=?iso-8859-1?q?Ai=20je=20=E9t=E9=20attaqu=E9?=

[charlonet]

Slt,

J'ai deux de mes serveurs qui m'affichent le message
ci-dessous.

Dec 22 06:18:51 pop sshd(pam_unix)[2755]: session
closed for user root
Dec 22 08:23:04 pop sshd(pam_unix)[3219]: session
opened for user root
by (uid=0)
Dec 22 08:24:05 pop kernel: cl uses obsolete
(PF_INET,SOCK_PACKET)
Dec 22 08:24:05 pop kernel: device eth0 entered
promiscuous mode
Dec 22 08:24:05 pop modprobe: modprobe: Can't locate
module ppp0
Dec 22 08:24:11 pop modprobe: modprobe: Can't locate
module ppp0
Dec 22 08:25:06 pop déc 22 08:25:06 portmap: Arrêt
de portmap
succeeded
Dec 22 08:25:07 pop kernel: Kernel logging (proc)
stopped.
Dec 22 08:25:07 pop kernel: Kernel log daemon
terminating.
Dec 22 08:25:08 pop déc 22 08:25:08 syslog: Arrêt de
klogd succeeded
Dec 22 08:25:08 pop exiting on signal 15

J'ai redemarrer un de ces serveurs et il se bloque au
nivo du syst�me
de fichier /proc.

En consultant les log de la 2i�me machine que je men
rends compte que
quelqu'un essai de se connecter en ssh depuis
l'adresse IP 212.78.79.20.
Je joins me fichier secure.log

Dec 22 02:07:22 pop sshd[2272]: Did not receive
identification string
from 212.93.154.239
Dec 22 02:14:32 pop sshd[2277]: Illegal user test from
212.93.154.239
Dec 22 02:14:36 pop sshd[2279]: Illegal user guest
from 212.93.154.239
Dec 22 02:14:39 pop sshd[2281]: Illegal user admin
from 212.93.154.239
Dec 22 02:14:43 pop sshd[2283]: Illegal user admin
from 212.93.154.239
Dec 22 02:14:45 pop sshd[2285]: Illegal user user from
212.93.154.239
Dec 22 02:14:54 pop sshd[2287]: Failed password for
root from
212.93.154.239 port 2152 ssh2
Dec 22 02:15:01 pop sshd[2289]: Failed password for
root from
212.93.154.239 port 2277 ssh2
Dec 22 02:15:06 pop sshd[2295]: Failed password for
root from
212.93.154.239 port 2389 ssh2
Dec 22 02:15:08 pop sshd[2297]: Illegal user test from
212.93.154.239
Dec 22 04:00:09 pop sshd[2391]: Did not receive
identification string
from 212.78.79.20
Dec 22 04:07:16 pop sshd[2743]: Failed password for
nobody from
212.78.79.20 port 51318 ssh2
Dec 22 04:07:18 pop sshd[2745]: Illegal user patrick
from 212.78.79.20
Dec 22 04:07:20 pop sshd[2747]: Illegal user patrick
from 212.78.79.20
Dec 22 04:07:24 pop sshd[2749]: Failed password for
root from
212.78.79.20 port 53405 ssh2
Dec 22 04:07:29 pop sshd[2751]: Failed password for
root from
212.78.79.20 port 54127 ssh2
Dec 22 04:07:33 pop sshd[2753]: Failed password for
root from
212.78.79.20 port 54833 ssh2
Dec 22 04:07:35 pop sshd[2755]: Accepted password for
root from
212.78.79.20 port 55505 ssh2
Dec 22 04:07:45 pop sshd[2797]: Failed password for
root from
212.78.79.20 port 56774 ssh2
Dec 22 04:07:47 pop sshd[2799]: Illegal user rolo from
212.78.79.20
Dec 22 04:07:49 pop sshd[2801]: Illegal user iceuser
from 212.78.79.20
Dec 22 04:07:51 pop sshd[2803]: Illegal user horde
from 212.78.79.20
Dec 22 04:07:53 pop sshd[2805]: Illegal user cyrus
from 212.78.79.20
Dec 22 04:07:55 pop sshd[2807]: Illegal user www from
212.78.79.20
Dec 22 04:07:57 pop sshd[2809]: Illegal user wwwrun
from 212.78.79.20
Dec 22 04:07:59 pop sshd[2811]: Illegal user matt from
212.78.79.20
Dec 22 04:08:01 pop sshd[2813]: Illegal user test from
212.78.79.20
Dec 22 04:08:03 pop sshd[2815]: Illegal user test from
212.78.79.20
Dec 22 04:08:05 pop sshd[2817]: Illegal user test from
212.78.79.20
Dec 22 04:08:07 pop sshd[2819]: Illegal user test from
212.78.79.20
Dec 22 04:08:08 pop sshd[2821]: Illegal user www-data
from 212.78.79.20
Dec 22 04:08:13 pop sshd[2823]: Failed password for
mysql from
212.78.79.20 port 60777 ssh2
Dec 22 04:08:17 pop sshd[2825]: Failed password for
operator from
212.78.79.20 port 33131 ssh2
Dec 22 04:08:21 pop sshd[2827]: Failed password for
adm from
212.78.79.20 port 33708 ssh2
Dec 22 04:08:25 pop sshd[2829]: Failed password for
apache from
212.78.79.20 port 34274 ssh2
Dec 22 04:08:27 pop sshd[2831]: Illegal user irc from
212.78.79.20
Dec 22 04:08:29 pop sshd[2833]: Illegal user irc from
212.78.79.20
Dec 22 04:08:34 pop sshd[2835]: Failed password for
adm from
212.78.79.20 port 35388 ssh2
Dec 22 04:08:38 pop sshd[2837]: Failed password for
root from
212.78.79.20 port 35951 ssh2
Dec 22 04:08:42 pop sshd[2839]: Failed password for
root from
212.78.79.20 port 36501 ssh2
Dec 22 04:08:46 pop sshd[2841]: Failed password for
root from
212.78.79.20 port 37057 ssh2
Dec 22 04:08:48 pop sshd[2843]: Illegal user jane from
212.78.79.20
Dec 22 04:08:50 pop sshd[2845]: Illegal user pamela
from 212.78.79.20
Dec 22 04:08:54 pop sshd[2847]: Failed password for
root from
212.78.79.20 port 38140 ssh2
Dec 22 04:08:59 pop sshd[2849]: Failed password for
root from
212.78.79.20 port 38733 ssh2
Dec 22 04:09:03 pop sshd[2851]: Failed password for
root from
212.78.79.20 port 39307 ssh2
Dec 22 04:09:07 pop sshd[2853]: Failed password for
root from
212.78.79.20 port 39886 ssh2
Dec 22 04:09:11 pop sshd[2855]: Failed password for
root from
212.78.79.20 port 40483 ssh2
Dec 22 04:09:13 pop sshd[2857]: Illegal user cosmin
from 212.78.79.20
Dec 22 04:09:18 pop sshd[2859]: Failed password for
root from
212.78.79.20 port 41347 ssh2
Dec 22 04:09:22 pop sshd[2861]: Failed password for
root from
212.78.79.20 port 41924 ssh2
Dec 22 04:09:26 pop sshd[2863]: Failed password for
root from
212.78.79.20 port 42460 ssh2
Dec 22 04:09:30 pop sshd[2865]: Failed password for
root from
212.78.79.20 port 43039 ssh2
Dec 22 04:09:40 pop sshd[2867]: Failed password for
root from
212.78.79.20 port 43593 ssh2
Dec 22 04:09:44 pop sshd[2869]: Failed password for
root from
212.78.79.20 port 44802 ssh2
Dec 22 04:09:48 pop sshd[2871]: Failed password for
root from
212.78.79.20 port 45385 ssh2
Dec 22 04:09:53 pop sshd[2873]: Failed password for
root from
212.78.79.20 port 45929 ssh2
Dec 22 04:09:57 pop sshd[2875]: Failed password for
root from
212.78.79.20 port 46493 ssh2
Dec 22 04:10:01 pop sshd[2877]: Failed password for
root from
212.78.79.20 port 47028 ssh2
Dec 22 04:10:05 pop sshd[2883]: Failed password for
root from
212.78.79.20 port 47559 ssh2
Dec 22 04:10:10 pop sshd[2885]: Failed password for
root from
212.78.79.20 port 48090 ssh2
Dec 22 04:10:14 pop sshd[2887]: Failed password for
root from
212.78.79.20 port 48619 ssh2
Dec 22 04:10:18 pop sshd[2889]: Failed password for
root from
212.78.79.20 port 49159 ssh2
Dec 22 04:10:22 pop sshd[2891]: Failed password for
root from
212.78.79.20 port 49711 ssh2
Dec 22 04:10:27 pop sshd[2893]: Failed password for
root from
212.78.79.20 port 50252 ssh2
Dec 22 04:10:31 pop sshd[2895]: Failed password for
root from
212.78.79.20 port 50820 ssh2
Dec 22 04:10:35 pop sshd[2897]: Failed password for
root from
212.78.79.20 port 51413 ssh2
Dec 22 04:10:39 pop sshd[2899]: Failed password for
root from
212.78.79.20 port 52011 ssh2
Dec 22 04:10:44 pop sshd[2901]: Failed password for
root from
212.78.79.20 port 52602 ssh2
Dec 22 04:10:48 pop sshd[2903]: Failed password for
root from
212.78.79.20 port 53198 ssh2
Dec 22 04:10:52 pop sshd[2905]: Failed password for
root from
212.78.79.20 port 53806 ssh2
Dec 22 04:10:56 pop sshd[2907]: Failed password for
root from
212.78.79.20 port 54389 ssh2
Dec 22 04:11:01 pop sshd[2909]: Failed password for
root from
212.78.79.20 port 55004 ssh2
Dec 22 04:11:05 pop sshd[2911]: Failed password for
root from
212.78.79.20 port 55611 ssh2
Dec 22 04:11:09 pop sshd[2913]: Failed password for
root from
212.78.79.20 port 56210 ssh2
Dec 22 04:11:13 pop sshd[2915]: Failed password for
root from
212.78.79.20 port 56772 ssh2
Dec 22 04:11:18 pop sshd[2917]: Failed password for
root from
212.78.79.20 port 57314 ssh2
Dec 22 04:11:22 pop sshd[2919]: Failed password for
root from
212.78.79.20 port 57859 ssh2
Dec 22 04:11:26 pop sshd[2921]: Failed password for
root from
212.78.79.20 port 58402 ssh2
Dec 22 04:11:31 pop sshd[2923]: Failed password for
root from
212.78.79.20 port 58927 ssh2
Dec 22 04:11:35 pop sshd[2925]: Failed password for
root from
212.78.79.20 port 59483 ssh2
Dec 22 04:11:39 pop sshd[2927]: Failed password for
root from
212.78.79.20 port 60023 ssh2
Dec 22 04:11:43 pop sshd[2929]: Failed password for
root from
212.78.79.20 port 60533 ssh2
Dec 22 04:11:48 pop sshd[2931]: Failed password for
root from
212.78.79.20 port 32803 ssh2
Dec 22 04:11:52 pop sshd[2933]: Failed password for
root from
212.78.79.20 port 33338 ssh2
Dec 22 04:11:54 pop sshd[2935]: Illegal user cip52
from 212.78.79.20
Dec 22 04:11:56 pop sshd[2937]: Illegal user cip51
from 212.78.79.20
Dec 22 04:12:00 pop sshd[2939]: Failed password for
root from
212.78.79.20 port 34329 ssh2
Dec 22 04:12:02 pop sshd[2941]: Illegal user noc from
212.78.79.20
Dec 22 04:12:06 pop sshd[2943]: Failed password for
root from
212.78.79.20 port 35122 ssh2
Dec 22 04:12:10 pop sshd[2945]: Failed password for
root from
212.78.79.20 port 35676 ssh2
Dec 22 04:12:15 pop sshd[2947]: Failed password for
root from
212.78.79.20 port 36228 ssh2
Dec 22 04:12:19 pop sshd[2949]: Failed password for
root from
212.78.79.20 port 36803 ssh2
Dec 22 04:12:21 pop sshd[2951]: Illegal user webmaster
from
212.78.79.20
Dec 22 04:12:23 pop sshd[2953]: Illegal user data from
212.78.79.20
Dec 22 04:12:25 pop sshd[2955]: Illegal user user from
212.78.79.20
Dec 22 04:12:27 pop sshd[2957]: Illegal user user from
212.78.79.20
Dec 22 04:12:28 pop sshd[2959]: Illegal user user from
212.78.79.20
Dec 22 04:12:30 pop sshd[2961]: Illegal user web from
212.78.79.20
Dec 22 04:12:32 pop sshd[2963]: Illegal user web from
212.78.79.20
Dec 22 04:12:34 pop sshd[2965]: Illegal user oracle
from 212.78.79.20
Dec 22 04:12:36 pop sshd[2967]: Illegal user sybase
from 212.78.79.20
Dec 22 04:12:38 pop sshd[2969]: Illegal user master
from 212.78.79.20
Dec 22 04:12:40 pop sshd[2971]: Illegal user account
from 212.78.79.20
Dec 22 04:12:42 pop sshd[2973]: Illegal user backup
from 212.78.79.20
Dec 22 04:12:44 pop sshd[2975]: Illegal user server
from 212.78.79.20
Dec 22 04:12:46 pop sshd[2977]: Illegal user adam from
212.78.79.20
Dec 22 04:12:48 pop sshd[2979]: Illegal user alan from
212.78.79.20
Dec 22 04:12:49 pop sshd[2981]: Illegal user frank
from 212.78.79.20
Dec 22 04:12:51 pop sshd[2983]: Illegal user george
from 212.78.79.20
Dec 22 04:12:53 pop sshd[2985]: Illegal user henry
from 212.78.79.20
Dec 22 04:12:55 pop sshd[2987]: Illegal user john from
212.78.79.20
Dec 22 04:12:59 pop sshd[2989]: Failed password for
root from
212.78.79.20 port 41767 ssh2
Dec 22 04:13:04 pop sshd[2991]: Failed password for
root from
212.78.79.20 port 42212 ssh2
Dec 22 04:13:08 pop sshd[2993]: Failed password for
root from
212.78.79.20 port 42646 ssh2
Dec 22 04:13:12 pop sshd[2995]: Failed password for
root from
212.78.79.20 port 43095 ssh2
Dec 22 04:13:16 pop sshd[2997]: Failed password for
root from
212.78.79.20 port 43527 ssh2
Dec 22 04:13:18 pop sshd[2999]: Illegal user test from
212.78.79.20
Dec 22 08:23:03 pop sshd[3219]: Accepted password for
root from
212.78.79.20 port 40528 ssh2


Est ce que j'ai attaqu� ?

=====
----------------------------------------------------------------------
KOUAME KOUAKOU Charles Jonas

GSM : +225 08 00 74 80
GSM : +225 05 96 06 54 
skype : charlonet


Adresse Postale : 06 BP 1217 Abidjan 06
                      C�te d'Ivoire

Vous avez r��u gratuitement donnez gratuitement (Mt 10,8)

Le Pingouin Noir


        

        
                
D�couvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Cr�ez votre Yahoo! Mail sur http://fr.mail.yahoo.com/