Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




74 posts

Master Geek
+1 received by user: 16


Topic # 190780 12-Jan-2016 08:35
Send private message

Just got into the office this morning and pages and pages and pages of log files.............some of the 'guessed' usernames are priceless though






View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 1468175 12-Jan-2016 08:43
Send private message

Can't read the user names



74 posts

Master Geek
+1 received by user: 16


  Reply # 1468191 12-Jan-2016 08:53
Send private message

image link

Click to see full size


 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
I fix stuff!
1624 posts

Uber Geek
+1 received by user: 281

Trusted
Vocus
Subscriber

  Reply # 1468195 12-Jan-2016 09:01
4 people support this post
Send private message

ssh bot

Fairly common once an open ssh port is detected. They will be trying username/passwords from known guessable password dictionary.

If you are running linux highly recommend using fail2ban


Also really not a good idea having telnet open to the world.


127 posts

Master Geek
+1 received by user: 55


  Reply # 1468196 12-Jan-2016 09:01
One person supports this post
Send private message

Not so stupid guesses at your usernames. They successfully got the admin one.



74 posts

Master Geek
+1 received by user: 16


  Reply # 1468198 12-Jan-2016 09:04
Send private message

spearsniper: Not so stupid guesses at your usernames. They successfully got the admin one.


true, there are only two active usernames in any case.

148 posts

Master Geek
+1 received by user: 60

Subscriber

  Reply # 1468200 12-Jan-2016 09:05
Send private message

222.184.0.0 - 222.191.255.255 is assigned to CHINANET JIANGSU, 260 Zhongyang Road,Nanjing 210037, PRC.
Might be worth reporting to "abuse-mailbox: anti-spam@ns.chinanet.cn.net"



74 posts

Master Geek
+1 received by user: 16


  Reply # 1468201 12-Jan-2016 09:06
Send private message

Sounddude: ssh bot

Fairly common once an open ssh port is detected. They will be trying username/passwords from known guessable password dictionary.

If you are running linux highly recommend using fail2ban


Also really not a good idea having telnet open to the world.



We use telnet however to do terminal diagnostics from various sites so too hard to isolate incoming IP's. Found it easier to have a near 18 character password and a ridiculous username.

38 posts

Geek
+1 received by user: 7


  Reply # 1468214 12-Jan-2016 09:16
Send private message

Hi

Save your logs and report them. You can do a quick whois search using the IP address and get the necessary contact info you could also contact APNIC. The pic is a little blury i think the 2 IP addresses is see are

222.186.34.56 and 112.54.83.53 both trying to access your IP via Telnet and SSH. Do you have external access to both those services if you do and dont use them i would shut them down on your firewall. If you use them change the ports to something only you would know if you haven't done so already.



74 posts

Master Geek
+1 received by user: 16


  Reply # 1468216 12-Jan-2016 09:20
Send private message

Pehesis: Hi

Save your logs and report them. You can do a quick whois search using the IP address and get the necessary contact info you could also contact APNIC. The pic is a little blury i think the 2 IP addresses is see are

222.186.34.56 and 112.54.83.53 both trying to access your IP via Telnet and SSH. Do you have external access to both those services if you do and dont use them i would shut them down on your firewall. If you use them change the ports to something only you would know if you haven't done so already.


Been working through that this morning and extracting the details from the logs and sending them to our ISP.

Got a suggestion earlier to change the ports but means having to reprogram all the existing terminals and managed sites. May look at finding a way to implement that over the coming weeks.

19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 1468219 12-Jan-2016 09:23
Send private message

Use ssh keys

cisconz
1175 posts

Uber Geek
+1 received by user: 77

Trusted
Subscriber

  Reply # 1468224 12-Jan-2016 09:28
Send private message

Unless you need SSH and Telnet - do this





Hmmmm



74 posts

Master Geek
+1 received by user: 16


  Reply # 1468226 12-Jan-2016 09:30
Send private message

cisconz: Unless you need SSH and Telnet - do this





Do need both. But will be investigating a change of ports and working out how to roll that out to the temrinals that use our server.

cisconz
1175 posts

Uber Geek
+1 received by user: 77

Trusted
Subscriber

  Reply # 1468231 12-Jan-2016 09:35
Send private message

eftpos:
cisconz: Unless you need SSH and Telnet - do this


Do need both. But will be investigating a change of ports and working out how to roll that out to the temrinals that use our server.


From a specific IP or from everywhere?




Hmmmm

1332 posts

Uber Geek
+1 received by user: 334


  Reply # 1468243 12-Jan-2016 09:55
Send private message

eftpos:
Sounddude: ssh bot

Fairly common once an open ssh port is detected. They will be trying username/passwords from known guessable password dictionary.

If you are running linux highly recommend using fail2ban


Also really not a good idea having telnet open to the world.



We use telnet however to do terminal diagnostics from various sites so too hard to isolate incoming IP's. Found it easier to have a near 18 character password and a ridiculous username.


Surely only allowing whitelist IP access would be beneficial, even if its a bit of a hassle to setup.



74 posts

Master Geek
+1 received by user: 16


  Reply # 1468248 12-Jan-2016 09:59
Send private message

Dairyxox:
eftpos:
Sounddude: ssh bot

Fairly common once an open ssh port is detected. They will be trying username/passwords from known guessable password dictionary.

If you are running linux highly recommend using fail2ban


Also really not a good idea having telnet open to the world.



We use telnet however to do terminal diagnostics from various sites so too hard to isolate incoming IP's. Found it easier to have a near 18 character password and a ridiculous username.


Surely only allowing whitelist IP access would be beneficial, even if its a bit of a hassle to setup.


I agree and it would be my option of choice however:

Mobile based terminals connecting to Voda and Spark - DHCP
Terminals get moved from one branch to another - Different external IP (we aren't always notified)


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

TCF and Telcos Toughen Up on Scam Callers
Posted 23-Apr-2018 09:39


Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38


Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55


How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08


How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15


iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13


Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11


111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50


Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41


Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29


Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22


Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18


Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47


Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25


New Zealand Adopts International Open Data Charter
Posted 3-Mar-2018 12:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.