* Denny Schierz schrieb/wrote:
Users logging in through sshd: ********: p508179FB.dip.t-dialin.net (80.129.121.251): 2 times
**Unmatched Entries** Illegal user test from ::ffff:221.166.169.102 User guest not allowed because shell /dev/null is not executable Illegal user user from ::ffff:221.166.169.102 Illegal user test from ::ffff:221.166.169.102 Illegal user ihybridi from ::ffff:61.100.191.232 Illegal user donchaz0 from ::ffff:61.100.191.232 Illegal user tomcat from ::ffff:61.100.191.232 Illegal user tomcat4 from ::ffff:61.100.191.232 User mailman not allowed because account is locked Illegal user chaz09200 from ::ffff:61.100.191.232 Illegal user donchaz09200 from ::ffff:61.100.191.232 Illegal user tmp from ::ffff:61.100.191.232 Illegal user postgres from ::ffff:61.100.191.232 Illegal user postgres from ::ffff:61.100.191.232 Illegal user postgres from ::ffff:61.100.191.232 Illegal user postgres from ::ffff:61.100.191.232 Illegal user oracle from ::ffff:61.100.191.232 Illegal user oracle from ::ffff:61.100.191.232 Illegal user oracle from ::ffff:61.100.191.232 Illegal user oracle from ::ffff:61.100.191.232 Illegal user postgres from ::ffff:61.100.191.232 Illegal user oracle from ::ffff:61.100.191.232 Illegal user test from ::ffff:61.100.191.232 Illegal user tmp from ::ffff:61.100.191.232 Illegal user fran from ::ffff:61.100.191.232 Illegal user crazy from ::ffff:61.100.191.232 Illegal user pierre from ::ffff:61.100.191.232 Illegal user james from ::ffff:61.100.191.232 [...]
Jau, das sind irgendwelche Brute-Force-Scanner, die schon seit einigen Wochen unterwegs sind, Kennw�rter durchprobieren und anschlie�end ein Rootkit auf die Maschine packen. Auf der Full-Disclosure-Liste gibts �berhaupt kein anderes Thema mehr.
-martin
-- +-------------------------+------------------------+ | Martin Schmitt | Schmitt Systemberatung | | http://www.scsy.de/~mas | http://www.scsy.de | +-------------------------+------------------------+
signature.asc
Description: OpenPGP digital signature

