Skip past introduction.

WolfBlog

Reflections from a Swede in Norway.

Here you will find my small graffiti board where I write about things I come to think about.

In my blog, I write about the general unfairness of life, about spam mail, vintage computers, board games, Norwegians, current and not-so-current affairs, technology and whatever else occurs to me — in other words, a glorious mess. All opinion expressed here are of course my own, and all similarities with any living people is of course intentional.

These pages are using automatic language selection, if you prefer to read in Swedish, please use this page instead. See the help for info on how to make your web browser select the correct language automatically. A monthly overview is also available.

All text and pictures © copyright Peter Krefting, unless otherwise noted. More about the author.

Script kiddies

Published: Sunday 2005-10-02.

Script kiddies trying to take over my machine by guessing user names and passwords. Wonderful.

Oct  2 15:43:05 tuli sshd[5032]: Failed password for root from 210.183.235.146 port 34861 ssh2
Oct  2 15:43:07 tuli sshd[5034]: Failed password for root from 210.183.235.146 port 34952 ssh2
Oct  2 15:43:10 tuli sshd[5036]: Failed password for root from 210.183.235.146 port 35042 ssh2
Oct  2 15:43:13 tuli sshd[5038]: Failed password for root from 210.183.235.146 port 35134 ssh2
Oct  2 15:43:16 tuli sshd[5040]: Illegal user danny from 210.183.235.146
Oct  2 15:43:16 tuli sshd[5040]: error: Could not get shadow information for NOUSER
Oct  2 21:08:25 tuli sshd[17561]: Illegal user carl from 213.132.42.34
Oct  2 21:08:25 tuli sshd[17561]: error: Could not get shadow information for NOUSER
Oct  2 21:08:25 tuli sshd[17561]: Failed password for illegal user carl from 213.132.42.34 port 16794 ssh2
Oct  2 21:08:28 tuli sshd[17564]: Illegal user carlos from 213.132.42.34
Oct  2 21:08:28 tuli sshd[17564]: error: Could not get shadow information for NOUSER
Oct  2 21:08:28 tuli sshd[17564]: Failed password for illegal user carlos from 213.132.42.34 port 16742 ssh2
Oct  2 21:08:31 tuli sshd[17566]: Illegal user carol from 213.132.42.34
Oct  2 21:08:31 tuli sshd[17566]: error: Could not get shadow information for NOUSER
Oct  2 21:08:31 tuli sshd[17566]: Failed password for illegal user carol from 213.132.42.34 port 3217 ssh2
Oct  2 21:08:34 tuli sshd[17568]: Illegal user carolyn from 213.132.42.34
Oct  2 21:08:34 tuli sshd[17568]: error: Could not get shadow information for NOUSER
Oct  2 21:08:34 tuli sshd[17568]: Failed password for illegal user carolyn from 213.132.42.34 port 5041 ssh2

This entry is referenced in: First the one, then the other.

Categories: Internet. Share: Facebook, Google+, email

Comments

The article is older than a fortnight and has been closed for new comments.

Disclaimer: The comments are copyrighted by their respective authors. The web site owner takes no responsibility for the contents of the comments. Improper comments will be deleted.

  • Datum: 2005-10-03 18.28.36 CEST
  • Namn: Anders Carlsson
  • Sänt från: ******************.2.cust.bredband2.com

Hm, det ser ut som någon provar ett lösenord till alla möjliga användarnamn. Skulle jag försöka hacka mig in, skulle jag nog snarare prova ett användarnamn till alla möjliga lösenord. Eller så är det bara någon som leker och vill visa hur coolt det är med ett inloggningssystem där man kan skriva vilket användarnamn som helst och få ett svar tillbaks, om det så är "Access denied".

  • Datum: 2005-10-03 22.12.59 CEST
  • Namn: Peter Karlsson
  • Sänt från: ************.customer.alfanett.no

Det var bara ett inloggningsförsök per användarnamn i den sista omgången, så jag vet inte riktigt hur de hade tänkt att det skulle lyckas.

Panikåtgärden var att slå av ssh. Nu har jag ställt in det på att kräva nyckel för inloggning, de är lite svårare att gissa än lösenord.

  • Datum: 2005-10-04 19.39.52 CEST
  • Namn: Anders Carlsson
  • Sänt från: ******************.2.cust.bredband2.com

Vederbörande kanske har sett för många filmer där det finns en välkänd bakdörr in i alla system, bara man vet vilket användarnamn man ska använda. Typ WarGames och sånt.

  • Date: 2005-10-15 04.25.20 CEST
  • Name: Gary Hunter
  • Posted from: *************.dhcp.klmz.mi.charter.com

Interesting enough 213.132.42.34 is from the United Arab Emirates. They've been after my computer too. I wrote the network owner Technomight.com about it. I am sure they won't get back to me.

| | Latest postings | This month | All months and categories

This page is best read on the Internet.

peter@softwolves.pp.se