Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




72 posts

Master Geek
+1 received by user: 16


Topic # 190780 12-Jan-2016 08:35
Send private message

Just got into the office this morning and pages and pages and pages of log files.............some of the 'guessed' usernames are priceless though






View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 1468175 12-Jan-2016 08:43
Send private message

Can't read the user names



72 posts

Master Geek
+1 received by user: 16


  Reply # 1468191 12-Jan-2016 08:53
Send private message

image link

Click to see full size


 
 
 
 


I fix stuff!
1574 posts

Uber Geek
+1 received by user: 250

Trusted
Vocus
Subscriber

  Reply # 1468195 12-Jan-2016 09:01
4 people support this post
Send private message

ssh bot

Fairly common once an open ssh port is detected. They will be trying username/passwords from known guessable password dictionary.

If you are running linux highly recommend using fail2ban


Also really not a good idea having telnet open to the world.


125 posts

Master Geek
+1 received by user: 55


  Reply # 1468196 12-Jan-2016 09:01
One person supports this post
Send private message

Not so stupid guesses at your usernames. They successfully got the admin one.



72 posts

Master Geek
+1 received by user: 16


  Reply # 1468198 12-Jan-2016 09:04
Send private message

spearsniper: Not so stupid guesses at your usernames. They successfully got the admin one.


true, there are only two active usernames in any case.

142 posts

Master Geek
+1 received by user: 56

Subscriber

  Reply # 1468200 12-Jan-2016 09:05
Send private message

222.184.0.0 - 222.191.255.255 is assigned to CHINANET JIANGSU, 260 Zhongyang Road,Nanjing 210037, PRC.
Might be worth reporting to "abuse-mailbox: anti-spam@ns.chinanet.cn.net"



72 posts

Master Geek
+1 received by user: 16


  Reply # 1468201 12-Jan-2016 09:06
Send private message

Sounddude: ssh bot

Fairly common once an open ssh port is detected. They will be trying username/passwords from known guessable password dictionary.

If you are running linux highly recommend using fail2ban


Also really not a good idea having telnet open to the world.



We use telnet however to do terminal diagnostics from various sites so too hard to isolate incoming IP's. Found it easier to have a near 18 character password and a ridiculous username.

38 posts

Geek
+1 received by user: 7


  Reply # 1468214 12-Jan-2016 09:16
Send private message

Hi

Save your logs and report them. You can do a quick whois search using the IP address and get the necessary contact info you could also contact APNIC. The pic is a little blury i think the 2 IP addresses is see are

222.186.34.56 and 112.54.83.53 both trying to access your IP via Telnet and SSH. Do you have external access to both those services if you do and dont use them i would shut them down on your firewall. If you use them change the ports to something only you would know if you haven't done so already.



72 posts

Master Geek
+1 received by user: 16


  Reply # 1468216 12-Jan-2016 09:20
Send private message

Pehesis: Hi

Save your logs and report them. You can do a quick whois search using the IP address and get the necessary contact info you could also contact APNIC. The pic is a little blury i think the 2 IP addresses is see are

222.186.34.56 and 112.54.83.53 both trying to access your IP via Telnet and SSH. Do you have external access to both those services if you do and dont use them i would shut them down on your firewall. If you use them change the ports to something only you would know if you haven't done so already.


Been working through that this morning and extracting the details from the logs and sending them to our ISP.

Got a suggestion earlier to change the ports but means having to reprogram all the existing terminals and managed sites. May look at finding a way to implement that over the coming weeks.

19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 1468219 12-Jan-2016 09:23
Send private message

Use ssh keys

cisconz
1164 posts

Uber Geek
+1 received by user: 76

Trusted
Subscriber

  Reply # 1468224 12-Jan-2016 09:28
Send private message

Unless you need SSH and Telnet - do this





Hmmmm



72 posts

Master Geek
+1 received by user: 16


  Reply # 1468226 12-Jan-2016 09:30
Send private message

cisconz: Unless you need SSH and Telnet - do this





Do need both. But will be investigating a change of ports and working out how to roll that out to the temrinals that use our server.

cisconz
1164 posts

Uber Geek
+1 received by user: 76

Trusted
Subscriber

  Reply # 1468231 12-Jan-2016 09:35
Send private message

eftpos:
cisconz: Unless you need SSH and Telnet - do this


Do need both. But will be investigating a change of ports and working out how to roll that out to the temrinals that use our server.


From a specific IP or from everywhere?




Hmmmm

1293 posts

Uber Geek
+1 received by user: 317


  Reply # 1468243 12-Jan-2016 09:55
Send private message

eftpos:
Sounddude: ssh bot

Fairly common once an open ssh port is detected. They will be trying username/passwords from known guessable password dictionary.

If you are running linux highly recommend using fail2ban


Also really not a good idea having telnet open to the world.



We use telnet however to do terminal diagnostics from various sites so too hard to isolate incoming IP's. Found it easier to have a near 18 character password and a ridiculous username.


Surely only allowing whitelist IP access would be beneficial, even if its a bit of a hassle to setup.



72 posts

Master Geek
+1 received by user: 16


  Reply # 1468248 12-Jan-2016 09:59
Send private message

Dairyxox:
eftpos:
Sounddude: ssh bot

Fairly common once an open ssh port is detected. They will be trying username/passwords from known guessable password dictionary.

If you are running linux highly recommend using fail2ban


Also really not a good idea having telnet open to the world.



We use telnet however to do terminal diagnostics from various sites so too hard to isolate incoming IP's. Found it easier to have a near 18 character password and a ridiculous username.


Surely only allowing whitelist IP access would be beneficial, even if its a bit of a hassle to setup.


I agree and it would be my option of choice however:

Mobile based terminals connecting to Voda and Spark - DHCP
Terminals get moved from one branch to another - Different external IP (we aren't always notified)


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand's IT industry in 2018 and beyond
Posted 22-Jan-2018 12:50


Introducing your new workplace headache: Gen Z
Posted 22-Jan-2018 12:45


Jucy set to introduce electric campervan fleet
Posted 22-Jan-2018 12:41


Hawaiki cable system will be ready for service in June 2018
Posted 22-Jan-2018 12:32


New Zealand hits peak broadband data
Posted 18-Jan-2018 12:21


Amazon Echo devices coming to New Zealand early February 2018
Posted 18-Jan-2018 10:53


$3.74 million for new electric vehicles in New Zealand
Posted 17-Jan-2018 11:27


Nova 2i: Value, not excitement from Huawei
Posted 17-Jan-2018 09:02


Less news in Facebook News Feed revamp
Posted 15-Jan-2018 13:15


Australian Government contract awarded to Datacom Connect
Posted 11-Jan-2018 08:37


Why New Zealand needs a chief technology officer
Posted 6-Jan-2018 13:59


Amazon release Silk Browser and Firefox for Fire TV
Posted 21-Dec-2017 13:42


New Chief Technology Officer role created
Posted 19-Dec-2017 22:18


All I want for Christmas is a new EV
Posted 19-Dec-2017 19:54


How clever is this: AI will create 2.3 million jobs by 2020
Posted 19-Dec-2017 19:52



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.