digitalFAQ.com Forum

digitalFAQ.com Forum (https://www.digitalfaq.com/forum/)
-   Website and Server Troubleshooting (https://www.digitalfaq.com/forum/web-tech/)
-   -   Most SSH hacking attempts from China, Russia, Korea (CSF logs sample) (https://www.digitalfaq.com/forum/web-tech/3952-ssh-hacking-attempts.html)

kpmedia 02-16-2012 11:54 PM

Most SSH hacking attempts from China, Russia, Korea (CSF logs sample)
 
Although it's true that most spam originates from US servers, I often think it comes from non-USA origins. Just because the USA server "sends" the mail, it doesn't mean that the person sending it isn't from outside the USA -- often having exploited weak passwords. For example, consider failed attempts to login to POP3 and SSH from one of my cPanel VPS servers:

Code:

79.172.14.99 # lfd: (sshd) Failed SSH login from 79.172.14.99 (RU/Russian Federation/lukashin.convex.ru): 5 in the last 300 secs - Tue Jan 24 08:52:42 2012
184.107.179.242 # lfd: (sshd) Failed SSH login from 184.107.179.242 (CA/Canada/-): 5 in the last 300 secs - Tue Jan 24 18:58:20 2012
211.144.37.41 # lfd: (sshd) Failed SSH login from 211.144.37.41 (CN/China/-): 5 in the last 300 secs - Tue Jan 24 21:14:26 2012
83.239.117.218 # lfd: (sshd) Failed SSH login from 83.239.117.218 (RU/Russian Federation/-): 5 in the last 300 secs - Tue Jan 24 21:16:19 2012
180.153.127.28 # lfd: (sshd) Failed SSH login from 180.153.127.28 (CN/China/-): 5 in the last 300 secs - Wed Jan 25 01:25:05 2012
218.87.20.108 # lfd: (sshd) Failed SSH login from 218.87.20.108 (CN/China/-): 5 in the last 300 secs - Wed Jan 25 13:30:14 2012
213.143.251.33 # lfd: (sshd) Failed SSH login from 213.143.251.33 (TR/Turkey/appsrv.seriltd.com.tr): 5 in the last 300 secs - Wed Jan 25 13:59:56 2012
184.22.213.155 # lfd: (sshd) Failed SSH login from 184.22.213.155 (US/United States/184-22-213-155.static.hostnoc.net): 5 in the last 300 secs - Wed Jan 25 14:07:44 2012
188.95.53.35 # lfd: (sshd) Failed SSH login from 188.95.53.35 (NL/Netherlands/-): 5 in the last 300 secs - Wed Jan 25 18:48:08 2012
180.153.149.87 # lfd: (sshd) Failed SSH login from 180.153.149.87 (CN/China/-): 5 in the last 300 secs - Thu Jan 26 04:53:25 2012
210.75.18.38 # lfd: (sshd) Failed SSH login from 210.75.18.38 (CN/China/-): 5 in the last 300 secs - Thu Jan 26 05:40:17 2012
125.140.102.102 # lfd: (sshd) Failed SSH login from 125.140.102.102 (KR/Korea, Republic of/-): 5 in the last 300 secs - Thu Jan 26 14:30:17 2012
211.106.178.186 # lfd: (sshd) Failed SSH login from 211.106.178.186 (KR/Korea, Republic of/-): 5 in the last 300 secs - Thu Jan 26 18:13:14 2012
218.246.83.1 # lfd: (sshd) Failed SSH login from 218.246.83.1 (CN/China/-): 5 in the last 300 secs - Thu Jan 26 19:25:27 2012
221.239.81.4 # lfd: (sshd) Failed SSH login from 221.239.81.4 (CN/China/-): 5 in the last 300 secs - Fri Jan 27 10:19:37 2012
216.230.144.226 # lfd: (sshd) Failed SSH login from 216.230.144.226 (GT/Guatemala/226.144.230.216.static.intelnet.net.gt): 5 in the last 300 secs - Fri Jan 27 18:17:24 2012
211.103.188.92 # lfd: (sshd) Failed SSH login from 211.103.188.92 (CN/China/-): 5 in the last 300 secs - Sat Jan 28 15:04:42 2012
91.205.189.15 # lfd: (sshd) Failed SSH login from 91.205.189.15 (RU/Russian Federation/subscribe.arttour.ru): 5 in the last 300 secs - Sun Jan 29 04:19:13 2012
222.122.9.21 # lfd: (sshd) Failed SSH login from 222.122.9.21 (KR/Korea, Republic of/-): 5 in the last 300 secs - Sun Jan 29 10:32:48 2012
219.140.181.19 # lfd: (sshd) Failed SSH login from 219.140.181.19 (CN/China/-): 5 in the last 300 secs - Sun Jan 29 11:02:31 2012
220.172.191.31 # lfd: (sshd) Failed SSH login from 220.172.191.31 (CN/China/-): 5 in the last 300 secs - Sun Jan 29 22:32:22 2012
194.213.25.149 # lfd: (sshd) Failed SSH login from 194.213.25.149 (RU/Russian Federation/-): 5 in the last 300 secs - Sun Jan 29 23:14:59 2012
89.135.190.133 # lfd: (sshd) Failed SSH login from 89.135.190.133 (HU/Hungary/mx.babilon.hu): 5 in the last 300 secs - Mon Jan 30 07:04:58 2012
188.132.235.20 # lfd: (sshd) Failed SSH login from 188.132.235.20 (TR/Turkey/datacenter-20-235-132-188.sunucu.com.tr): 5 in the last 300 secs - Mon Jan 30 11:51:00 2012
75.112.151.29 # lfd: (sshd) Failed SSH login from 75.112.151.29 (US/United States/75-112-151-29.net.bhntampa.com): 5 in the last 300 secs - Mon Jan 30 13:39:51 2012
60.29.82.125 # lfd: (sshd) Failed SSH login from 60.29.82.125 (CN/China/-): 5 in the last 300 secs - Mon Jan 30 13:52:49 2012
200.216.162.113 # lfd: (sshd) Failed SSH login from 200.216.162.113 (BR/Brazil/-): 5 in the last 300 secs - Mon Jan 30 18:03:25 2012
121.10.140.215 # lfd: (sshd) Failed SSH login from 121.10.140.215 (CN/China/-): 5 in the last 300 secs - Mon Jan 30 18:55:05 2012
24.234.76.34 # lfd: (sshd) Failed SSH login from 24.234.76.34 (US/United States/wsip-24-234-76-34.lv.lv.cox.net): 5 in the last 300 secs - Mon Jan 30 22:34:03 2012
110.80.33.163 # lfd: (pop3d) Failed POP3 login from 110.80.33.163 (CN/China/-): 10 in the last 300 secs - Tue Jan 31 07:33:54 2012
94.185.80.194 # lfd: (sshd) Failed SSH login from 94.185.80.194 (SE/Sweden/-): 5 in the last 300 secs - Tue Jan 31 20:09:11 2012
61.133.63.205 # lfd: (sshd) Failed SSH login from 61.133.63.205 (CN/China/-): 5 in the last 300 secs - Tue Jan 31 21:31:49 2012
212.97.200.49 # lfd: (sshd) Failed SSH login from 212.97.200.49 (DK/Denmark/-): 5 in the last 300 secs - Tue Jan 31 21:55:11 2012
117.34.88.152 # lfd: (sshd) Failed SSH login from 117.34.88.152 (CN/China/-): 5 in the last 300 secs - Wed Feb  1 04:43:40 2012
202.131.123.194 # lfd: (pop3d) Failed POP3 login from 202.131.123.194 (IN/India/-): 10 in the last 300 secs - Wed Feb  1 23:35:39 2012
61.253.249.157 # lfd: (sshd) Failed SSH login from 61.253.249.157 (KR/Korea, Republic of/-): 5 in the last 300 secs - Thu Feb  2 01:50:32 2012
221.7.11.11 # lfd: (pop3d) Failed POP3 login from 221.7.11.11 (CN/China/-): 10 in the last 300 secs - Thu Feb  2 02:38:50 2012
77.79.217.26 # lfd: (sshd) Failed SSH login from 77.79.217.26 (PL/Poland/puma.migutmedia.pl): 5 in the last 300 secs - Thu Feb  2 17:49:56 2012
222.127.10.225 # lfd: (sshd) Failed SSH login from 222.127.10.225 (PH/Philippines/-): 5 in the last 300 secs - Fri Feb  3 08:38:37 2012
60.171.214.30 # lfd: (sshd) Failed SSH login from 60.171.214.30 (CN/China/-): 5 in the last 300 secs - Fri Feb  3 09:38:37 2012
202.103.30.24 # lfd: (sshd) Failed SSH login from 202.103.30.24 (CN/China/-): 5 in the last 300 secs - Fri Feb  3 15:06:10 2012
193.218.17.60 # lfd: (smtpauth) Failed SMTP AUTH login from 193.218.17.60 (DE/Germany/das-solarmodul.de): 5 in the last 300 secs - Fri Feb  3 16:10:11 2012
75.145.208.141 # lfd: (pop3d) Failed POP3 login from 75.145.208.141 (US/United States/75-145-208-141-Memphis.hfc.comcastbusiness.net): 10 in the last 300 secs - Sat Feb  4 08:14:08 2012
24.196.97.234 # lfd: (pop3d) Failed POP3 login from 24.196.97.234 (US/United States/24-196-97-234.static.mdsn.wi.charter.com): 10 in the last 300 secs - Sat Feb  4 09:36:43 2012
95.211.137.144 # lfd: (sshd) Failed SSH login from 95.211.137.144 (NL/Netherlands/-): 5 in the last 300 secs - Sat Feb  4 16:18:03 2012
79.48.17.11 # lfd: (sshd) Failed SSH login from 79.48.17.11 (IT/Italy/host11-17-static.48-79-b.business.telecomitalia.it): 5 in the last 300 secs - Sat Feb  4 17:33:14 2012
61.175.253.59 # lfd: (sshd) Failed SSH login from 61.175.253.59 (CN/China/-): 5 in the last 300 secs - Sat Feb  4 18:48:18 2012
78.134.92.152 # lfd: (sshd) Failed SSH login from 78.134.92.152 (IT/Italy/78-134-92-152.dynamic.eolo.it): 5 in the last 300 secs - Sun Feb  5 01:59:16 2012
219.140.165.85 # lfd: (sshd) Failed SSH login from 219.140.165.85 (CN/China/-): 5 in the last 300 secs - Sun Feb  5 13:25:17 2012
87.97.114.251 # lfd: (sshd) Failed SSH login from 87.97.114.251 (HU/Hungary/87-97-114-251.pool.invitel.hu): 5 in the last 300 secs - Sun Feb  5 14:59:38 2012
59.120.142.74 # lfd: (pop3d) Failed POP3 login from 59.120.142.74 (TW/Taiwan/59-120-142-74.HINET-IP.hinet.net): 10 in the last 300 secs - Sun Feb  5 16:28:40 2012
124.205.9.1 # lfd: (sshd) Failed SSH login from 124.205.9.1 (CN/China/-): 5 in the last 300 secs - Sun Feb  5 16:38:59 2012
77.221.211.130 # lfd: (pop3d) Failed POP3 login from 77.221.211.130 (RU/Russian Federation/zeonweb.ru): 10 in the last 300 secs - Sun Feb  5 19:20:07 2012
61.183.52.19 # lfd: (sshd) Failed SSH login from 61.183.52.19 (CN/China/-): 5 in the last 300 secs - Mon Feb  6 00:37:06 2012
216.214.105.148 # lfd: (pop3d) Failed POP3 login from 216.214.105.148 (US/United States/static-216-214-105-148.isp.broadviewnet.net): 10 in the last 300 secs - Mon Feb  6 01:49:17 2012
187.104.48.68 # lfd: (sshd) Failed SSH login from 187.104.48.68 (BR/Brazil/bb683044.virtua.com.br): 5 in the last 300 secs - Mon Feb  6 10:42:28 2012
50.30.33.90 # lfd: (sshd) Failed SSH login from 50.30.33.90 (US/United States/uspro714.startdedicated.com): 5 in the last 300 secs - Mon Feb  6 13:26:34 2012
122.224.103.228 # lfd: (sshd) Failed SSH login from 122.224.103.228 (CN/China/-): 5 in the last 300 secs - Mon Feb  6 15:44:41 2012
212.5.48.25 # lfd: (sshd) Failed SSH login from 212.5.48.25 (BG/Bulgaria/ip-48-25.sofia-connect.net): 5 in the last 300 secs - Mon Feb  6 19:12:30 2012
75.112.151.19 # lfd: (sshd) Failed SSH login from 75.112.151.19 (US/United States/75-112-151-19.net.bhntampa.com): 5 in the last 300 secs - Mon Feb  6 19:49:16 2012
58.59.177.150 # lfd: (sshd) Failed SSH login from 58.59.177.150 (CN/China/-): 5 in the last 300 secs - Tue Feb  7 10:37:23 2012
61.164.40.250 # lfd: (sshd) Failed SSH login from 61.164.40.250 (CN/China/-): 5 in the last 300 secs - Tue Feb  7 20:16:46 2012
83.133.126.188 # lfd: (sshd) Failed SSH login from 83.133.126.188 (DE/Germany/t2537.greatnet.de): 5 in the last 300 secs - Tue Feb  7 20:57:39 2012
46.61.162.234 # lfd: (sshd) Failed SSH login from 46.61.162.234 (RU/Russian Federation/-): 5 in the last 300 secs - Wed Feb  8 01:36:01 2012
219.140.173.216 # lfd: (sshd) Failed SSH login from 219.140.173.216 (CN/China/-): 5 in the last 300 secs - Wed Feb  8 03:10:51 2012
122.141.244.72 # lfd: (sshd) Failed SSH login from 122.141.244.72 (CN/China/72.243.141.122.adsl-pool.jlccptt.net.cn): 5 in the last 300 secs - Wed Feb  8 03:55:26 2012
211.157.105.80 # lfd: (sshd) Failed SSH login from 211.157.105.80 (CN/China/-): 5 in the last 300 secs - Wed Feb  8 04:14:08 2012
210.212.172.181 # lfd: (sshd) Failed SSH login from 210.212.172.181 (IN/India/-): 5 in the last 300 secs - Wed Feb  8 09:17:36 2012
80.237.210.87 # lfd: (sshd) Failed SSH login from 80.237.210.87 (DE/Germany/www.playformusic.com): 5 in the last 300 secs - Wed Feb  8 11:53:26 2012
88.190.225.213 # lfd: (sshd) Failed SSH login from 88.190.225.213 (FR/France/88-190-225-213.rev.dedibox.fr): 5 in the last 300 secs - Thu Feb  9 08:33:00 2012
78.108.92.170 # lfd: (sshd) Failed SSH login from 78.108.92.170 (RU/Russian Federation/-): 5 in the last 300 secs - Thu Feb  9 20:58:57 2012
82.7.165.5 # lfd: (pop3d) Failed POP3 login from 82.7.165.5 (GB/United Kingdom/cpc1-bedf3-2-0-cust260.9-1.cable.virginmedia.com): 10 in the last 300 secs - Thu Feb  9 22:12:54 2012
190.202.116.66 # lfd: (sshd) Failed SSH login from 190.202.116.66 (VE/Venezuela/-): 5 in the last 300 secs - Fri Feb 10 18:51:48 2012
78.129.227.211 # lfd: (sshd) Failed SSH login from 78.129.227.211 (GB/United Kingdom/vandef7r.easydservers.com): 5 in the last 300 secs - Fri Feb 10 19:15:34 2012
89.207.132.121 # lfd: (sshd) Failed SSH login from 89.207.132.121 (NL/Netherlands/hosted-by.hostslim.nl): 5 in the last 300 secs - Sat Feb 11 10:21:29 2012
59.124.54.102 # lfd: (sshd) Failed SSH login from 59.124.54.102 (TW/Taiwan/59-124-54-102.HINET-IP.hinet.net): 5 in the last 300 secs - Sat Feb 11 17:06:47 2012
61.154.126.72 # lfd: (sshd) Failed SSH login from 61.154.126.72 (CN/China/-): 5 in the last 300 secs - Sat Feb 11 19:15:52 2012
61.145.116.154 # lfd: (sshd) Failed SSH login from 61.145.116.154 (CN/China/-): 5 in the last 300 secs - Sat Feb 11 23:04:20 2012
41.86.49.32 # lfd: (sshd) Failed SSH login from 41.86.49.32 (SC/Seychelles/-): 5 in the last 300 secs - Sun Feb 12 00:26:51 2012
202.202.111.190 # lfd: (sshd) Failed SSH login from 202.202.111.190 (CN/China/-): 5 in the last 300 secs - Sun Feb 12 04:17:15 2012
118.186.209.227 # lfd: (sshd) Failed SSH login from 118.186.209.227 (CN/China/-): 5 in the last 300 secs - Sun Feb 12 11:23:11 2012
222.161.137.80 # lfd: (sshd) Failed SSH login from 222.161.137.80 (CN/China/80.137.161.222.adsl-pool.jlccptt.net.cn): 5 in the last 300 secs - Sun Feb 12 12:59:01 2012
213.243.116.99 # lfd: (sshd) Failed SSH login from 213.243.116.99 (RU/Russian Federation/host-99-116-243-213.rusmedia.ru): 5 in the last 300 secs - Sun Feb 12 13:56:08 2012
218.15.221.82 # lfd: (sshd) Failed SSH login from 218.15.221.82 (CN/China/-): 5 in the last 300 secs - Mon Feb 13 00:15:08 2012
222.35.59.112 # lfd: (sshd) Failed SSH login from 222.35.59.112 (CN/China/-): 5 in the last 300 secs - Mon Feb 13 02:46:13 2012
208.69.124.55 # lfd: (sshd) Failed SSH login from 208.69.124.55 (US/United States/ubudesigner.com): 5 in the last 300 secs - Mon Feb 13 06:36:16 2012
117.243.250.249 # lfd: (sshd) Failed SSH login from 117.243.250.249 (IN/India/-): 5 in the last 300 secs - Mon Feb 13 12:22:53 2012
88.190.226.234 # lfd: (sshd) Failed SSH login from 88.190.226.234 (FR/France/88-190-226-234.rev.dedibox.fr): 5 in the last 300 secs - Mon Feb 13 21:55:57 2012
63.139.177.217 # lfd: (sshd) Failed SSH login from 63.139.177.217 (US/United States/-): 5 in the last 300 secs - Tue Feb 14 06:54:47 2012
116.229.239.189 # lfd: (sshd) Failed SSH login from 116.229.239.189 (CN/China/-): 5 in the last 300 secs - Tue Feb 14 08:07:35 2012
81.24.84.202 # lfd: (sshd) Failed SSH login from 81.24.84.202 (RU/Russian Federation/-): 5 in the last 300 secs - Tue Feb 14 14:52:31 2012
91.221.67.149 # lfd: (sshd) Failed SSH login from 91.221.67.149 (FI/Finland/host-91-221-67-149.creanova.org): 5 in the last 300 secs - Tue Feb 14 15:19:29 2012
91.205.189.27 # lfd: (sshd) Failed SSH login from 91.205.189.27 (RU/Russian Federation/mailer.arttour.ru): 5 in the last 300 secs - Tue Feb 14 22:13:08 2012
213.179.230.146 # lfd: (sshd) Failed SSH login from 213.179.230.146 (UA/Ukraine/-): 5 in the last 300 secs - Wed Feb 15 01:44:47 2012
66.85.156.66 # lfd: (sshd) Failed SSH login from 66.85.156.66 (US/United States/-): 5 in the last 300 secs - Wed Feb 15 02:01:01 2012
121.9.64.78 # lfd: (sshd) Failed SSH login from 121.9.64.78 (CN/China/-): 5 in the last 300 secs - Wed Feb 15 02:38:11 2012
221.239.8.178 # lfd: (sshd) Failed SSH login from 221.239.8.178 (CN/China/-): 5 in the last 300 secs - Thu Feb 16 03:51:59 2012
219.144.245.34 # lfd: (sshd) Failed SSH login from 219.144.245.34 (CN/China/-): 5 in the last 300 secs - Thu Feb 16 05:23:05 2012
210.14.80.194 # lfd: (sshd) Failed SSH login from 210.14.80.194 (CN/China/-): 5 in the last 300 secs - Thu Feb 16 17:10:30 2012
201.116.123.125 # lfd: (sshd) Failed SSH login from 201.116.123.125 (MX/Mexico/static.customer-201-116-123-125.uninet-ide.com.mx): 5 in the last 300 secs - Fri Feb 17 02:57:59 2012

Just my random thought of the day. :2cents:


All times are GMT -5. The time now is 03:59 PM

Site design, images and content © 2002-2024 The Digital FAQ, www.digitalFAQ.com
Forum Software by vBulletin · Copyright © 2024 Jelsoft Enterprises Ltd.