There and Back Again

New Hacking Attempts

I’ve been seeing brute force attempts on the phpdoc.org server for about 2 weeks now.

Stuff like:
sshd:
Invalid Users:
Unknown Account: 16 Time(s)
Authentication Failures:
unknown (colob166074.serverpark.com ): 4 Time(s)
unknown (cmcc203.cm.nctu.edu.tw ): 12 Time(s)
root (cmcc203.cm.nctu.edu.tw ): 6 Time(s)

Illegal user test from 140.113.236.203
Illegal user test from 140.113.236.203
Illegal user guest from 140.113.236.203
Illegal user guest from 140.113.236.203
Illegal user admin from 140.113.236.203
Illegal user admin from 140.113.236.203
Illegal user admin from 140.113.236.203
Illegal user admin from 140.113.236.203
Illegal user user from 140.113.236.203
Illegal user user from 140.113.236.203
Illegal user test from 140.113.236.203
Illegal user test from 140.113.236.203
Illegal user test from 69.67.166.74
Illegal user test from 69.67.166.74
Illegal user guest from 69.67.166.74
Illegal user guest from 69.67.166.74

Not that i know anyone who has a guest,test,user, or admin account, but if you have one i would suggest, renaming it, and making sure it has a good password.

Also i would interested to know if someone else is seeing this same pattern or has some more info about it.

3 thoughts on “New Hacking Attempts

  1. Omahn

    This is quite widespread at the moment, at least on Janet (UKs academic network.)

  2. Mike

    I’m with you, dude.
    I saw the same evidences but too late.
    Unfortunatly I’v been hacked this weekend, but luckily nothing too bad happened.
    Mr. Jackass just burned 25 GB with ctorrent.