Thread: Server being hacked?
View Single Post
  #1 (permalink)  
Old 10-07-2004, 09:38 PM
ThaMATRiX ThaMATRiX is offline
Registered User
  
Join Date: Feb 2004
Location: Chicago
Posts: 196
ThaMATRiX
Server being hacked?
Hi. In my LogWatch it shows this...

Quote:
--------------------- SSHD Begin ------------------------

Failed logins from these:
adm/password from ::ffff:211.248.38.252: 6 Time(s)
admin/password from ::ffff:218.3.161.2: 11 Time(s)
apache/password from ::ffff:211.248.38.252: 3 Time(s)
cosmin/password from ::ffff:211.248.38.252: 3 Time(s)
cyrus/password from ::ffff:211.248.38.252: 7 Time(s)
guest/password from ::ffff:218.3.161.2: 8 Time(s)
horde/password from ::ffff:211.248.38.252: 7 Time(s)
iceuser/password from ::ffff:211.248.38.252: 8 Time(s)
irc/password from ::ffff:211.248.38.252: 6 Time(s)
jane/password from ::ffff:211.248.38.252: 3 Time(s)
matt/password from ::ffff:211.248.38.252: 5 Time(s)
mysql/password from ::ffff:211.248.38.252: 4 Time(s)
nobody/password from ::ffff:211.248.38.252: 9 Time(s)
operator/password from ::ffff:211.248.38.252: 3 Time(s)
pamela/password from ::ffff:211.248.38.252: 3 Time(s)
patrick/password from ::ffff:211.248.38.252: 16 Time(s)
rolo/password from ::ffff:211.248.38.252: 8 Time(s)
root/password from ::ffff:211.248.38.252: 120 Time(s)
root/password from ::ffff:218.3.161.2: 11 Time(s)
test/password from ::ffff:211.248.38.252: 16 Time(s)
test/password from ::ffff:218.3.161.2: 11 Time(s)
user/password from ::ffff:218.3.161.2: 4 Time(s)
www-data/password from ::ffff:211.248.38.252: 4 Time(s)
www/password from ::ffff:211.248.38.252: 7 Time(s)
wwwrun/password from ::ffff:211.248.38.252: 6 Time(s)

Illegal users from these:
admin/none from ::ffff:218.3.161.2: 11 Time(s)
admin/password from ::ffff:218.3.161.2: 11 Time(s)
apache/none from ::ffff:211.248.38.252: 3 Time(s)
apache/password from ::ffff:211.248.38.252: 3 Time(s)
cosmin/none from ::ffff:211.248.38.252: 3 Time(s)
cosmin/password from ::ffff:211.248.38.252: 3 Time(s)
cyrus/none from ::ffff:211.248.38.252: 7 Time(s)
cyrus/password from ::ffff:211.248.38.252: 7 Time(s)
guest/none from ::ffff:218.3.161.2: 8 Time(s)
guest/password from ::ffff:218.3.161.2: 8 Time(s)
horde/none from ::ffff:211.248.38.252: 7 Time(s)
horde/password from ::ffff:211.248.38.252: 7 Time(s)
iceuser/none from ::ffff:211.248.38.252: 8 Time(s)
iceuser/password from ::ffff:211.248.38.252: 8 Time(s)
irc/none from ::ffff:211.248.38.252: 6 Time(s)
irc/password from ::ffff:211.248.38.252: 6 Time(s)
jane/none from ::ffff:211.248.38.252: 3 Time(s)
jane/password from ::ffff:211.248.38.252: 3 Time(s)
matt/none from ::ffff:211.248.38.252: 5 Time(s)
matt/password from ::ffff:211.248.38.252: 5 Time(s)
pamela/none from ::ffff:211.248.38.252: 3 Time(s)
pamela/password from ::ffff:211.248.38.252: 3 Time(s)
rolo/none from ::ffff:211.248.38.252: 8 Time(s)
rolo/password from ::ffff:211.248.38.252: 8 Time(s)
test/none from ::ffff:211.248.38.252: 16 Time(s)
test/none from ::ffff:218.3.161.2: 11 Time(s)
test/password from ::ffff:211.248.38.252: 16 Time(s)
test/password from ::ffff:218.3.161.2: 11 Time(s)
user/none from ::ffff:218.3.161.2: 4 Time(s)
user/password from ::ffff:218.3.161.2: 4 Time(s)
www-data/none from ::ffff:211.248.38.252: 4 Time(s)
www-data/password from ::ffff:211.248.38.252: 4 Time(s)
www/none from ::ffff:211.248.38.252: 7 Time(s)
www/password from ::ffff:211.248.38.252: 7 Time(s)
wwwrun/none from ::ffff:211.248.38.252: 6 Time(s)
wwwrun/password from ::ffff:211.248.38.252: 6 Time(s)


---------------------- SSHD End -------------------------
How can I block those ips from the box completely? Thanks.
__________________
Paul B
President/CEO
OneReseller.net Webhosting Services
Reply With Quote