Hello,
This is getting annoying on my another server of mine i have been getting login attempts from china/korea , so if someone knows a complete lists of potential chinesse/korean ips that should be banned please list them , sorry i have nothing againt china or anyone from there , but it is those few people that ruin the image of the whole country .
Current login attempts as noticed are :
the lists continues and will take up 2 3 pages here if i were to post it here .
So does anyone have full ips list that should always remain banned?
There you go added few ips in banned list :
Edit: Here are more ips that are banned now , all originate from either korea , malaysia, china,japan. Man dont theses guys have anything better to do?
Thanks
This is getting annoying on my another server of mine i have been getting login attempts from china/korea , so if someone knows a complete lists of potential chinesse/korean ips that should be banned please list them , sorry i have nothing againt china or anyone from there , but it is those few people that ruin the image of the whole country .
Current login attempts as noticed are :
Code:
> --------------------- pam_unix Begin ------------------------
>
> crond:
> Unknown Entries:
> session closed for user root: 311 Time(s)
> session opened for user root by (uid=0): 311 Time(s)
>
> sshd:
> Authentication Failures:
> unknown (218.188.23.45): 4935 Time(s)
> unknown (211.230.148.87): 1674 Time(s)
> root (218.188.23.45): 95 Time(s)
> root (211.230.148.87): 34 Time(s)
> gopher (218.188.23.45): 13 Time(s)
> unknown (210.91.16.5): 12 Time(s)
> apache (211.230.148.87): 10 Time(s)
> adm (211.230.148.87): 9 Time(s)
> ftp (211.230.148.87): 9 Time(s)
> john (211.230.148.87): 9 Time(s)
> squid (218.188.23.45): 8 Time(s)
> mail (211.230.148.87): 7 Time(s)
> root (210.91.16.5): 7 Time(s)
> vcsa (218.188.23.45): 7 Time(s)
> pcap (218.188.23.45): 6 Time(s)
> shutdown (218.188.23.45): 6 Time(s)
> nscd (218.188.23.45): 5 Time(s)
> ntp (218.188.23.45): 5 Time(s)
> webalizer (218.188.23.45): 5 Time(s)
> adm (218.188.23.45): 4 Time(s)
> apache (218.188.23.45): 4 Time(s)
> daemon (218.188.23.45): 4 Time(s)
> dave (211.230.148.87): 4 Time(s)
> dovecot (218.188.23.45): 4 Time(s)
> ftp (218.188.23.45): 4 Time(s)
> games (218.188.23.45): 4 Time(s)
> halt (218.188.23.45): 4 Time(s)
> lp (218.188.23.45): 4 Time(s)
> mail (218.188.23.45): 4 Time(s)
> mailnull (218.188.23.45): 4 Time(s)
> named (218.188.23.45): 4 Time(s)
> news (218.188.23.45): 4 Time(s)
> nobody (218.188.23.45): 4 Time(s)
> operator (218.188.23.45): 4 Time(s)
> rpc (218.188.23.45): 4 Time(s)
> rpm (218.188.23.45): 4 Time(s)
> smmsp (218.188.23.45): 4 Time(s)
> sync (218.188.23.45): 4 Time(s)
> uucp (218.188.23.45): 4 Time(s)
> sshd (218.188.23.45): 3 Time(s)
> bin (218.188.23.45): 2 Time(s)
> john (210.91.16.5): 1 Time(s)
> Invalid Users:
> Unknown Account: 6621 Time(s)
>
>
> ---------------------- pam_unix End -------------------------
>
>
> --------------------- sendmail Begin ------------------------
>
>
>
> Bytes Transferred: 5930
> Messages Sent: 2
> Total recipients: 2
> ---------------------- sendmail End -------------------------
>
>
> --------------------- SSHD Begin ------------------------
>
>
> SSHD Killed: 1 Time(s)
>
> SSHD Started: 1 Time(s)
>
> Failed to bind:
> 0.0.0.0 port 22 (Address already in use) : 1 Time(s)
>
> Failed logins from these:
> adm/password from ::ffff:211.230.148.87: 9 Time(s)
> adm/password from ::ffff:218.188.23.45: 4 Time(s)
> apache/password from ::ffff:211.230.148.87: 10 Time(s)
> apache/password from ::ffff:218.188.23.45: 4 Time(s)
> bin/password from ::ffff:218.188.23.45: 2 Time(s)
> daemon/password from ::ffff:218.188.23.45: 4 Time(s)
> dave/password from ::ffff:211.230.148.87: 4 Time(s)
> dovecot/password from ::ffff:218.188.23.45: 4 Time(s)
> ftp/password from ::ffff:211.230.148.87: 9 Time(s)
> ftp/password from ::ffff:218.188.23.45: 4 Time(s)
> games/password from ::ffff:218.188.23.45: 4 Time(s)
> gopher/password from ::ffff:218.188.23.45: 13 Time(s)
> halt/password from ::ffff:218.188.23.45: 4 Time(s)
> john/password from ::ffff:210.91.16.5: 1 Time(s)
> john/password from ::ffff:211.230.148.87: 9 Time(s)
> lp/password from ::ffff:218.188.23.45: 4 Time(s)
> mail/password from ::ffff:211.230.148.87: 7 Time(s)
> mail/password from ::ffff:218.188.23.45: 4 Time(s)
> mailnull/password from ::ffff:218.188.23.45: 4 Time(s)
> named/password from ::ffff:218.188.23.45: 4 Time(s)
> news/password from ::ffff:218.188.23.45: 4 Time(s)
> nobody/password from ::ffff:218.188.23.45: 4 Time(s)
> nscd/password from ::ffff:218.188.23.45: 5 Time(s)
> ntp/password from ::ffff:218.188.23.45: 5 Time(s)
> operator/password from ::ffff:218.188.23.45: 4 Time(s)
> pcap/password from ::ffff:218.188.23.45: 6 Time(s)
> root/password from ::ffff:210.91.16.5: 7 Time(s)
> root/password from ::ffff:211.230.148.87: 34 Time(s)
> root/password from ::ffff:218.188.23.45: 95 Time(s)
> rpc/password from ::ffff:218.188.23.45: 4 Time(s)
> rpm/password from ::ffff:218.188.23.45: 4 Time(s)
> shutdown/password from ::ffff:218.188.23.45: 6 Time(s)
> smmsp/password from ::ffff:218.188.23.45: 4 Time(s)
> squid/password from ::ffff:218.188.23.45: 8 Time(s)
> sshd/password from ::ffff:218.188.23.45: 3 Time(s)
> sync/password from ::ffff:218.188.23.45: 4 Time(s)
> uucp/password from ::ffff:218.188.23.45: 4 Time(s)
> vcsa/password from ::ffff:218.188.23.45: 7 Time(s)
> webalizer/password from ::ffff:218.188.23.45: 5 Time(s)
>
the lists continues and will take up 2 3 pages here if i were to post it here .
So does anyone have full ips list that should always remain banned?
There you go added few ips in banned list :
Code:
[root@localhost apf]# iptables -I INPUT -p tcp -s 218.0.0.0 -j DROP
[root@localhost apf]# iptables -I INPUT -p udp -s 218.0.0.0 -j DROP
[root@localhost apf]# iptables -I INPUT -p udp -s 211.0.0.0 -j DROP
[root@localhost apf]# iptables -I INPUT -p tcp -s 211.0.0.0 -j DROP
[root@localhost apf]#
Edit: Here are more ips that are banned now , all originate from either korea , malaysia, china,japan. Man dont theses guys have anything better to do?
Code:
[root@localhost apf]# iptables -I INPUT -p tcp -s 220.0.0.0 -j DROP
[root@localhost apf]# iptables -I INPUT -p udp -s 220.0.0.0 -j DROP
[root@localhost apf]# iptables -I INPUT -p udp -s 221.0.0.0 -j DROP
[root@localhost apf]# iptables -I INPUT -p tcp -s 221.0.0.0 -j DROP
[root@localhost apf]# iptables -I INPUT -p tcp -s 61.152.0.0 -j DROP
[root@localhost apf]# iptables -I INPUT -p udp -s 61.152.0.0 -j DROP
[root@localhost apf]# iptables -I INPUT -p udp -s 60.0.0.0 -j DROP
[root@localhost apf]# iptables -I INPUT -p tcp -s 60.0.0.0 -j DROP
Last edited: