Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
NeonNero
 Post subject: Hacked Linode customer?
PostPosted: Thu Sep 24, 2009 10:01 am 
Offline
Senior Member
User avatar

Joined: Tue Jan 04, 2005 7:32 am
Posts: 277
Website: http://www.betadome.com/
Location: Ă…lesund, Norway
Skype: neonnero
Twitter: neonnero
I manage a Linode for someone else, and based on a finding in one of the daily logwatch reports, I noticed the following in auth.log:

Code:
Sep 22 12:09:53 localhost sshd[27408]: Invalid user globus from 97.107.135.77
Sep 22 12:09:53 localhost sshd[27408]: (pam_unix) check pass; user unknown
Sep 22 12:09:53 localhost sshd[27408]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=li65-77.members.linode.com
Sep 22 12:09:55 localhost sshd[27408]: Failed password for invalid user globus from 97.107.135.77 port 59198 ssh2
Sep 22 12:11:21 localhost sshd[27410]: Invalid user cadi from 97.107.135.77
Sep 22 12:11:21 localhost sshd[27410]: (pam_unix) check pass; user unknown
Sep 22 12:11:21 localhost sshd[27410]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=li65-77.members.linode.com
Sep 22 12:11:22 localhost sshd[27410]: Failed password for invalid user cadi from 97.107.135.77 port 44401 ssh2
Sep 22 12:11:22 localhost sshd[27412]: Invalid user cady from 97.107.135.77
Sep 22 12:11:22 localhost sshd[27412]: (pam_unix) check pass; user unknown
Sep 22 12:11:23 localhost sshd[27412]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=li65-77.members.linode.com
Sep 22 12:11:25 localhost sshd[27412]: Failed password for invalid user cady from 97.107.135.77 port 45549 ssh2

To the person who has that IP address: Please check your system for trojans, hackers, etc.
Top
   
Reply with quote  
Guspaz
 Post subject:
PostPosted: Thu Sep 24, 2009 11:06 am 
Offline
Senior Member
User avatar

Joined: Tue May 26, 2009 3:29 pm
Posts: 1691
Location: Montreal, QC
It's highly unlikely that that person will see your post. You should report it to Linode themselves so that they can contact the affected customer and take appropriate action. If you have access to the Linode control panel, you can open a trouble ticket. If not, you can contact service@linode.com (I can't find an abuse address, but you might try abuse@linode.com too).
Top
   
Reply with quote  
mwalling
 Post subject:
PostPosted: Thu Sep 24, 2009 11:10 am 
Offline
Senior Member
User avatar

Joined: Mon Dec 10, 2007 4:30 pm
Posts: 341
Website: http://markwalling.org
Code:
mwalling@youtoo:~$ whois 97.107.135.77 | grep abuse
RAbuseEmail:  abuse@linode.com
OrgAbuseEmail:  abuse@linode.com
Top
   
Reply with quote  
unixfool
 Post subject:
PostPosted: Thu Sep 24, 2009 11:14 am 
Offline
Senior Member

Joined: Thu Apr 08, 2004 3:24 pm
Posts: 92
ICQ: 3765104
Website: http://www.unixfool.com
Yahoo Messenger: wigglit2001@yahoo.com
Location: VA
mwalling wrote:
Code:
mwalling@youtoo:~$ whois 97.107.135.77 | grep abuse
RAbuseEmail:  abuse@linode.com
OrgAbuseEmail:  abuse@linode.com


I was close to mentioning that but I thought it was a bit obvious. :)
Top
   
Reply with quote  
redbook
 Post subject: Hacked Linode customer?
PostPosted: Fri Oct 02, 2009 7:25 am 
Offline

Joined: Fri Oct 02, 2009 7:20 am
Posts: 1
Have a look at fail2ban - scans log for auth failures and automatically blocks the IP address either via iptables or denyhosts.
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: No registered users and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group