Invasao [RESOLVIDO]

1. Invasao [RESOLVIDO]

rumbler
(usa Slackware)

Enviado em 07/05/2012 - 21:19h

Ola amigos do vol! hoje me surgiu uma duvida,pesquisei mas não encontrei.
Esta tendo tentativas de invasão em um dos meu servidores(sem sucesso).
Como proceder uma denuncia a as autoridades?

Desde já agradeço!!

Aqui tem um pedaço do log!

May 7 06:02:59 fg sshd[4496]: Failed password for invalid user emilie from 211.152.50.53 port 55519 ssh2
May 7 06:03:02 fg sshd[4499]: Invalid user emilie from 211.152.50.53
May 7 06:03:03 fg sshd[4499]: Failed password for invalid user emilie from 211.152.50.53 port 56301 ssh2
May 7 06:03:06 fg sshd[4502]: Invalid user emilie from 211.152.50.53
May 7 06:03:06 fg sshd[4502]: Failed password for invalid user emilie from 211.152.50.53 port 57094 ssh2
May 7 06:03:10 fg sshd[4504]: Invalid user emilie from 211.152.50.53
May 7 06:03:10 fg sshd[4504]: Failed password for invalid user emilie from 211.152.50.53 port 57899 ssh2
May 7 06:03:13 fg sshd[4507]: Invalid user emilie from 211.152.50.53
May 7 06:03:13 fg sshd[4507]: Failed password for invalid user emilie from 211.152.50.53 port 58690 ssh2
May 7 06:03:17 fg sshd[4510]: Invalid user emilie from 211.152.50.53
May 7 06:03:17 fg sshd[4510]: Failed password for invalid user emilie from 211.152.50.53 port 59476 ssh2
May 7 06:03:21 fg sshd[4513]: Invalid user emilie from 211.152.50.53
May 7 06:03:21 fg sshd[4513]: Failed password for invalid user emilie from 211.152.50.53 port 60251 ssh2
May 7 06:03:24 fg sshd[4515]: Invalid user emilie from 211.152.50.53
May 7 06:03:25 fg sshd[4515]: Failed password for invalid user emilie from 211.152.50.53 port 32922 ssh2
May 7 06:03:28 fg sshd[4518]: Invalid user emilie from 211.152.50.53
May 7 06:03:28 fg sshd[4518]: Failed password for invalid user emilie from 211.152.50.53 port 33749 ssh2
May 7 06:03:32 fg sshd[4521]: Invalid user emilie from 211.152.50.53
May 7 06:03:32 fg sshd[4521]: Failed password for invalid user emilie from 211.152.50.53 port 34531 ssh2
May 7 06:03:35 fg sshd[4524]: Invalid user emmanuelle from 211.152.50.53
May 7 06:03:36 fg sshd[4524]: Failed none for invalid user emmanuelle from 211.152.50.53 port 35344 ssh2
May 7 06:03:39 fg sshd[4526]: Invalid user from 211.152.50.53
May 7 06:03:39 fg sshd[4526]: Failed none for invalid user from 211.152.50.53 port 36163 ssh2
May 7 06:03:43 fg sshd[4529]: Invalid user from 211.152.50.53
May 7 06:03:43 fg sshd[4529]: Failed none for invalid user from 211.152.50.53 port 37072 ssh2
May 7 06:03:46 fg sshd[4532]: Invalid user from 211.152.50.53
May 7 06:03:47 fg sshd[4532]: Failed none for invalid user from 211.152.50.53 port 37879 ssh2
May 7 06:03:50 fg sshd[4534]: Invalid user from 211.152.50.53
May 7 06:03:50 fg sshd[4534]: Failed none for invalid user from 211.152.50.53 port 38640 ssh2
May 7 06:03:54 fg sshd[4537]: Invalid user from 211.152.50.53
May 7 06:03:54 fg sshd[4537]: Failed password for invalid user from 211.152.50.53 port 39444 ssh2
May 7 06:03:57 fg sshd[4540]: Invalid user from 211.152.50.53
May 7 06:03:58 fg sshd[4540]: Failed none for invalid user from 211.152.50.53 port 40266 ssh2
May 7 06:04:06 fg sshd[4544]: Invalid user from 211.152.50.53
May 7 06:04:06 fg sshd[4544]: Failed none for invalid user from 211.152.50.53 port 42148 ssh2
May 7 06:04:10 fg sshd[4546]: Invalid user from 211.152.50.53
May 7 06:04:10 fg sshd[4546]: Failed none for invalid user from 211.152.50.53 port 42961 ssh2
May 7 06:04:13 fg sshd[4549]: Invalid user from 211.152.50.53

0 0

Quote

2. Re: Invasao [RESOLVIDO]

BrunoTecnico
(usa Sabayon)

Enviado em 07/05/2012 - 21:23h

Verifique com calma esses logs e analise a situação, e veja se o problema não "está mais perto do que vc pensa".

Será que não há usuários/clientes desse Servidor tentando fazer acessos via ssh.

# Pode ser alguém da mesma Rede do Servidor tentando ter acesso, e vc imaginando ser ataques externos.

0 0

Quote

3. Re: Invasao [RESOLVIDO]

eritonalmeida
(usa Debian)

Enviado em 07/05/2012 - 21:25h

Tentativas de invasão não é crime. Não adianta denunciar pois não vão nem responder. Você pode alertar o dono do IP.

0 0

Quote

4. Re: Invasao [RESOLVIDO]

rumbler
(usa Slackware)

Enviado em 07/05/2012 - 21:39h

bruno procurei informaçoes desse ip em http://www.geektools.com/whois.php é la da "china"
me lasquei,hehehe,vo rever as conf de segurança trocar as senhas.
eritonalmeida e pior que e verdade mesmo,aff,eassim caminha a umanidade.
obrigado pela atenção

0 0

Quote