Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user-es

From: Angel Cervera Claudio <angel@××××××××.com>
To: GentooUserEs <gentoo-user-es@l.g.o>
Subject: [gentoo-user-es] Intentos de acceso ssh
Date: Mon, 25 Jul 2005 16:30:07
Message-Id: 42E51381.7080602@acervera.com
1 Hola a todos.
2 Tengo un problemilla.
3 Todos los días recibo "ataques".
4 Es una tontería. Simplemente intentan logarse en mi máquina mediante ssh
5 con diferentes usuario.
6 Lógicamente no consiguen entrar, pero me gustaría se se puede bloquear
7 estas ips de forma automática durante un tiempo, para impedir que sigan
8 intentándolo.
9 Es decir:
10 Si desde la misma dirección ip se intenta acceder de varios usuarios
11 distintos y no lo consigue, bloquear esa ip durante un buen rato.
12
13 Tenía pensado, mediante iptables, restringir el acceso ssh sólo si
14 accedo desde mi máquina, pero como no tengo ip fija. :(
15
16 En el caso de poder hacer esto, cómo se llamaría la técnica. Lo digo
17 para buscar en el google.
18
19 Un saludi y gracias.
20
21 Os paso fragmentos del log:
22 ..............
23 Jul 19 03:06:03 [sshd] Invalid user lynx from 211.233.73.160
24 Jul 19 03:06:13 [sshd] Invalid user monkey from 211.233.73.160
25 Jul 19 03:06:22 [sshd] Invalid user lion from 211.233.73.160
26 Jul 19 03:06:30 [sshd] Invalid user heart from 211.233.73.160
27 Jul 19 03:06:39 [sshd] Invalid user michel from 211.233.73.160
28 Jul 19 03:06:48 [sshd] Invalid user alibaba from 211.233.73.160
29 Jul 19 03:06:56 [sshd] Invalid user bebe from 211.233.73.160
30 Jul 19 03:07:05 [sshd] Invalid user mp3 from 211.233.73.160
31 Jul 19 03:07:14 [sshd] Invalid user music from 211.233.73.160
32 Jul 19 03:07:23 [sshd] Invalid user spirit from 211.233.73.160
33 Jul 19 03:07:32 [sshd] Invalid user radu from 211.233.73.160
34 Jul 19 03:07:41 [sshd] Invalid user xxx from 211.233.73.160
35 Jul 19 03:07:50 [sshd] Invalid user sex from 211.233.73.160
36 Jul 19 03:07:59 [sshd] Invalid user lolita from 211.233.73.160
37 Jul 19 03:08:08 [sshd] Invalid user teen from 211.233.73.160
38 Jul 19 03:08:17 [sshd] Invalid user adult from 211.233.73.160
39 Jul 19 03:08:26 [sshd] Invalid user movie from 211.233.73.160
40 Jul 19 03:08:35 [sshd] Invalid user movies from 211.233.73.160
41 Jul 19 03:08:54 [sshd] Invalid user status from 211.233.73.160
42 Jul 19 03:09:04 [sshd] Invalid user iptables from 211.233.73.160
43 Jul 19 03:09:14 [sshd] Invalid user portal from 211.233.73.160
44 Jul 19 03:09:23 [sshd] Invalid user history from 211.233.73.160
45 Jul 19 03:09:32 [sshd] Invalid user dev from 211.233.73.160
46 Jul 19 03:09:40 [sshd] Invalid user egrep from 211.233.73.160
47 Jul 19 03:09:48 [sshd] Invalid user update from 211.233.73.160
48 Jul 19 07:53:08 [sshd] Invalid user test from 202.127.19.158
49 ..........
50 Jul 20 10:27:40 [sshd] Invalid user test from 213.61.160.9
51 - Last output repeated 25 times -
52 Jul 20 10:27:48 [sshd] Invalid user admin from 213.61.160.9
53 - Last output repeated 27 times -
54 Jul 20 10:27:57 [sshd] User guest not allowed because shell /dev/null is
55 not executable
56 - Last output repeated 20 times -
57 Jul 20 10:28:02 [sshd] Invalid user user from 213.61.160.9
58 - Last output repeated 22 times -
59 Jul 20 10:28:09 [sshd] Invalid user sales from 213.61.160.9
60 - Last output repeated 7 times -
61 Jul 20 10:28:14 [sshd] Invalid user webadmin from 213.61.160.9
62 - Last output repeated 8 times -
63 Jul 20 10:28:17 [sshd] Invalid user spam from 213.61.160.9
64 - Last output repeated 7 times -
65 Jul 20 10:28:20 [sshd] Invalid user virus from 213.61.160.9
66 - Last output repeated 7 times -
67 Jul 20 10:28:25 [sshd] Invalid user oracle from 213.61.160.9
68 - Last output repeated 7 times -
69 Jul 20 10:28:32 [sshd] Invalid user webmaster from 213.61.160.9
70 - Last output repeated 6 times -
71 Jul 20 10:28:42 [sshd] Invalid user linux from 213.61.160.9
72 - Last output repeated 2 times -
73 Jul 20 10:28:43 [sshd] Invalid user web from 213.61.160.9
74 - Last output repeated 3 times -
75 Jul 20 10:28:44 [sshd] Invalid user webmail from 213.61.160.9
76 - Last output repeated 5 times -
77 Jul 20 10:28:48 [sshd] Invalid user pgsql from 213.61.160.9
78 Jul 20 10:28:48 [sshd] Invalid user pqsql from 213.61.160.9
79 Jul 20 10:28:48 [sshd] Invalid user pgsql from 213.61.160.9
80 - Last output repeated 5 times -
81 Jul 20 10:28:52 [sshd] Invalid user info from 213.61.160.9
82 - Last output repeated 14 times -
83 Jul 20 10:28:56 [sshd] Invalid user library from 213.61.160.9
84 - Last output repeated 8 times -
85 ...............
86 Jul 23 23:32:37 [sshd] Invalid user jancsi from 218.188.14.243
87 Jul 23 23:32:39 [sshd] Invalid user jani from 218.188.14.243
88 Jul 23 23:32:42 [sshd] Invalid user janika from 218.188.14.243
89 Jul 23 23:32:44 [sshd] Invalid user janos from 218.188.14.243
90 Jul 23 23:32:47 [sshd] Invalid user jenci from 218.188.14.243
91 Jul 23 23:32:49 [sshd] Invalid user jeno from 218.188.14.243
92 Jul 23 23:32:52 [sshd] Invalid user johanna from 218.188.14.243
93 Jul 23 23:32:54 [sshd] Invalid user jolan from 218.188.14.243
94 Jul 23 23:32:57 [sshd] Invalid user jolanka from 218.188.14.243
95 Jul 23 23:32:59 [sshd] Invalid user levi from 218.188.14.243
96 Jul 23 23:33:02 [sshd] Invalid user levente from 218.188.14.243
97 Jul 23 23:33:04 [sshd] Invalid user isti from 218.188.14.243
98 Jul 23 23:33:07 [sshd] Invalid user pisti from 218.188.14.243
99 Jul 23 23:33:09 [sshd] Invalid user tibor from 218.188.14.243
100 Jul 23 23:33:12 [sshd] Invalid user karoly from 218.188.14.243
101 Jul 23 23:33:14 [sshd] Invalid user tibi from 218.188.14.243
102 Jul 23 23:33:17 [sshd] Invalid user norbi from 218.188.14.243
103 Jul 23 23:33:19 [sshd] Invalid user marta from 218.188.14.243
104 Jul 23 23:33:22 [sshd] Invalid user zoltan from 218.188.14.243
105 Jul 23 23:33:25 [sshd] Invalid user agape from 218.188.14.243
106 Jul 23 23:33:27 [sshd] Invalid user agapios from 218.188.14.243
107 Jul 23 23:33:30 [sshd] Invalid user agathe from 218.188.14.243
108 Jul 23 23:33:32 [sshd] Invalid user aglaia from 218.188.14.243
109 Jul 24 04:07:23 [sshd] Invalid user admin from 60.248.99.237
110 - Last output repeated 2 times -
111 Jul 24 04:07:32 [sshd] Invalid user ftpuser from 60.248.99.237
112 - Last output repeated 6 times -
113 Jul 24 04:07:54 [sshd] Invalid user mailtest from 60.248.99.237
114 - Last output repeated 5 times -
115 Jul 24 04:08:12 [sshd] Invalid user testuser from 60.248.99.237
116 - Last output repeated 5 times -
117 Jul 24 04:08:30 [sshd] Invalid user sales from 60.248.99.237
118 - Last output repeated 6 times -
119 Jul 24 04:09:53 [sshd] Invalid user student from 60.248.99.237
120 - Last output repeated 5 times -
121 Jul 24 04:10:12 [sshd] Invalid user service from 60.248.99.237
122 - Last output repeated 5 times -
123 ......
124 Y así hasta el infinito.
125
126
127
128
129 --
130 Ángel Cervera Claudio
131 Freelance / desarrollos j2ee
132 web: http://www.acervera.com
133 tlf: 670819234 / 916058546
134 email: angel@××××××××.com
135 msn: angelcervera@××××××××××.com
136 yahoo: angelcervera
137 aol: angelcervera
138 jabber: angelcervera en jabber.org
139
140 --
141 gentoo-user-es@g.o mailing list

Replies

Subject Author
Re: [gentoo-user-es] Intentos de acceso ssh "Fede Diaz (aka Nordri)" <fede3birras@×××××.es>
Re: [gentoo-user-es] Intentos de acceso ssh Linux Blues <LinuxBlues@×××××××××.org>
Report Message
Find on MARC Find on Google Groups