Attempted Hacking, A Company Who Cares

Ickie · Jun 12, 2009

Yesterday we had an attempting hacking from Sweden, I contacted the small ISP and sent them my logs.
Wow they responded and took care of this like a responsible company.
I wish all ISP's would act this way, maybe we could wipe out this GD mess.
Thanks Sweden.

Railrunner130 · Jun 12, 2009

Very good! Glad to hear someone is fighting this war!

:icon29:

Skipsan · Jun 12, 2009

My concurrence's also :applause:

Skipsan

mike_cyul · Jun 12, 2009

I like good news. :applause:

Mike

Lionheart · Jun 12, 2009

Awesome to hear Ickie.

Thanks Sweden!

:ernae:

crashaz · Jun 12, 2009

Thanks Sweden! :sweden:

tigisfat · Jun 12, 2009

Cool, what exactly did they do?

Ickie · Jun 12, 2009

they got caught trying to hack us but my scripts logged him and banned the ip address and it just stopped.
brute force hacking is what its called.
here is the log:

The remote system 213.50.52.14 was found to have exceeded acceptable login failures on worm.sim-outhouse.com; there was 61 events to the service pure-ftpd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.

Executed ban command:
/etc/apf/apf -d 213.50.52.14 {bfd.pure-ftpd}

The following are event logs from 213.50.52.14 on service pure-ftpd (all time stamps are GMT -0400):

Jun 12 01:07:43 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:07:43 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:07:47 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:07:48 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:07:49 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:07:49 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:08:01 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:08:32 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:08:33 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:08:33 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:08:36 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:08:39 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:08:39 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:08:40 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:08:42 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:08:42 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:08:43 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:09:19 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:09:25 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:09:25 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:09:26 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:09:31 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:09:35 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:09:35 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:09:35 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:09:35 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:09:35 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:09:59 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:10:02 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:10:04 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:10:11 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:10:16 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:10:21 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:10:22 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:10:22 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:10:28 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:10:29 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:10:30 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:10:30 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:10:33 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:10:33 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:10:33 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:11:02 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:11:07 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:11:12 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:11:20 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:11:20 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:11:20 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:11:23 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:11:24 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:11:24 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:11:28 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:11:29 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:11:29 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:12:01 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:12:06 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:12:10 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:12:14 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:12:14 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:12:17 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:12:18 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:12:18 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:12:19 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:12:24 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:12:24 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:12:24 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:12:24 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:12:31 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:13:09 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:13:09 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:13:10 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:13:12 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:13:12 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:13:13 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:13:18 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:13:18 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:13:19 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:14:03 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:14:04 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:14:04 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:14:05 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:14:06 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:14:06 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:14:12 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:14:13 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:14:13 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:14:58 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:14:58 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:14:59 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:14:59 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:14:59 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:14:59 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:15:02 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:15:02 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:15:02 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:15:04 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:15:05 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:15:23 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:15:54 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:15:54 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:15:54 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:15:55 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:15:55 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:15:55 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:15:56 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:15:56 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:15:56 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:16:09 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:16:37 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:16:37 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:16:43 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:16:49 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:16:49 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:16:50 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:16:50 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:16:51 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:16:51 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:16:51 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:16:52 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:16:52 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:17:31 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:17:35 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:17:35 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:17:40 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:17:42 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:17:42 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:17:43 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:17:44 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:17:44 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:17:45 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:17:45 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:17:46 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:17:46 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:18:06 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:18:29 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:18:29 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:18:30 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:18:35 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:18:37 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:18:37 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:18:38 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:18:38 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:18:39 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:18:39 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:18:39 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:18:39 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:18:40 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:18:54 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:18:54 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:18:59 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:19:03 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:19:24 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:19:24 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:19:24 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:19:32 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:19:32 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:19:32 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:19:32 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:19:32 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:19:32 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:19:33 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:19:34 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:19:34 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:19:45 worm pure-ftpd: (?@213.50.52.14) [ERROR] Too many authentication failures Jun 12 01:19:46 worm pure-ftpd: (?@213.50.52.14) [INFO] New connection from 213.50.52.14 Jun 12 01:19:46 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:20:03 worm pure-ftpd: (?@213.50.52.14) [WARNING] Authentication failed for user [Administrator] Jun 12 01:20:05 worm BFD(1112): {pure-ftpd} 213.50.52.14 exceeded login failures; executed ban command '/etc/apf/apf -d 213.50.52.14 {bfd.pure-ftpd}'.
----

Lionheart · Jun 12, 2009

Dang...

So he tried uploading a worm into the system.

Chinese prison... or maybe... North Korean prison!!! :d

Bill

GT182 · Jun 12, 2009

I say cut off his worm and send it back to him. :d :icon_lol:

MCDesigns · Jun 12, 2009

GT182 said:
I say cut off his worm and send it back to him. :d

Now yer talking!!! :ernae:

way to go Sweden!

cheezyflier · Jun 12, 2009

GT182 said:
I say cut off his worm and send it back to him. :d

with a trojan? :icon_lol:

hey_moe · Jun 12, 2009

The best thing that could happen would be to just send him to Ickie:ernae: ...and then will will never hear from him again :monkies:

quantumleap · Jun 13, 2009

As someone who has run multi-million dollar data centres sat on the Internet, many times unfortunately you find attempts like this are just automated scripts running on machines which were previously compromised themselves and now just acting as proxys. The person who owns the machine at 213.50.52.14 may not even have been aware that it was happening.

Jeff

Ickie · Jun 13, 2009

The person who owns the machine at 213.50.52.14 may not even have been aware that it was happening.

He is sure of it as of yesterday morning.

I always report these kind of things, about once weekly, and this Sweden Company is the first to respond to me.

Attempted Hacking, A Company Who Cares

Ickie

SOH Administrator

Railrunner130

Charter Member

Skipsan

Charter Member 2011

mike_cyul

SOH-CM-2025

Lionheart

SOH-CM-2014

crashaz

Pearl Harbor Project developer

tigisfat

Guest

Ickie

SOH Administrator

Lionheart

SOH-CM-2014

GT182

Charter Member

MCDesigns

Guest

cheezyflier

Charter Member

hey_moe

Retired SOH Administrator

quantumleap

Guest

Ickie

SOH Administrator