The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Increased break in attempts

Discussion in 'General Discussion' started by Nico, Aug 10, 2004.

  1. Nico

    Nico Well-Known Member

    Joined:
    Dec 5, 2001
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Edmond, OK
    Over the past few days we've noticed and increase in illegal access attempts from users such as "guest", "admin", "test", and of course "root". All seem to be from 211.169.202.0/24. I'm hearing this from server owners in NOC's through out the USA and from a few private comanies that host their own site - they have the same usersnames trying to break in, but the IP ranges are different.

    Anyone else experiencing this?
     
  2. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Yep! Been seeing the exact same things. We've been seeing from quite a few different IP ranges though.
     
  3. foxboy

    foxboy Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    6
    yep me too, on various servers from various ranges.
     
  4. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Yep. Seeing it here, too.
     
  5. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    Looks like Korea;

    inetnum: 211.169.202.0 - 211.169.202.63
    netname: ETWO48658D-KR
    descr: Etwo
    descr: 165-14 simkok2-dong wonmi-gu buchun-si
    descr: KYONGGI
    descr: 420-012
    country: KR
    admin-c: KL574-AP
    tech-c: KL574-AP
    mnt-by: MAINT-KR-DACOM
    status: ASSIGNED NON-PORTABLE
    remarks: imported from KRNIC
    changed: hm-changed@apnic.net 20021023
    source: APNIC

    person: Kangyoung Lee
    address: Etwo
    address: 165-14 simkok2-dong wonmi-gu buchun-si
    address: KYONGGI
    address: 420-012
    country: KR
    phone: +82-18-312-3221
    e-mail: b0048658@users.bora.net
    nic-hdl: KL574-AP
    mnt-by: MAINT-KR-DACOM
    remarks: imported from KRNIC
    changed: hm-changed@apnic.net 20021022
    source: APNIC
     
  6. AlexF

    AlexF Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    16
    You can include me in this list. Receiving from the following countries:

    Korea
    China
    Vietnam
     
  7. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    The only good thing to come from this is in knowing security on the servers is at least working. :D
     
  8. Kaith Rustaz

    Kaith Rustaz Active Member

    Joined:
    Jun 5, 2002
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    I set my hosts.allow and hosts.deny to filter them out.
    Right now, my logs are full of nice "connection not allowed" comments. :)
     
  9. foxboy

    foxboy Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    6
    i just adore BFD in these situations
     
  10. bamasbest

    bamasbest Well-Known Member

    Joined:
    Jan 10, 2004
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    16
    Yeah, but every time my cellphone starts to vibrate, I jump 4 or 5 feet;)
     
  11. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Ha, ha. :D
     
  12. andyorourke

    andyorourke Member

    Joined:
    Dec 17, 2003
    Messages:
    23
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    I noticed lots from Brazil & Austria

    USA
    65.182.141.120
    iMedia Networks Inc

    Korea
    211.234.100.105
    KRNIC is not a ISP but a National Internet Registry similar to APNIC.
    The followings are information of the organization that is using the IPv4 address.

    IPv4 Address : 211.234.100.0-211.234.100.255

    Once again, Nice to see that people are trying to get in, does it report if people actually get in??
     
  13. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    I'm also experiencing this :(
     
  14. icanectc

    icanectc Well-Known Member

    Joined:
    Mar 10, 2003
    Messages:
    344
    Likes Received:
    0
    Trophy Points:
    16
    You can include me in this as well. From a wide range of IP's although the last attempt was probably a few days ago..
     
Loading...

Share This Page