Hacker forsøg! Rimelig sikker

(000007) 11-09-2007 23:41:41 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:41 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:41 - (not logged in) (60.0.9.178) > PASS Bond007
(000007) 11-09-2007 23:41:41 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:42 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:42 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:42 - (not logged in) (60.0.9.178) > PASS Booboo
(000007) 11-09-2007 23:41:42 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:43 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:43 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:43 - (not logged in) (60.0.9.178) > PASS Bradley
(000007) 11-09-2007 23:41:43 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:44 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:44 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:45 - (not logged in) (60.0.9.178) > PASS Buffalo
(000007) 11-09-2007 23:41:45 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:45 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:45 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:46 - (not logged in) (60.0.9.178) > PASS Calvin
(000007) 11-09-2007 23:41:46 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:46 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:46 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:47 - (not logged in) (60.0.9.178) > PASS Canada
(000007) 11-09-2007 23:41:47 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:47 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:47 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:48 - (not logged in) (60.0.9.178) > PASS Celtics
(000007) 11-09-2007 23:41:48 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:48 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:48 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:49 - (not logged in) (60.0.9.178) > PASS Chester
(000007) 11-09-2007 23:41:49 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:49 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:49 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:50 - (not logged in) (60.0.9.178) > PASS Colleen
(000007) 11-09-2007 23:41:50 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:51 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:51 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:51 - (not logged in) (60.0.9.178) > PASS Connie
(000007) 11-09-2007 23:41:51 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:52 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:52 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:52 - (not logged in) (60.0.9.178) > PASS Cooper
(000007) 11-09-2007 23:41:52 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:53 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:53 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:53 - (not logged in) (60.0.9.178) > PASS Cracker
(000007) 11-09-2007 23:41:53 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:54 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:54 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:54 - (not logged in) (60.0.9.178) > PASS Digital
(000007) 11-09-2007 23:41:54 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:55 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:55 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:55 - (not logged in) (60.0.9.178) > PASS Disney
(000007) 11-09-2007 23:41:55 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:56 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:56 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:57 - (not logged in) (60.0.9.178) > PASS Doobie
(000007) 11-09-2007 23:41:57 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:57 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:57 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:58 - (not logged in) (60.0.9.178) > PASS Dream
(000007) 11-09-2007 23:41:58 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:58 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:58 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:41:59 - (not logged in) (60.0.9.178) > PASS Dwight
(000007) 11-09-2007 23:41:59 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:41:59 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:41:59 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:42:00 - (not logged in) (60.0.9.178) > PASS Eatme
(000007) 11-09-2007 23:42:00 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:42:00 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:42:00 - (not logged in) (60.0.9.178) > 331 Password required for test.
(000007) 11-09-2007 23:42:01 - (not logged in) (60.0.9.178) > PASS Farming
(000007) 11-09-2007 23:42:01 - (not logged in) (60.0.9.178) > 530 Login or Password incorrect.
(000007) 11-09-2007 23:42:01 - (not logged in) (60.0.9.178) > USER test
(000007) 11-09-2007 23:42:01 - (not logged in) (60.0.9.178) > 331 Password required for test.

Angrebet har været igang i over 2 timer nu!

Query the APNIC Whois Database
Need help?

    * General search help
    * Help tracking spam and hacking
    * To assist you with debugging problems, this whois query was received from IP Address [ ]. Your web client may be behind a web proxy.

% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      60.0.0.0 - 60.10.255.255
netname:      CNCGROUP-HE
descr:        CNCGROUP Hebei Province Network
descr:        China Network Communications Group Corporation
descr:        No.156,Fu-Xing-Men-Nei Street,
descr:        Beijing 100031
country:      CN
admin-c:      CH455-AP
tech-c:      JL2284-AP
remarks:      service provider
mnt-by:      APNIC-HM
mnt-lower:    MAINT-CNCGROUP-HE
mnt-routes:  MAINT-CNCGROUP-RR
status:      ALLOCATED PORTABLE
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      This object can only be updated by APNIC hostmasters.
remarks:      To update this object, please contact APNIC
remarks:      hostmasters and include your organisation's account
remarks:      name in the subject line.
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed:      hm-changed@apnic.net 20040329
changed:      hm-changed@apnic.net 20060113
changed:      hm-changed@apnic.net 20060124
source:      APNIC

route:        60.0.0.0/13
descr:        CNC Group CHINA169 Hebei Province Network
country:      CN
origin:      AS4837
mnt-by:      MAINT-CNCGROUP-RR
changed:      abuse@cnc-noc.net 20060118
source:      APNIC

role:        CNCGroup Hostmaster
e-mail:      abuse@cnc-noc.net
address:      No.156,Fu-Xing-Men-Nei Street,
address:      Beijing,100031,P.R.China
nic-hdl:      CH455-AP
phone:        +86-10-82993155
fax-no:      +86-10-82993102
country:      CN
admin-c:      CH444-AP
tech-c:      CH444-AP
changed:      abuse@cnc-noc.net 20041119
mnt-by:      MAINT-CNCGROUP
source:      APNIC

person:      jinyuan lu
nic-hdl:      JL2284-AP
e-mail:      jinyuan_lu@heinfo.net
address:      hebei province shijiazhuang
phone:        +86-311-86685210
fax-no:      +86-311-86051214
country:      CN
changed:      lujinyuan@msn.com 20060821
mnt-by:      MAINT-CNCGROUP-HE
source:      APNIC

    * Bold: Object type.
    * Underlined: Primary key(s).
    * Hyperlinks: Searchable Attributes.

4 records found for '60.0.9.178'

Så det er en kiniser der sidder og fyrer den af ?

person:      jinyuan lu
nic-hdl:      JL2284-AP
e-mail:      jinyuan_lu@heinfo.net
address:      hebei province shijiazhuang
phone:        +86-311-86685210
fax-no:      +86-311-86051214
country:      CN
changed:      lujinyuan@msn.com 20060821
mnt-by:      MAINT-CNCGROUP-HE
source:      APNIC

Sansynligvis ?

Kan ikke helt overskue infoen - men i hvertfald stammer adressen fra kina- om det er jinyuan lu eller en anden er det jo ikke lige til at sige. Kan være der er en anden mere detaljeret WHOIS et eller andet sted :)

Du kunne sende din log til abuse@cnc-noc.net, det vil næppe gøre meget andet end at give en kortvarig varm følelse, du ved .. lissom at pisse i bukserne :)

Pyt har bannet hans ip! :)

https://www.forskningsnet-cert.dk/anmeldelsesblanket/

Jeg afslutter topic her !

Neoman læg svar, det samme med dig thesurfer

Det er en kinesisk script kiddie der forsøger at brute force en dansk FTP med en engelsk password/brugernavn liste. I stedet for at blokerer ham kunne du lade ham køre færdig, derefter lave en liste over brugernavne og passwords som man ikke må bruge i din løsning.

Hvis du blokker ham risikerer du blot han går gennem en proxy og forsøger med en anden liste. Alternativt bør du blokke hele det kinesiske IP range

jeg springer over - synes Bufferzone har det mest relevante svar for dig:)

Jeg kan ikke lige huske hvad optionen hedder - men mener man blev bannet i sin tid da ftp var kinky.. mener grunden var "hammering" hvis man forsøgte at connecte med for korte mellemrum..

Sæt den til 3 forkerte forsøg inden for en time = 3 timers ban - så tager det evigheder at løbe en liste med kodeord / brugere igennem.

Jokkejensen : Er det ikke bedre bare at smide ban på den IP ?

mkay :-)

jimjimjam> Hvis det er en dynamisk (skiftende) IP, kan du godt glemme det.

Hvis vi to (dig og mig) begge havde dynamisk (skiftende) IP, kunne jeg lave en masse "gris" på nettet, og blive banned for det. Når du så engang fik den IP jeg havde da jeg blev banned, og kom ind på samme sider, ville du også være banned.

Det betyder, at du bliver straffet for noget en anden har gjort.. Hvilket ikke er så smart..