Why were you trying to login to my server???

**Qube** · 03-06-2011, 13:17

I received a email notice that someone on the eUKHost IP range was trying to gain access as root to my server. My server is NOT located on eUKHost so there is no reason why any of your staff would be trying to do so. Also to that point, none of your customers should be doing so either.

I would require this matter be attended to and dealt with as a high priority from eUKHost before I consider further action.

Details are :

Time: Fri Jun 3 10:42:46 2011 +0100
IP: 213.175.212.224 (GB/United Kingdom/-)
Failures: 5 (sshd)
Interval: 300 seconds
Blocked: Permanent Block

Log entries:

Jun 3 10:42:38 server sshd[27817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.175.212.224 user=root
Jun 3 10:42:40 server sshd[27817]: Failed password for root from 213.175.212.224 port 45859 ssh2
Jun 3 10:42:41 server sshd[27821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.175.212.224 user=root
Jun 3 10:42:43 server sshd[27821]: Failed password for root from 213.175.212.224 port 45965 ssh2
Jun 3 10:42:44 server sshd[27825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.175.212.224 user=root

**John** · 03-06-2011, 14:16

Originally Posted by Qube

I received a email notice that someone on the eUKHost IP range was trying to gain access as root to my server. My server is NOT located on eUKHost so there is no reason why any of your staff would be trying to do so. Also to that point, none of your customers should be doing so either.

I would require this matter be attended to and dealt with as a high priority from eUKHost before I consider further action.

Details are :

Time: Fri Jun 3 10:42:46 2011 +0100
IP: 213.175.212.224 (GB/United Kingdom/-)
Failures: 5 (sshd)
Interval: 300 seconds
Blocked: Permanent Block

Log entries:

Jun 3 10:42:38 server sshd[27817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.175.212.224 user=root
Jun 3 10:42:40 server sshd[27817]: Failed password for root from 213.175.212.224 port 45859 ssh2
Jun 3 10:42:41 server sshd[27821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.175.212.224 user=root
Jun 3 10:42:43 server sshd[27821]: Failed password for root from 213.175.212.224 port 45965 ssh2
Jun 3 10:42:44 server sshd[27825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.175.212.224 user=root

Hello Qube,

Not to worry, we have forwarded this to our abuse department for them to investigate.

**eUK-Patrick** · 03-06-2011, 14:30

The IP belongs to one of our client's VPS which is found to be compromised.
The hacking scripts has been located and it is now removed from the source.
This will be notified to the client right now.

**Qube** · 03-06-2011, 17:34

Thank you for your swift response. I hope they now up their VPS security a little

**Rock** · 04-06-2011, 11:01

Originally Posted by Qube

Thank you for your swift response. I hope they now up their VPS security a little

Hi, Thank you for reporting this incident, it has been taken care of now....

Thread: Why were you trying to login to my server???

Thread Tools

Display

Why were you trying to login to my server???

Thread Information

Users Browsing this Thread

Posting Permissions