04/11/2008, 22:54
Fuerza bruta. Aquí tienes la solución:

http://foros.ovh.es/showthread.php?p=9019#post9019

Saludos!

gabrielcz
04/11/2008, 21:56
Hola, recientemente rente un servidor dedicado (tengo otros, en los cuales no miré el log todavia) y vi soprendido lo que abajo les dejo. A mi criterio, es un intento de fuerza bruta al puerto del sshd, asi que ya lo cambie y el tema está terminado, pero quiero dejarles aqui al menos constancia de que esto pasa, y a ver si entre los demas, podemos confirmar si es un ataque a mi (cosa que no creo, por que el servidor tiene menos de 24 horas conmigo) o es aleatorio al rango de las ips de OVH.
Enviaré el correspondiente log a la gente de soporte, pero quería avisar aqui tambien.
Un saludo...

PD. les copio la parte en cuestion del log.


==============0
Nov 4 21:15:32 stock sshd[6441]: Invalid user william from 62.193.192.145
Nov 4 21:15:33 stock sshd[6443]: Invalid user stephanie from 62.193.192.145
Nov 4 21:15:33 stock sshd[6455]: Invalid user gary from 62.193.192.145
Nov 4 21:15:34 stock sshd[6459]: Invalid user guest from 62.193.192.145
Nov 4 21:15:34 stock sshd[6461]: Invalid user test from 62.193.192.145
Nov 4 21:15:34 stock sshd[6463]: Invalid user oracle from 62.193.192.145
Nov 4 21:15:37 stock sshd[6508]: Invalid user apache from 62.193.192.145
Nov 4 21:15:37 stock sshd[6514]: Invalid user lab from 62.193.192.145
Nov 4 21:15:37 stock sshd[6518]: Invalid user oracle from 62.193.192.145
Nov 4 21:15:38 stock sshd[6520]: Invalid user svn from 62.193.192.145
Nov 4 21:15:38 stock sshd[6522]: Invalid user iraf from 62.193.192.145
Nov 4 21:15:38 stock sshd[6524]: Invalid user swsoft from 62.193.192.145
Nov 4 21:15:38 stock sshd[6526]: Invalid user production from 62.193.192.145
Nov 4 21:15:38 stock sshd[6528]: Invalid user guest from 62.193.192.145
Nov 4 21:15:38 stock sshd[6530]: Invalid user gast from 62.193.192.145
Nov 4 21:15:38 stock sshd[6532]: Invalid user gast from 62.193.192.145
Nov 4 21:15:38 stock sshd[6534]: Invalid user oliver from 62.193.192.145
Nov 4 21:15:39 stock sshd[6536]: Invalid user sirsi from 62.193.192.145
Nov 4 21:15:39 stock sshd[6538]: Invalid user nagios from 62.193.192.145
Nov 4 21:15:39 stock sshd[6540]: Invalid user nagios from 62.193.192.145
Nov 4 21:15:39 stock sshd[6542]: Invalid user nagios from 62.193.192.145
Nov 4 21:15:39 stock sshd[6544]: Invalid user nagios from 62.193.192.145
Nov 4 21:15:39 stock sshd[6546]: Invalid user backuppc from 62.193.192.145
Nov 4 21:15:39 stock sshd[6548]: Invalid user wolfgang from 62.193.192.145
Nov 4 21:15:39 stock sshd[6550]: Invalid user vmware from 62.193.192.145
Nov 4 21:15:40 stock sshd[6552]: Invalid user stats from 62.193.192.145
Nov 4 21:15:40 stock sshd[6554]: Invalid user kor from 62.193.192.145
Nov 4 21:15:40 stock sshd[6556]: Invalid user wei from 62.193.192.145
Nov 4 21:15:40 stock sshd[6558]: Invalid user cvsuser from 62.193.192.145
Nov 4 21:15:40 stock sshd[6560]: Invalid user cvsuser from 62.193.192.145
Nov 4 21:15:40 stock sshd[6562]: Invalid user cvsuser from 62.193.192.145
Nov 4 21:15:40 stock sshd[6564]: Invalid user javi from 62.193.192.145
Nov 4 21:15:40 stock sshd[6566]: Invalid user ubuntu from 62.193.192.145
Nov 4 21:15:41 stock sshd[6568]: Invalid user blog from 62.193.192.145
Nov 4 21:15:41 stock sshd[6578]: Invalid user diane from 62.193.192.145
Nov 4 21:15:41 stock sshd[6580]: Invalid user fred from 62.193.192.145
Nov 4 21:15:42 stock sshd[6582]: Invalid user student from 62.193.192.145
Nov 4 21:15:42 stock sshd[6584]: Invalid user test from 62.193.192.145
Nov 4 21:15:42 stock sshd[6586]: Invalid user guest from 62.193.192.145
Nov 4 21:15:42 stock sshd[6590]: Invalid user guest from 62.193.192.145
Nov 4 21:15:42 stock sshd[6592]: Invalid user test from 62.193.192.145
Nov 4 21:15:42 stock sshd[6594]: Invalid user student from 62.193.192.145
Nov 4 21:15:42 stock sshd[6596]: Invalid user admin from 62.193.192.145
Nov 4 21:15:42 stock sshd[6598]: Invalid user admin from 62.193.192.145
Nov 4 21:15:43 stock sshd[6600]: Invalid user user from 62.193.192.145
Nov 4 21:15:43 stock sshd[6602]: Invalid user user from 62.193.192.145
Nov 4 21:15:43 stock sshd[6604]: Invalid user core from 62.193.192.145
Nov 4 21:15:43 stock sshd[6606]: Invalid user mama from 62.193.192.145
Nov 4 21:15:43 stock sshd[6608]: Invalid user mom from 62.193.192.145
Nov 4 21:15:43 stock sshd[6610]: Invalid user mom from 62.193.192.145
Nov 4 21:15:43 stock sshd[6612]: Invalid user festival from 62.193.192.145
Nov 4 21:15:43 stock sshd[6614]: Invalid user files from 62.193.192.145
Nov 4 21:15:44 stock sshd[6616]: Invalid user frei from 62.193.192.145
Nov 4 21:15:44 stock sshd[6618]: Invalid user je from 62.193.192.145
Nov 4 21:15:44 stock sshd[6620]: Invalid user jean from 62.193.192.145
Nov 4 21:15:44 stock sshd[6622]: Invalid user juan from 62.193.192.145
Nov 4 21:15:44 stock sshd[6624]: Invalid user first from 62.193.192.145
Nov 4 21:15:44 stock sshd[6626]: Invalid user dank from 62.193.192.145
Nov 4 21:15:45 stock sshd[6628]: Invalid user farrell from 62.193.192.145
Nov 4 21:15:45 stock sshd[6630]: Invalid user genoveva from 62.193.192.145
Nov 4 21:15:45 stock sshd[6634]: Invalid user amanda from 62.193.192.145
Nov 4 21:15:45 stock sshd[6638]: Invalid user amanda from 62.193.192.145
Nov 4 21:15:45 stock sshd[6640]: Invalid user video from 62.193.192.145
Nov 4 21:15:45 stock sshd[6642]: Invalid user video from 62.193.192.145
Nov 4 21:15:45 stock sshd[6644]: Invalid user martin from 62.193.192.145
Nov 4 21:15:45 stock sshd[6646]: Invalid user martin from 62.193.192.145
Nov 4 21:15:46 stock sshd[6648]: Invalid user hans from 62.193.192.145
Nov 4 21:15:46 stock sshd[6650]: Invalid user nickelan from 62.193.192.145
Nov 4 21:15:46 stock sshd[6652]: Invalid user nickelan from 62.193.192.145
Nov 4 21:15:46 stock sshd[6654]: Invalid user nick from 62.193.192.145
Nov 4 21:15:46 stock sshd[6656]: Invalid user nick from 62.193.192.145
Nov 4 21:15:46 stock sshd[6658]: Invalid user vwalker from 62.193.192.145
Nov 4 21:15:47 stock sshd[6668]: Invalid user test from 62.193.192.145
Nov 4 21:15:47 stock sshd[6670]: Invalid user admin from 62.193.192.145
Nov 4 21:15:47 stock sshd[6672]: Invalid user guest from 62.193.192.145
Nov 4 21:15:47 stock sshd[6674]: Invalid user student from 62.193.192.145
Nov 4 21:15:47 stock sshd[6676]: Invalid user matt from 62.193.192.145
Nov 4 21:15:47 stock sshd[6678]: Invalid user user from 62.193.192.145
Nov 4 21:15:48 stock sshd[6680]: Invalid user amanda from 62.193.192.145
Nov 4 21:15:48 stock sshd[6682]: Invalid user vnc from 62.193.192.145
Nov 4 21:15:48 stock sshd[6684]: Invalid user spamd from 62.193.192.145
Nov 4 21:15:48 stock sshd[6686]: Invalid user user from 62.193.192.145
Nov 4 21:15:48 stock sshd[6688]: Invalid user michel from 62.193.192.145
Nov 4 21:15:48 stock sshd[6690]: Invalid user michaels from 62.193.192.145
Nov 4 21:15:48 stock sshd[6692]: Invalid user hallo from 62.193.192.145
Nov 4 21:15:48 stock sshd[6694]: Invalid user der from 62.193.192.145
Nov 4 21:15:49 stock sshd[6698]: Invalid user bernd from 62.193.192.145
Nov 4 21:15:49 stock sshd[6702]: Invalid user tomcat5 from 62.193.192.145
Nov 4 21:15:49 stock sshd[6706]: Invalid user denis from 62.193.192.145
Nov 4 21:15:50 stock sshd[6710]: Invalid user test2 from 62.193.192.145
Nov 4 21:15:50 stock sshd[6714]: Invalid user test from 62.193.192.145
Nov 4 21:15:50 stock sshd[6716]: Invalid user test from 62.193.192.145
Nov 4 21:15:52 stock sshd[6718]: Invalid user test from 62.193.192.145
Nov 4 21:15:52 stock sshd[6721]: Invalid user test from 62.193.192.145
Nov 4 21:15:52 stock sshd[6723]: Invalid user test from 62.193.192.145
Nov 4 21:15:52 stock sshd[6725]: Invalid user test from 62.193.192.145
Nov 4 21:15:52 stock sshd[6727]: Invalid user test from 62.193.192.145
Nov 4 21:15:52 stock sshd[6729]: Invalid user test from 62.193.192.145
Nov 4 21:15:52 stock sshd[6731]: Invalid user test from 62.193.192.145
Nov 4 21:15:52 stock sshd[6733]: Invalid user test from 62.193.192.145
Nov 4 21:15:53 stock sshd[6735]: Invalid user test from 62.193.192.145
Nov 4 21:15:53 stock sshd[6737]: Invalid user test from 62.193.192.145
Nov 4 21:15:53 stock sshd[6739]: Invalid user test3 from 62.193.192.145
Nov 4 21:15:53 stock sshd[6741]: Invalid user test4 from 62.193.192.145
Nov 4 21:15:53 stock sshd[6743]: Invalid user test5 from 62.193.192.145
Nov 4 21:15:53 stock sshd[6745]: Invalid user test6 from 62.193.192.145


etc etc etc etc hasta que lo vi

saludos.