[Fail2Ban] ssh: banned 191.234.33.0

Hi, The IP 191.234.33.0 has just been banned by Fail2Ban after 6 attempts against ssh. Here are more information about 191.234.33.0: % Joint Whois – whois.lacnic.net % This server accepts single ASN, IPv4 or IPv6 queries % Brazilian resource: whois.registro.br % Copyright (c) Nic.br % The use of the data below is only permitted as described in % full by the terms of use at http://registro.br/termo/en.html , % being prohibited its distribution, comercialization or % reproduction, in particular, to use it for advertising or % any similar purpose. % 2014-04-30 04:40:01 (BRT -03:00) inetnum: 191.232/14 aut-num: AS8075 abuse-c: BEORN2 owner: Microsoft Informatica Ltda ownerid: 060.316.817/0001-03 responsible: Benjamin Orndorff country: BR owner-c: BEORN2 tech-c: BEORN2 inetrev: 191.234.32/19 nserver: ns1.msft.net nsstat: 20140427 AA nslastaa: 20140427 nserver: ns2.msft.net nsstat: 20140427 AA nslastaa: 20140427 nserver: ns3.msft.net nsstat: 20140427 AA nslastaa: 20140427 nserver: ns4.msft.net nsstat: 20140427 AA nslastaa: 20140427 nserver: ns5.msft.net nsstat: 20140427 AA nslastaa: 20140427 created: 20130911 changed: 20130911 nic-hdl-br: BEORN2 person: Benjamin Orndorff e-mail: domains@microsoft.com created: 20110810 changed: 20131212 % Security and mail abuse issues should also be addressed to % cert.br, http://www.cert.br/, respectivelly to cert@cert.br % and mail-abuse@cert.br % % whois.registro.br accepts only direct match queries. Types % of queries are: domain (.br), registrant (tax ID), ticket, % provider, contact handle (ID), CIDR block, IP and ASN. Lines containing IP:191.234.33.0 in /var/log/auth.log Apr 30 03:39:25 vps3 sshd[32270]: Did not receive identification string from 191.234.33.0 Apr 30 03:39:31 vps3 sshd[32272]: Invalid user admin from 191.234.33.0 Apr 30 03:39:31 vps3 sshd[32272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.234.33.0 Apr 30 03:39:33 vps3 sshd[32272]: Failed password for invalid user admin from 191.234.33.0 port 1041 ssh2 Apr 30 03:39:33 vps3 sshd[32272]: Received disconnect from 191.234.33.0: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] Apr 30 03:39:44 vps3 sshd[32274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.234.33.0 user=root Apr 30 03:39:45 vps3 sshd[32274]: Failed password for root from 191.234.33.0 port 1040 ssh2 Apr 30 03:39:45 vps3 sshd[32274]: Received disconnect from 191.234.33.0: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] Apr 30 03:39:49 vps3 sshd[32276]: Invalid user guest from 191.234.33.0 Apr 30 03:39:49 vps3 sshd[32276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.234.33.0 Apr 30 03:39:51 vps3 sshd[32276]: Failed password for invalid user guest from 191.234.33.0 port 1042 ssh2 Apr 30 03:39:51 vps3 sshd[32276]: Received disconnect from 191.234.33.0: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] Apr 30 03:39:58 vps3 sshd[32278]: Invalid user ubnt from 191.234.33.0 Apr 30 03:39:58 vps3 sshd[32278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.234.33.0 Apr 30 03:40:00 vps3 sshd[32278]: Failed password for invalid user ubnt from 191.234.33.0 port 1043 ssh2 Apr 30 03:40:00 vps3 sshd[32278]: Received disconnect from 191.234.33.0: 3: com.jcraft.jsch.JSchException: Auth fail...

read more

[Fail2Ban] ssh: banned 168.63.211.215

Hi, The IP 168.63.211.215 has just been banned by Fail2Ban after 6 attempts against ssh. Here are more information about 168.63.211.215: # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=168.63.211.215?showDetails=true&showARIN=false&ext=netref2 # NetRange: 168.61.0.0 – 168.63.255.255 CIDR: 168.62.0.0/15, 168.61.0.0/16 OriginAS: NetName: MICROSOFT NetHandle: NET-168-61-0-0-1 Parent: NET-168-0-0-0-0 NetType: Direct Assignment RegDate: 2011-06-22 Updated: 2013-08-20 Ref: http://whois.arin.net/rest/net/NET-168-61-0-0-1 OrgName: Microsoft Corp OrgId: MSFT-Z Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US RegDate: 2011-06-22 Updated: 2013-10-03 Comment: To report suspected security issues specific to Comment: traffic emanating from Microsoft online services, Comment: including the distribution of malicious content Comment: or other illicit or illegal material through a Comment: Microsoft online service, please submit reports Comment: to: Comment: * https://cert.microsoft.com. Comment: Comment: For SPAM and other abuse issues, such as Microsoft Comment: Accounts, please contact: Comment: * abuse@microsoft.com. Comment: Comment: To report security vulnerabilities in Microsoft Comment: products and services, please contact: Comment: * secure@microsoft.com. Comment: Comment: For legal and law enforcement-related requests, Comment: please contact: Comment: * msndcc@microsoft.com Comment: Comment: For routing, peering or DNS issues, please Comment: contact: Comment: * IOC@microsoft.com Ref: http://whois.arin.net/rest/org/MSFT-Z OrgTechHandle: MRPD-ARIN OrgTechName: Microsoft Routing, Peering, and DNS OrgTechPhone: +1-425-882-8080 OrgTechEmail: IOC@microsoft.com OrgTechRef: http://whois.arin.net/rest/poc/MRPD-ARIN OrgAbuseHandle: MAC74-ARIN OrgAbuseName: Microsoft Abuse Contact OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@microsoft.com OrgAbuseRef: http://whois.arin.net/rest/poc/MAC74-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # Lines containing IP:168.63.211.215 in /var/log/auth.log Apr 22 17:33:59 vps3 sshd[26047]: Did not receive identification string from 168.63.211.215 Apr 22 17:34:20 vps3 sshd[26048]: Invalid user admin from 168.63.211.215 Apr 22 17:34:20 vps3 sshd[26048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215 Apr 22 17:34:22 vps3 sshd[26048]: Failed password for invalid user admin from 168.63.211.215 port 1050 ssh2 Apr 22 17:34:42 vps3 sshd[26051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215 user=root Apr 22 17:34:45 vps3 sshd[26051]: Failed password for root from 168.63.211.215 port 1049 ssh2 Apr 22 17:35:19 vps3 sshd[26053]: Invalid user guest from 168.63.211.215 Apr 22 17:35:19 vps3 sshd[26053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215 Apr 22 17:35:20 vps3 sshd[26053]: Failed password for invalid user guest from 168.63.211.215 port 1050 ssh2 Apr 22 17:36:10 vps3 sshd[26056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215 user=uucp Apr 22 17:36:12 vps3 sshd[26056]: Failed password for uucp from 168.63.211.215 port 1040 ssh2 Regards,...

read more

MSN Live Search Adds A Captcha

Yes, I know the previous post published without being finished. I’ll have to fix that some time soon. For some strange reason, I can’t get to Google today.  No Google search, no Google Adsense, no Google webmaster tools, no GMail which really is an issue.  Nothing. So anyway, I still have things to do today.  I guess I have to to use another search engine to get some work done. I’ve used MSN a number of times previously, usually to see how different search engines compare with certain search terms.  So I headed over to MSN.com to give it a try. Imagine my complete surprise when the above captcha pops up. Not once, not twice but every single time I did a search.  And it wasn’t an easy captcha either but captchas with other characters in the background, making it harder to read. (At least for me.) Now, I’m not a big fan of captchas.  I’ve noticed that they really don’t work and are easy to beat.  MSN isn’t alone with their use either.  Google’s done it before, recently as well, and they’re not that easy to read either. (Rather long if you ask me.) I don’t see it that often though on Google.  And it didn’t take 5 tries that it did with some of...

read more

Looking back at January

Breakfast was cool.  Had eggs, bacon, and biscuits.  I think I was the only non-church person there so i had to introduce myself a number of times but I didn’t mind.  I walk by the church twice every day when I head over to UNCC.  Didn’t get any pictures as my batteries died with the other breakfast this morning under the bridge. I finally got a chance to look over the most read posts for January.  I probably should do some sort of Top Post widget in the sidebar. (edit: Done now.) – Download Dragon Magazine and it’s Part #2 article. – Mac Desktop Wallpapers – 50 Things NOT to do at Hogwarts (And I feel bad about that as it’s not even mine.) – Robot Chicken: Charlie Brown And The Great Pumpkin – Download Harry Potter and the Deathly Hallows? (You can but not with those links.) – Family Guy Videos – Rock Lobster – Movable Type 4.1 gets released (*shrug* All I said was that it was released.) – Crash on Volturnus – Chapter 1 (I really should go back and work on that. I liked writing that stuff.) – Pairings (Another old Daria fanfiction piece that I had written way back when.) – How to stop the irritating “Updating your computer is almost complete – Restart Now?”...

read more