Web Hosting Talk






PDA

View Full Version : Malicious IP

rey
07-22-2002, 03:21 PM
Found thousands of this in /var/log/messages:
...
Jul 22 10:51:17 m1 authpsa: checkmailpasswd: FAILED: xxxx - password incorrect from @ [24.129.116.123]
Jul 22 10:52:24 m1 authpsa: checkmailpasswd: FAILED: xxxx - password incorrect from @ [24.129.116.123]
Jul 22 10:52:31 m1 authpsa: checkmailpasswd: FAILED: customerservice - no such user from @ [24.129.116.123]
Jul 22 10:52:39 m1 authpsa: checkmailpasswd: FAILED: xxxx - password incorrect from @ [24.129.116.123]
Jul 22 10:52:47 m1 authpsa: checkmailpasswd: FAILED: xxxx - password incorrect from @ [24.129.116.123]
Jul 22 10:53:54 m1 authpsa: checkmailpasswd: FAILED: xxxx - password incorrect from @ [24.129.116.123]
Jul 22 10:54:02 m1 authpsa: checkmailpasswd: FAILED: customerservice - no such user from @ [24.129.116.123]
Jul 22 10:54:09 m1 authpsa: checkmailpasswd: FAILED: xxxx - password incorrect from @ [24.129.116.123]
Jul 22 10:54:17 m1 authpsa: checkmailpasswd: FAILED: xxxx - password incorrect from @ [24.129.116.123]
Jul 22 10:55:25 m1 authpsa: checkmailpasswd: FAILED: xxxx - password incorrect from @ [24.129.116.123]
Jul 22 10:55:32 m1 authpsa: checkmailpasswd: FAILED: customerservice - no such user from @ [24.129.116.123]
Jul 22 10:55:40 m1 authpsa: checkmailpasswd: FAILED: xxxx - password incorrect from @ [24.129.116.123]
Jul 22 10:55:48 m1 authpsa: checkmailpasswd: FAILED: xxxx - password incorrect from @ [24.129.116.123]
Jul 22 10:56:55 m1 authpsa: checkmailpasswd: FAILED: xxxx - password incorrect from @ [24.129.116.123]
Jul 22 10:57:03 m1 authpsa: checkmailpasswd: FAILED: customerservice - no such user from @ [24.129.116.123]
...

This ip traced to: c-24-129-116-123.se.client2.attbi.com

I thought I share it in this forum, just in case he/she tried to grab your password. :)
rtsit
07-25-2002, 02:27 AM
Isn't that a cable modem?
WiseOnline
07-25-2002, 02:43 AM
Got a firewall? I would investigate that.
ntwaddel
07-25-2002, 02:45 AM
Resolved 24.129.116.123 to c-24-129-116-123.se.client2.attbi.com

tisk tisk, i would complain :D
WiseOnline
07-25-2002, 02:49 AM
Complain? Hual ass! :X
WiseOnline
07-25-2002, 02:52 AM
Pardon my french.
rey
07-25-2002, 07:55 AM
Yes, it's a cable modem. And we have submit an abuse report to ATT. I hope they will do what's right :)
SpocksBrain
07-25-2002, 08:51 AM
I searched on the IP at http://groups.google.com and it appears to be an old MediaOne IP from Jacksonville before they were bought by ATT.
MGCJerry
07-25-2002, 12:14 PM
LOL... Good luck getting a hold of AT&T... I reported someone trying to hack me on the same netblock (in the same city) and they never done anything about it.

I know this because I was a Mediaone Customer when AT&T took over Mediaone in the city in question. My tech support calls got redirected to Washington State...

I wish you some luck in reporting this... :rolleyes: :D
rey
07-25-2002, 12:38 PM
I guess you're right. I removed the ipchains filter and in seconds I got the same log.