as mentioned in the previous post, our server which is hosted in hongkong was attacked (bruteforce). the network/dc where the server is hosted is so poor, they don’t have network-wide bruteforce protection. so i installed denyhosts, it’s a python script that analyzes the sshd server log messages to determine what hosts are attempting to hack into the system. if ever a repeated attacks will be notice, the /etc/hosts.deny file will be then updated. installing denyhosts is pretty simple, you can find a howto on it over here.
to know more about denyhosts, visit their official site - http://denyhosts.sourceforge.net
i was surprised this afternoon to see tons of failed login attempts for the root user from our offshore vps. a server which we’ve been using for six months now to run our campaign online against pornography. log file shows attempts are coming from an ip in columbia, either a druglord from columbia directly attempt to login to the server or a box that has been rooted was used as a bait. nice to see from the logs that the interval of each attempt is just 4 seconds, but anyway, the druglord failed. his ip has been blocked.
Jul 21 13:51:46 cc5134341 sshd[20284]: Failed password for root from 190.144.53.134 port 48783 ssh2
Jul 21 13:51:50 cc5134341 sshd[20290]: Failed password for root from 190.144.53.134 port 49048 ssh2
Jul 21 13:51:54 cc5134341 sshd[20296]: Failed password for root from 190.144.53.134 port 49320 ssh2
Jul 21 13:51:58 cc5134341 sshd[20302]: Failed password for root from 190.144.53.134 port 49594 ssh2
Jul 21 13:52:02 cc5134341 sshd[20308]: Failed password for root from 190.144.53.134 port 49868 ssh2
Jul 21 13:52:06 cc5134341 sshd[20314]: Failed password for root from 190.144.53.134 port 50135 ssh2
Jul 21 13:52:10 cc5134341 sshd[20320]: Failed password for root from 190.144.53.134 port 50397 ssh2
Jul 21 13:52:14 cc5134341 sshd[20326]: Failed password for root from 190.144.53.134 port 50666 ssh2
Jul 21 13:52:18 cc5134341 sshd[20332]: Failed password for root from 190.144.53.134 port 50934 ssh2
Jul 21 13:52:22 cc5134341 sshd[20338]: Failed password for root from 190.144.53.134 port 51200 ssh2
Jul 21 13:52:26 cc5134341 sshd[20344]: Failed password for root from 190.144.53.134 port 51477 ssh2
Jul 21 13:52:30 cc5134341 sshd[20350]: Failed password for root from 190.144.53.134 port 51750 ssh2
Jul 21 13:52:34 cc5134341 sshd[20356]: Failed password for root from 190.144.53.134 port 52019 ssh2
Jul 21 13:52:38 cc5134341 sshd[20362]: Failed password for root from 190.144.53.134 port 52286 ssh2
Jul 21 13:52:42 cc5134341 sshd[20368]: Failed password for root from 190.144.53.134 port 52553 ssh2
Jul 21 13:52:46 cc5134341 sshd[20374]: Failed password for root from 190.144.53.134 port 52822 ssh2
Jul 21 13:52:50 cc5134341 sshd[20380]: Failed password for root from 190.144.53.134 port 53098 ssh2
Jul 21 13:52:54 cc5134341 sshd[20386]: Failed password for root from 190.144.53.134 port 53357 ssh2
Jul 21 13:52:58 cc5134341 sshd[20392]: Failed password for root from 190.144.53.134 port 53625 ssh2
Jul 21 13:53:02 cc5134341 sshd[20398]: Failed password for root from 190.144.53.134 port 53892 ssh2
Jul 21 13:53:06 cc5134341 sshd[20404]: Failed password for root from 190.144.53.134 port 54166 ssh2
Jul 21 13:53:11 cc5134341 sshd[20410]: Failed password for root from 190.144.53.134 port 54436 ssh2
Jul 21 13:53:15 cc5134341 sshd[20416]: Failed password for root from 190.144.53.134 port 54705 ssh2
Jul 21 13:53:19 cc5134341 sshd[20422]: Failed password for root from 190.144.53.134 port 54978 ssh2
Jul 21 13:53:23 cc5134341 sshd[20428]: Failed password for root from 190.144.53.134 port 55239 ssh2
Jul 21 13:53:27 cc5134341 sshd[20434]: Failed password for root from 190.144.53.134 port 55510 ssh2
Jul 21 13:53:31 cc5134341 sshd[20440]: Failed password for root from 190.144.53.134 port 55780 ssh2
Jul 21 13:53:35 cc5134341 sshd[20446]: Failed password for root from 190.144.53.134 port 56057 ssh2
Jul 21 13:53:39 cc5134341 sshd[20452]: Failed password for root from 190.144.53.134 port 56323 ssh2
Jul 21 13:53:43 cc5134341 sshd[20458]: Failed password for root from 190.144.53.134 port 56597 ssh2
Jul 21 13:53:47 cc5134341 sshd[20464]: Failed password for root from 190.144.53.134 port 56866 ssh2
Jul 21 13:53:51 cc5134341 sshd[20470]: Failed password for root from 190.144.53.134 port 57128 ssh2
Jul 21 13:53:55 cc5134341 sshd[20476]: Failed password for root from 190.144.53.134 port 57387 ssh2
been so busy. as you can see, i’m not updating this blog that much; and who cares. not even my account at clickbank. but clickbank is clickbank, it’s very special. lol.. thus i have to update it, my account can’t be inactive for 3months, or else they will cancel it. the last time it earns was when i was still in PH. that was on April.
so last weekend i spend a couple of time on it. trying to do something in an attempt to have an update on my account. surprisingly, the result of my craft reached up to 600USD. why is that so? i don’t know. maybe western people just want to waste their money now. one thing’s for sure, hype really works in the information superhighway. i am tempted to do it once again on this boring night, to see if i can generate that figure or even close to it, but for some reasons, that’s not possible.
p.s. - thanks to Kirby for letting me use of his offshore VPS.
well.. everyone’s blogging already about the upcoming Pacquiao-Diaz fight that will happenĀ this weekend, which was dubbed as “lethal combination”. lemme join. lol..
yeah, we’re joining the noypi craze on boxing. since we can’t watch the fight on Pay Per View, in the first place we don’t subscribe to cable tv, we’re just going to watch it online. already found 2 sites that are scheduled to broadcast the fight online. with the 100mbps line provided by Starhub, i’m expecting not to have any lag when streaming it. i hope so..
i only brought 7 brief here in sg. last week i washed my brief at 11pm after realizing that i have no more clean brief left for the following day. haha.. this morning, same thing happened. i learned that i don’t have any brief to wear for tomorrow.
since there’s this great singapore sale from may 23 - july 20, then i didn’t hesitate to take advantage of it - to buy a brief. haha.. so i went to One Raffles Link, located in the subway of cityhall mrt here in sg - just a few steps from the mrt station. as expected, briefs are also on sale. i got 3 for 10sgd. w00t!
