April 12, 2010

How Secure is your Server?

Hackers are EVERYWHERE! Hackers, script kiddies. They are out there and they are trying to get at you. Here is just one of our server logs from one of our dedicated servers.

--------------------- SSHD Begin ------------------------

Illegal users from these:
Invalid/none from 15degrees-north: 4 Time(s)
Invalid/none from adms: 8 Time(s)
Invalid/none from adnan: 8 Time(s)
Invalid/none from agos: 8 Time(s)
Invalid/none from alessa: 8 Time(s)
Invalid/none from alessandro: 8 Time(s)
Invalid/none from alf: 8 Time(s)
Invalid/none from alfredo: 8 Time(s)
Invalid/none from allumin: 8 Time(s)
Invalid/none from alton: 8 Time(s)
Invalid/none from amas: 8 Time(s)
Invalid/none from amei: 8 Time(s)
Invalid/none from amina: 8 Time(s)
Invalid/none from anti: 8 Time(s)
Invalid/none from anwar: 8 Time(s)
Invalid/none from appl12i: 8 Time(s)
Invalid/none from applmgr: 16 Time(s)
Invalid/none from applprod: 8 Time(s)
Invalid/none from armm: 8 Time(s)
Invalid/none from at: 8 Time(s)
Invalid/none from at1: 8 Time(s)
Invalid/none from aushilfe: 8 Time(s)
Invalid/none from av: 8 Time(s)
Invalid/none from av1: 8 Time(s)
Invalid/none from babu: 8 Time(s)
Invalid/none from bacsagro: 8 Time(s)
Invalid/none from bafps: 8 Time(s)
Invalid/none from banco: 8 Time(s)
Invalid/none from biotech: 8 Time(s)
Invalid/none from bit: 8 Time(s)
Invalid/none from bit1: 8 Time(s)
Invalid/none from bit2: 8 Time(s)
Invalid/none from bit3: 8 Time(s)
Invalid/none from bonebrake: 8 Time(s)
Invalid/none from bpi: 8 Time(s)
Invalid/none from bswm: 8 Time(s)
Invalid/none from bushra: 8 Time(s)
Invalid/none from car: 8 Time(s)
Invalid/none from caraga: 8 Time(s)
Invalid/none from cassa1: 8 Time(s)
Invalid/none from cassa2: 8 Time(s)
Invalid/none from cicione: 8 Time(s)
Invalid/none from cinzia: 8 Time(s)
Invalid/none from club: 8 Time(s)
Invalid/none from cosmos: 8 Time(s)
Invalid/none from daea: 8 Time(s)
Invalid/none from dan: 8 Time(s)
Invalid/none from darmes: 8 Time(s)
Invalid/none from darnnel: 8 Time(s)
Invalid/none from dasusr: 8 Time(s)
Invalid/none from davide: 8 Time(s)
Invalid/none from daweb: 8 Time(s)
Invalid/none from db2as: 8 Time(s)
Invalid/none from db2eldok: 8 Time(s)
Invalid/none from db2fenc1: 8 Time(s)
Invalid/none from db2fenc2: 8 Time(s)
Invalid/none from db2fenc3: 8 Time(s)
Invalid/none from db2inst1: 8 Time(s)
Invalid/none from dbhatt: 8 Time(s)
Invalid/none from delta: 8 Time(s)
Invalid/none from dmitry: 8 Time(s)
Invalid/none from drew: 8 Time(s)
Invalid/none from ellen: 8 Time(s)
Invalid/none from emran: 8 Time(s)
Invalid/none from ennio: 8 Time(s)
Invalid/none from evgeny: 8 Time(s)
Invalid/none from evilde: 8 Time(s)
Invalid/none from federal: 8 Time(s)
Invalid/none from felice: 8 Time(s)
Invalid/none from fida: 8 Time(s)
Invalid/none from fjs: 8 Time(s)
Invalid/none from fos: 8 Time(s)
Invalid/none from fpa: 8 Time(s)
Invalid/none from fra2: 8 Time(s)
Invalid/none from franc: 8 Time(s)
Invalid/none from franci: 8 Time(s)
Invalid/none from frank: 8 Time(s)
Invalid/none from franz: 8 Time(s)
Invalid/none from froilan: 8 Time(s)
Invalid/none from ftp-test1: 8 Time(s)
Invalid/none from ftp-test2: 8 Time(s)
Invalid/none from ftp-test3: 8 Time(s)
Invalid/none from ftp-test4: 8 Time(s)
Invalid/none from ftptest: 8 Time(s)
Invalid/none from g4l: 8 Time(s)
Invalid/none from gabriele: 8 Time(s)
Invalid/none from gatti: 8 Time(s)
Invalid/none from ge: 8 Time(s)
Invalid/none from ge1: 8 Time(s)
Invalid/none from genero: 8 Time(s)
Invalid/none from genof: 8 Time(s)
Invalid/none from geometra: 8 Time(s)
Invalid/none from gianluca: 8 Time(s)
Invalid/none from giuseppe: 8 Time(s)
Invalid/none from goulibo: 8 Time(s)
Invalid/none from grazia: 8 Time(s)
Invalid/none from heidi: 8 Time(s)
Invalid/none from hennlich: 8 Time(s)
Invalid/none from host: 4 Time(s)
Invalid/none from host.15degrees-north.com: 2 Time(s)
Invalid/none from huabo: 8 Time(s)
Invalid/none from hvcc: 8 Time(s)
Invalid/none from imistemp: 8 Time(s)
Invalid/none from infra: 8 Time(s)
Invalid/none from it1: 8 Time(s)
Invalid/none from itcaf: 8 Time(s)
Invalid/none from itcph: 8 Time(s)
Invalid/none from ja: 8 Time(s)
Invalid/none from janson: 8 Time(s)
Invalid/none from jarek: 8 Time(s)
Invalid/none from jersey: 8 Time(s)
Invalid/none from jing: 8 Time(s)
Invalid/none from jw: 8 Time(s)
Invalid/none from kamuser: 8 Time(s)
Invalid/none from komat: 8 Time(s)
Invalid/none from kplus: 8 Time(s)
Invalid/none from kurt: 8 Time(s)
Invalid/none from ldc: 8 Time(s)
Invalid/none from legname: 8 Time(s)
Invalid/none from leszek: 8 Time(s)
Invalid/none from lidong: 8 Time(s)
Invalid/none from lisa: 8 Time(s)
Invalid/none from liu: 8 Time(s)
Invalid/none from liujun: 8 Time(s)
Invalid/none from lj: 8 Time(s)
Invalid/none from luana: 8 Time(s)
Invalid/none from luca: 8 Time(s)
Invalid/none from lucca: 8 Time(s)
Invalid/none from luciana: 8 Time(s)
Invalid/none from luciano: 8 Time(s)
Invalid/none from luigi: 8 Time(s)
Invalid/none from luzern: 8 Time(s)
Invalid/none from mako: 8 Time(s)
Invalid/none from marcing: 8 Time(s)
Invalid/none from mariap: 8 Time(s)
Invalid/none from marilena: 8 Time(s)
Invalid/none from mark: 8 Time(s)
Invalid/none from markh: 8 Time(s)
Invalid/none from massimo: 8 Time(s)
Invalid/none from matth: 8 Time(s)
Invalid/none from mav: 8 Time(s)
Invalid/none from mca: 16 Time(s)
Invalid/none from mediabank: 8 Time(s)
Invalid/none from medina: 8 Time(s)
Invalid/none from mei: 8 Time(s)
Invalid/none from meili: 8 Time(s)
Invalid/none from melanie: 8 Time(s)
Invalid/none from mercuri: 8 Time(s)
Invalid/none from midas: 8 Time(s)
Invalid/none from miles: 8 Time(s)
Invalid/none from morpheus: 8 Time(s)
Invalid/none from mrdp: 8 Time(s)
Invalid/none from mrodrigu: 8 Time(s)
Invalid/none from mstr: 8 Time(s)
Invalid/none from mtaylor: 8 Time(s)
Invalid/none from mths: 8 Time(s)
Invalid/none from mttp: 8 Time(s)
Invalid/none from music: 8 Time(s)
Invalid/none from myoung: 8 Time(s)
Invalid/none from nabcor: 8 Time(s)
Invalid/none from nafc: 8 Time(s)
Invalid/none from nagios: 8 Time(s)
Invalid/none from nda: 8 Time(s)
Invalid/none from nia: 8 Time(s)
Invalid/none from nla: 8 Time(s)
Invalid/none from nmis: 8 Time(s)
Invalid/none from nnc: 8 Time(s)
Invalid/none from nut: 8 Time(s)
Invalid/none from ora: 8 Time(s)
Invalid/none from oraprod: 8 Time(s)
Invalid/none from oubiwann: 8 Time(s)
Invalid/none from pasqua: 8 Time(s)
Invalid/none from pasquale: 8 Time(s)
Invalid/none from pca: 8 Time(s)
Invalid/none from pcic: 8 Time(s)
Invalid/none from peggy: 8 Time(s)
Invalid/none from pfda: 8 Time(s)
Invalid/none from pierino: 8 Time(s)
Invalid/none from pqs: 8 Time(s)
Invalid/none from privoxy: 8 Time(s)
Invalid/none from prova: 8 Time(s)
Invalid/none from quagga: 8 Time(s)
Invalid/none from radiusd: 8 Time(s)
Invalid/none from raffa: 8 Time(s)
Invalid/none from rahim: 8 Time(s)
Invalid/none from ranga: 8 Time(s)
Invalid/none from reid: 8 Time(s)
Invalid/none from rmes: 8 Time(s)
Invalid/none from root2: 10 Time(s)
Invalid/none from rosanna: 8 Time(s)
Invalid/none from rosario: 8 Time(s)
Invalid/none from rossella: 8 Time(s)
Invalid/none from ruhina: 8 Time(s)
Invalid/none from samira: 8 Time(s)
Invalid/none from santino: 8 Time(s)
Invalid/none from savina: 8 Time(s)
Invalid/none from sax: 8 Time(s)
Invalid/none from scaballa: 8 Time(s)
Invalid/none from services: 8 Time(s)
Invalid/none from seuser: 8 Time(s)
Invalid/none from shahriar: 8 Time(s)
Invalid/none from shamim: 8 Time(s)
Invalid/none from shawn: 8 Time(s)
Invalid/none from siderurg: 8 Time(s)
Invalid/none from sios: 8 Time(s)
Invalid/none from sky: 8 Time(s)
Invalid/none from smsc: 16 Time(s)
Invalid/none from spencer: 8 Time(s)
Invalid/none from spider: 8 Time(s)
Invalid/none from sshuser: 8 Time(s)
Invalid/none from steve: 8 Time(s)
Invalid/none from stru: 8 Time(s)
Invalid/none from sue: 8 Time(s)
Invalid/none from suresh: 16 Time(s)
Invalid/none from sylvia: 8 Time(s)
Invalid/none from takagi: 8 Time(s)
Invalid/none from tanla: 8 Time(s)
Invalid/none from terry: 8 Time(s)
Invalid/none from thomas: 8 Time(s)
Invalid/none from tim: 8 Time(s)
Invalid/none from tmca: 16 Time(s)
Invalid/none from tomek: 8 Time(s)
Invalid/none from tracy: 8 Time(s)
Invalid/none from umberto: 8 Time(s)
Invalid/none from user: 10 Time(s)
Invalid/none from utility: 8 Time(s)
Invalid/none from weblogic: 8 Time(s)
Invalid/none from wengxk: 8 Time(s)
Invalid/none from www: 8 Time(s)
Invalid/none from yamada: 8 Time(s)
Invalid/none from yarn: 8 Time(s)
Invalid/none from zoe: 8 Time(s)
invalid/none from unknown: 1886 Time(s)

Received disconnect:
11: Bye Bye
::ffff:203.198.166.17 : 1872 Time(s)
::ffff:211.239.121.186 : 48 Time(s)

---------------------- SSHD End -------------------------

------------------ Disk Space --------------------

/dev/sda7 2.0G 304M 1.6G 16% /
/dev/sda1 1012M 46M 915M 5% /boot
/dev/sda8 41G 3.5G 36G 9% /home
/dev/sdb1 147G 6.3G 133G 5% /backup
/dev/sda6 2.0G 38M 1.9G 2% /tmp
/dev/sda2 9.9G 4.0G 5.5G 42% /usr
/dev/sda5 9.9G 2.2G 7.3G 23% /var

###################### LogWatch End #########################

Can you see how many times and with how many user combinations someone has tried to access this server? They never give up! However they will NEVER get the password to this server because we use roboform pro and get it to generate passwords of 20 characters that look something like this

$46cPLiyGe3lzw2#3k48

Even I dont know what my passwords are as robo form stores them all for me in a secure Blowfish encryption. Nice. We have also tightened up the security on our servers by limiting the amount of invalid logins from an IP amongst other things. On my personal laptop and work computers we run the following protection

AVG Internet security for the firewall and also anti virus protection
MalwareBytes for extra protection
Super Anti Spyware

We also use encyption of our FTP client Cute FTP and on the servers we lock FTP access in the control panel and only unlock it for an hour at a time.

Do all the above and you will pretty secure.

Mark

Posted by Mark at April 12, 2010 5:07 PM

Trackback Pings

TrackBack URL for this entry:
http://www.15dn.com/cgi-bin/mt/mt-tb.cgi/336

Comments

Post a comment