farzadsh
January 2nd, 2010, 21:01
با سلام خدمت دوستان
من قبلا هم گفتم همیشه بدشانس بودم دست به هر کاری میزنم تعطیل میشه :-&
یک vps گرفتم به 10 روز نشد که تعطیل شد و نمیدونم چی شد که یک نفر نفوذ کرد و atack کرد و از vps ما شکایت شد به دلیل حمله
حالا سوال من این هست که باگی تو vps پیدا کردن که بهش وصل شدن و یا اینکه پسورد من رو زدن
:((
بعد ip کسایی که وصل شدن معلوم هست ؟ و به کدوم data center ها حمله شده ؟ بعد fire wall هم off بود ممکنه از اون باشه ؟ در کل راهنمایی می خواستم بکنید تا ببینم مشکل چی بوده؟
با تشکر
این هم log هست که من هیچی ازش سر در نمیارم
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 25 14:54:57 unix sshd[21114]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:54:57 unix sshd[21114]: Failed password for invalid user
root from 64.191.43.199 port 54001 ssh2
Dec 25 14:54:57 unix sshd[21118]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:54:58 unix sshd[21118]: Failed password for invalid user
root from 64.191.43.199 port 54073 ssh2
Dec 25 14:54:58 unix sshd[21120]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:54:58 unix sshd[21120]: Failed password for invalid user
root from 64.191.43.199 port 54135 ssh2
Dec 25 14:54:58 unix sshd[21122]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:54:59 unix sshd[21122]: Failed password for invalid user
root from 64.191.43.199 port 54199 ssh2
Dec 25 14:54:59 unix sshd[21126]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:54:59 unix sshd[21126]: Failed password for invalid user
root from 64.191.43.199 port 54258 ssh2
Dec 25 14:54:59 unix sshd[21130]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:00 unix sshd[21130]: Failed password for invalid user
root from 64.191.43.199 port 54310 ssh2
Dec 25 14:55:00 unix sshd[21132]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:00 unix sshd[21132]: Failed password for invalid user
root from 64.191.43.199 port 54377 ssh2
Dec 25 14:55:00 unix sshd[21136]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:01 unix sshd[21136]: Failed password for invalid user
root from 64.191.43.199 port 54439 ssh2
Dec 25 14:55:01 unix sshd[21140]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:02 unix sshd[21140]: Failed password for invalid user
root from 64.191.43.199 port 54496 ssh2
Dec 25 14:55:02 unix sshd[21142]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:02 unix sshd[21142]: Failed password for invalid user
root from 64.191.43.199 port 54558 ssh2
Dec 25 14:55:02 unix sshd[21144]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:03 unix sshd[21144]: Failed password for invalid user
root from 64.191.43.199 port 54624 ssh2
Dec 25 14:55:03 unix sshd[21148]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:03 unix sshd[21148]: Failed password for invalid user
root from 64.191.43.199 port 54691 ssh2
Dec 25 14:55:03 unix sshd[21152]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:04 unix sshd[21152]: Failed password for invalid user
root from 64.191.43.199 port 54760 ssh2
Dec 25 14:55:04 unix sshd[21154]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:04 unix sshd[21154]: Failed password for invalid user
root from 64.191.43.199 port 54846 ssh2
Dec 25 14:55:04 unix sshd[21156]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:05 unix sshd[21156]: Failed password for invalid user
root from 64.191.43.199 port 54907 ssh2
Note that 14:00:00 EST = 19:00:00 UTC
(time zone of log is PST, which is UTC-08:00, date is MMDD)
log entries are from Cisco netflow, time is flow start time
date.time srcIP srcPort dstIP dstPort proto #pkts
1225.04:22:37.234 64.191.43.199 6556 130.152.181.107 22 6 1
1225.04:22:37.234 64.191.43.199 6556 130.152.181.59 22 6 1
1225.04:22:37.355 64.191.43.199 6556 130.152.181.108 22 6 1
1225.04:22:37.359 64.191.43.199 6556 130.152.181.60 22 6 1
1225.04:22:37.238 64.191.43.199 6556 130.152.182.75 22 6 1
1225.06:58:51.921 64.191.43.199 58298 131.215.2.177 22 6 2
1225.06:58:51.921 64.191.43.199 58298 131.215.2.15 22 6 2
1225.06:58:51.921 64.191.43.199 58298 131.215.2.121 22 6 2
1225.06:58:51.921 64.191.43.199 58298 131.215.2.170 22 6 2
1225.06:58:55.888 64.191.43.199 58298 131.215.167.104 22 6 2
1225.06:58:55.892 64.191.43.199 58298 131.215.167.33 22 6 2
1225.06:58:52.308 64.191.43.199 58298 131.215.24.135 22 6 2
1225.06:58:52.308 64.191.43.199 58298 131.215.25.104 22 6 2
1225.06:58:55.891 64.191.43.199 58298 131.215.169.26 22 6 2
1225.06:58:52.307 64.191.43.199 58298 131.215.24.232 22 6 2
من قبلا هم گفتم همیشه بدشانس بودم دست به هر کاری میزنم تعطیل میشه :-&
یک vps گرفتم به 10 روز نشد که تعطیل شد و نمیدونم چی شد که یک نفر نفوذ کرد و atack کرد و از vps ما شکایت شد به دلیل حمله
حالا سوال من این هست که باگی تو vps پیدا کردن که بهش وصل شدن و یا اینکه پسورد من رو زدن
:((
بعد ip کسایی که وصل شدن معلوم هست ؟ و به کدوم data center ها حمله شده ؟ بعد fire wall هم off بود ممکنه از اون باشه ؟ در کل راهنمایی می خواستم بکنید تا ببینم مشکل چی بوده؟
با تشکر
این هم log هست که من هیچی ازش سر در نمیارم
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 25 14:54:57 unix sshd[21114]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:54:57 unix sshd[21114]: Failed password for invalid user
root from 64.191.43.199 port 54001 ssh2
Dec 25 14:54:57 unix sshd[21118]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:54:58 unix sshd[21118]: Failed password for invalid user
root from 64.191.43.199 port 54073 ssh2
Dec 25 14:54:58 unix sshd[21120]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:54:58 unix sshd[21120]: Failed password for invalid user
root from 64.191.43.199 port 54135 ssh2
Dec 25 14:54:58 unix sshd[21122]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:54:59 unix sshd[21122]: Failed password for invalid user
root from 64.191.43.199 port 54199 ssh2
Dec 25 14:54:59 unix sshd[21126]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:54:59 unix sshd[21126]: Failed password for invalid user
root from 64.191.43.199 port 54258 ssh2
Dec 25 14:54:59 unix sshd[21130]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:00 unix sshd[21130]: Failed password for invalid user
root from 64.191.43.199 port 54310 ssh2
Dec 25 14:55:00 unix sshd[21132]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:00 unix sshd[21132]: Failed password for invalid user
root from 64.191.43.199 port 54377 ssh2
Dec 25 14:55:00 unix sshd[21136]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:01 unix sshd[21136]: Failed password for invalid user
root from 64.191.43.199 port 54439 ssh2
Dec 25 14:55:01 unix sshd[21140]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:02 unix sshd[21140]: Failed password for invalid user
root from 64.191.43.199 port 54496 ssh2
Dec 25 14:55:02 unix sshd[21142]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:02 unix sshd[21142]: Failed password for invalid user
root from 64.191.43.199 port 54558 ssh2
Dec 25 14:55:02 unix sshd[21144]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:03 unix sshd[21144]: Failed password for invalid user
root from 64.191.43.199 port 54624 ssh2
Dec 25 14:55:03 unix sshd[21148]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:03 unix sshd[21148]: Failed password for invalid user
root from 64.191.43.199 port 54691 ssh2
Dec 25 14:55:03 unix sshd[21152]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:04 unix sshd[21152]: Failed password for invalid user
root from 64.191.43.199 port 54760 ssh2
Dec 25 14:55:04 unix sshd[21154]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:04 unix sshd[21154]: Failed password for invalid user
root from 64.191.43.199 port 54846 ssh2
Dec 25 14:55:04 unix sshd[21156]: warning: /etc/hosts.allow, line 7:
host name/name mismatch: 64-191-43-199.hostnoc.net != hit-nxdomain.opendns.com
Dec 25 14:55:05 unix sshd[21156]: Failed password for invalid user
root from 64.191.43.199 port 54907 ssh2
Note that 14:00:00 EST = 19:00:00 UTC
(time zone of log is PST, which is UTC-08:00, date is MMDD)
log entries are from Cisco netflow, time is flow start time
date.time srcIP srcPort dstIP dstPort proto #pkts
1225.04:22:37.234 64.191.43.199 6556 130.152.181.107 22 6 1
1225.04:22:37.234 64.191.43.199 6556 130.152.181.59 22 6 1
1225.04:22:37.355 64.191.43.199 6556 130.152.181.108 22 6 1
1225.04:22:37.359 64.191.43.199 6556 130.152.181.60 22 6 1
1225.04:22:37.238 64.191.43.199 6556 130.152.182.75 22 6 1
1225.06:58:51.921 64.191.43.199 58298 131.215.2.177 22 6 2
1225.06:58:51.921 64.191.43.199 58298 131.215.2.15 22 6 2
1225.06:58:51.921 64.191.43.199 58298 131.215.2.121 22 6 2
1225.06:58:51.921 64.191.43.199 58298 131.215.2.170 22 6 2
1225.06:58:55.888 64.191.43.199 58298 131.215.167.104 22 6 2
1225.06:58:55.892 64.191.43.199 58298 131.215.167.33 22 6 2
1225.06:58:52.308 64.191.43.199 58298 131.215.24.135 22 6 2
1225.06:58:52.308 64.191.43.199 58298 131.215.25.104 22 6 2
1225.06:58:55.891 64.191.43.199 58298 131.215.169.26 22 6 2
1225.06:58:52.307 64.191.43.199 58298 131.215.24.232 22 6 2