Results 1 to 2 of 2
Thread: A new scame or what?
-
12-17-2004, 10:49 PM #1Junior Guru Wannabe
- Join Date
- May 2003
- Location
- Rome, GA
- Posts
- 77
A new scame or what?
Ok i have gotton five email's Telling me that my server's are attacking there systems. i'm sure that my boxes are clean. and this is BS
so i asked for the logs this is what they sent.
From: "Security Masters" <security@securitymasters.org>
Date: Fri Dec 17, 2004 02:23:09 PM US/Eastern
To: <ellery@dallas-computers.com>
Cc: <abuse@ezzi.net>
Subject: RE: Attack report
Our apologizes.
We cut and paste wrong.
Best regards
aron
De: Ellery Durgin [mailto:ellery@dallas-computers.com]
Enviado el: Friday, December 17, 2004 11:44 AM
Para: security@securitymasters.org
CC: ellery@dallas-computers.com; abuse@ev1.net; abuse@dallas-computers.com;
cust_service@ev1servers.net; support@ev1servers.net
Asunto: Re: Attack report
This ip is not even in my range. why do you think that im attacking your
system? that server is in ezzi
-----Mensaje original-----
De: Ellery Durgin [mailto:ellery@dallas-computers.com]
Enviado el: Friday, December 17, 2004 11:44 AM
Para: security@securitymasters.org
Somebody remain attacking my server
I send this log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Authentication Failures:
>
> bin (66.199.234.202 ): 1 Time(s)
> unknown (66.199.234.202 ): 20 Time(s)
> root (66.199.234.202 ): 7 Time(s)
>
>
> ---------------------- pam_unix End -------------------------
>
>
>
>
> Failed logins from these:
> alex/password from 66.199.234.202:
2 Time(s)
> backup/password from 66.199.234.202: 1 Time(s)
> bin/password from 66.199.234.202: 1 Time(s)
> computer/password from 66.199.234.202: 1 Time(s)
> info/password from 66.199.234.202: 2 Time(s)
> jack/password from 66.199.234.202: 2 Time(s)
> love/password from 66.199.234.202: 1 Time(s)
> master/password from 66.199.234.202: 1 Time(s)
> oracle/password from 66.199.234.202: 1 Time(s)
> paul/password from 66.199.234.202: 2 Time(s)
> root/password from 66.199.234.202: 7 Time(s)
> slapme/password from 66.199.234.202: 1 Time(s)
> student/password from 66.199.234.202: 1 Time(s)
> user/password from 66.199.234.202: 1 Time(s)
> valentin/password from 66.199.234.202: 1 Time(s)
> webmaster/password from 66.199.234.202: 2 Time(s)
> www/password from 66.199.234.202: 1 Time(s)
>
> **Unmatched Entries**
> Illegal user slapme from 66.199.234.202
> Illegal user oracle from 66.199.234.202
> Illegal user www from 66.199.234.202
> Illegal user master from 66.199.234.202
> Illegal user info from 66.199.234.202
> Illegal user backup from 66.199.234.202
> Illegal user computer from 66.199.234.202
> Illegal user webmaster from 66.199.234.202
> Illegal user info from 66.199.234.202
> Illegal user webmaster from 66.199.234.202
> Illegal user jack from 66.199.234.202
> Illegal user jack from 66.199.234.202
> Illegal user student from 66.199.234.202
> Illegal user user from 66.199.234.202
> Illegal user alex from 66.199.234.202
> Illegal user alex from 66.199.234.202
> Illegal user paul from 66.199.234.202
> Illegal user paul from 66.199.234.202
> Illegal user valentin from 66.199.234.202
> Illegal user love from 66.199.234.202
> User root not allowed because not listed in AllowUsers
>
> ---------------------- SSHD End -------------------------
>
>
>
> ------------------ Disk Space --------------------
>
> Filesystem Size Used Avail Use% Mounted on
> /dev/hda2 17G 6.6G 8.9G 43% /
> /dev/hda1 198M 8.2M 180M 5% /boot
> none 243M 0 243M 0% /dev/shm
>
>
> ###################### LogWatch End #########################
NeoTrace Trace Version 3.25 Results
Target: dallas-computers.com
Date: 12/17/2004 (Friday), 10:55:31 AM
Nodes: 15
Node Data
Node Net Reg IP Address Location Node Name
15 1 1 64.246.20.175 Unknown ev1s-64-246-20-175.ev1servers.net
Packet Data
Node High Low Avg Tot Lost
15 270 51 53 57 1
Network Data
Network id#: 1
OrgName: Everyones Internet, Inc.
OrgID: EVRY
Address: 2600 Southwest Freeway
Address: Suite 500
City: Houston
StateProv: TX
PostalCode: 77098
Country: US
NetRange: 64.246.0.0 - 64.246.63.255
CIDR: 64.246.0.0/18
NetName: EVRY-BLK-9
NetHandle: NET-64-246-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1.NET
NameServer: NS2.EV1.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-10-05
Updated: 2003-03-31
TechHandle: RW172-ARIN
TechName: Williams, Randy
TechPhone: +1-713-400-5400
TechEmail: admin@ev1.net
OrgAbuseHandle: ABUSE477-ARIN
OrgAbuseName: ABUSE
OrgAbusePhone: +1-713-400-5400
OrgAbuseEmail: abuse@ev1.net
OrgNOCHandle: NOC1445-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-713-400-5400
OrgNOCEmail: noc@ev1.net
OrgTechHandle: RW172-ARIN
OrgTechName: Williams, Randy
OrgTechPhone: +1-713-400-5400
OrgTechEmail: admin@ev1.net
OrgTechHandle: VST3-ARIN
OrgTechName: Stinson, Valarie
OrgTechPhone: +1-713-400-5400
OrgTechEmail: admin2@ev1.net
ARIN WHOIS database, last updated 2004-12-16 19:10
Registrant Data
Registrant id#: 1
NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS
database through the use of high-volume, automated, electronic processes. The
Data in Network Solutions' WHOIS database is provided by Network Solutions for information
purposes only, and to assist persons in obtaining information about or related
to a domain name registration record. Network Solutions does not guarantee its accuracy.
By submitting a WHOIS query, you agree to abide by the following terms of use:
You agree that you may use this Data only for lawful purposes and that under no
circumstances will you use this Data to: (1) allow, enable, or otherwise support
the transmission of mass unsolicited, commercial advertising or solicitations
via e-mail, telephone, or facsimile; or (2) enable high volume, automated,
electronic processes that apply to Network Solutions (or its computer systems). The
compilation, repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of Network Solutions. You agree not to use
high-volume, automated, electronic processes to access or query the WHOIS
database. Network Solutions reserves the right to terminate your access to the WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this policy.
Network Solutions reserves the right to modify these terms at any time.
_____
NeoTrace Copyright ©1997-2001 NeoWorx Inc
From:
Somebody remain attacking my server
I send this log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Authentication Failures:
>
> bin (66.199.234.202 ): 1 Time(s)
> unknown (66.199.234.202 ): 20 Time(s)
> root (66.199.234.202 ): 7 Time(s)
>
>
> ---------------------- pam_unix End -------------------------
>
>
>
>
> Failed logins from these:
> alex/password from 66.199.234.202: 2 Time(s)
> backup/password from 66.199.234.202: 1 Time(s)
> bin/password from 66.199.234.202: 1 Time(s)
> computer/password from 66.199.234.202: 1 Time(s)
> info/password from 66.199.234.202: 2 Time(s)
> jack/password from 66.199.234.202: 2 Time(s)
> love/password from 66.199.234.202: 1 Time(s)
> master/password from 66.199.234.202: 1 Time(s)
> oracle/password from 66.199.234.202: 1 Time(s)
> paul/password from 66.199.234.202: 2 Time(s)
> root/password from 66.199.234.202: 7 Time(s)
> slapme/password from 66.199.234.202: 1 Time(s)
> student/password from 66.199.234.202: 1 Time(s)
> user/password from 66.199.234.202: 1 Time(s)
> valentin/password from 66.199.234.202: 1 Time(s)
> webmaster/password from 66.199.234.202: 2 Time(s)
> www/password from 66.199.234.202: 1 Time(s)
>
> **Unmatched Entries**
> Illegal user slapme from 66.199.234.202
> Illegal user oracle from 66.199.234.202
> Illegal user www from 66.199.234.202
> Illegal user master from 66.199.234.202
> Illegal user info from 66.199.234.202
> Illegal user backup from 66.199.234.202
> Illegal user computer from 66.199.234.202
> Illegal user webmaster from 66.199.234.202
> Illegal user info from 66.199.234.202
> Illegal user webmaster from 66.199.234.202
> Illegal user jack from 66.199.234.202
> Illegal user jack from 66.199.234.202
> Illegal user student from 66.199.234.202
> Illegal user user from 66.199.234.202
> Illegal user alex from 66.199.234.202
> Illegal user alex from 66.199.234.202
> Illegal user paul from 66.199.234.202
> Illegal user paul from 66.199.234.202
> Illegal user valentin from 66.199.234.202
> Illegal user love from 66.199.234.202
> User root not allowed because not listed in AllowUsers
>
> ---------------------- SSHD End -------------------------
>
>
>
> ------------------ Disk Space --------------------
>
> Filesystem Size Used Avail Use% Mounted on
> /dev/hda2 17G 6.6G 8.9G 43% /
> /dev/hda1 198M 8.2M 180M 5% /boot
> none 243M 0 243M 0% /dev/shm
>
>
> ###################### LogWatch End #########################
NeoTrace Trace Version 3.25 Results
Target: dallas-computers.com
Date: 12/17/2004 (Friday), 10:55:31 AM
Nodes: 15
Node Data
Node Net Reg IP Address Location Node Name
15 1 1 64.246.20.175 Unknown ev1s-64-246-20-175.ev1servers.net
Packet Data
Node High Low Avg Tot Lost
15 270 51 53 57 1
Network Data
Network id#: 1
OrgName: Everyones Internet, Inc.
OrgID: EVRY
Address: 2600 Southwest Freeway
Address: Suite 500
City: Houston
StateProv: TX
PostalCode: 77098
Country: US
NetRange: 64.246.0.0 - 64.246.63.255
CIDR: 64.246.0.0/18
NetName: EVRY-BLK-9
NetHandle: NET-64-246-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1.NET
NameServer: NS2.EV1.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-10-05
Updated: 2003-03-31
TechHandle: RW172-ARIN
TechName: Williams, Randy
TechPhone: +1-713-400-5400
TechEmail: admin@ev1.net
OrgAbuseHandle: ABUSE477-ARIN
OrgAbuseName: ABUSE
OrgAbusePhone: +1-713-400-5400
OrgAbuseEmail: abuse@ev1.net
OrgNOCHandle: NOC1445-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-713-400-5400
OrgNOCEmail: noc@ev1.net
OrgTechHandle: RW172-ARIN
OrgTechName: Williams, Randy
OrgTechPhone: +1-713-400-5400
OrgTechEmail: admin@ev1.net
OrgTechHandle: VST3-ARIN
OrgTechName: Stinson, Valarie
OrgTechPhone: +1-713-400-5400
OrgTechEmail: admin2@ev1.net
ARIN WHOIS database, last updated 2004-12-16 19:10
Registrant Data
Registrant id#: 1
NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS
database through the use of high-volume, automated, electronic processes. The
Data in Network Solutions' WHOIS database is provided by Network Solutions for information
purposes only, and to assist persons in obtaining information about or related
to a domain name registration record. Network Solutions does not guarantee its accuracy.
By submitting a WHOIS query, you agree to abide by the following terms of use:
You agree that you may use this Data only for lawful purposes and that under no
circumstances will you use this Data to: (1) allow, enable, or otherwise support
the transmission of mass unsolicited, commercial advertising or solicitations
via e-mail, telephone, or facsimile; or (2) enable high volume, automated,
electronic processes that apply to Network Solutions (or its computer systems). The
compilation, repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of Network Solutions. You agree not to use
high-volume, automated, electronic processes to access or query the WHOIS
database. Network Solutions reserves the right to terminate your access to the WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this policy.
Network Solutions reserves the right to modify these terms at any time.
_____
NeoTrace Copyright ©1997-2001 NeoWorx Inc
-
12-17-2004, 10:51 PM #2Retired Moderator
- Join Date
- Mar 2004
- Location
- Singapore
- Posts
- 6,990
Maybe it is some sys admin overwhelm by the attacks and start sending out to everyone, just email him saying not your IP or maybe give him a pointer of two hw to get the real admin