HideMyAss.com

Monday 23 September 2013

[Fail2Ban] SSH: banned 111.74.134.216

Hi,

The IP 111.74.134.216 has just been banned by Fail2Ban after
5 attempts against SSH.


Here are more information about 111.74.134.216:

[Querying whois.arin.net]
[Redirected to whois.apnic.net]
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to '111.72.0.0 - 111.79.255.255'

inetnum: 111.72.0.0 - 111.79.255.255
netname: CHINANET-JX
descr: CHINANET JIANGXI PROVINCE NETWORK
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
status: ALLOCATED PORTABLE
admin-c: JN113-AP
tech-c: JN113-AP
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20090528
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-IP-WWF
source: APNIC

role: JXDCB NET
address: Jiangxi telecom network operation support department
address: No.2009, Beijing East Road , nanchang,jiangxi province
country: CN
phone: +86 79186600000
e-mail: wzzx_2013@189.cn
remarks: send spam reports to wzzx_2013@189.cn
remarks: and abuse reports to wzzx_2013@189.cn
remarks: http://www.online.jx.cn
admin-c: XY1-AP
tech-c: WZ1-CN
tech-c: WW49-AP
nic-hdl: JN113-AP
notify: wzzx_2013@189.cn
mnt-by: MAINT-IP-WWF
changed: hm-changed@apnic.net 20020812
changed: chenyiq@gsta.com 20130221
source: APNIC

% This query was served by the APNIC Whois Service version 1.68 (UNDEFINED)

Regards,

Fail2Ban
Posted by at

1 comment:

  1. Unknown11 November 2013 at 22:21

    Hi Horst

    These hackers have also been trying to exploit my server using brute force
    These are their footprints;

    Nov 1 23:14:16 mail sshd[8863]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:14:23 mail sshd[8864]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:14:29 mail sshd[8866]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:14:36 mail sshd[8867]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:14:42 mail sshd[8868]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:14:48 mail sshd[8869]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:14:55 mail sshd[8870]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:15:01 mail sshd[8871]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:15:07 mail sshd[8872]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:15:14 mail sshd[8873]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:15:20 mail sshd[8874]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:15:26 mail sshd[8875]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:15:33 mail sshd[8877]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:15:39 mail sshd[8879]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1 23:15:45 mail sshd[8881]: refused connect from 111.74.134.216 (111.74.134.216)
    Nov 1

    using other bots

    Nov 2 01:15:19 mail proftpd: pam_unix(proftpd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd9896 ruser=applecare rhost=58.254.172.180 u
    Nov 2 01:15:33 mail proftpd: pam_unix(proftpd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd9904 ruser=applecare rhost=58.254.172.180 u
    Nov 2 01:15:45 mail proftpd: pam_unix(proftpd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd9911 ruser=applecare rhost=58.254.172.180 u


    "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 490 "-" "ZmEu"
    186.42.213.227 - - [30/Oct/2013:08:16:52 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
    186.42.213.227 - - [30/Oct/2013:08:16:52 +0200] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
    186.42.213.227 - - [30/Oct/2013:08:16:53 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"

    176.9.28.244 - - [02/Nov/2013:14:07:53 +0200] "POST //%63%67%69%2D%62%69%6E/%70%68%70%35?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+
    176.9.28.244 - - [02/Nov/2013:14:07:53 +0200] "POST //%63%67%69%2D%62%69%6E/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D
    176.9.28.244 - - [02/Nov/2013:14:07:54 +0200] "POST //%63%67%69%2D%62%69%6E/%70%68%70%2D%63%67%69?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%
    176.9.28.244 - - [02/Nov/2013:14:07:55 +0200] "POST //%63%67%69%2D%62%69%6E/%70%68%70%34?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+
    176.9.28.244 - - [02/Nov/2013:14:07:55 +0200] "POST //%63%67%69%2D%62%69%6E/%70%68%70%2E%63%67%69?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%
    [11/11/2013 8:37:30 PM] Jonas: 202.46.48.49 - - [02/Nov/2013:17:27:30 +0200] "GET /Dental_Plans.cfm?fp=0zYn6GSZtvlbd4k2abGq7c8tfthTfbpsxsUbAsJkBOhd4qscsvWfp%2FyN8Na2tEE9lC7bNDu6tqOFFdipI0F

    ReplyDelete

Subscribe to: Post Comments (Atom)