[kwlug-disc] Identify this exploit?
Mikalai Birukou
mb at 3nsoft.com
Sun Dec 29 13:19:20 EST 2019
Was it a ... "horribly configured" PHP application :) ?
On 2019-12-29 12:34 p.m., Ron Singh wrote:
> From a non-techy/new-ish to Linux guy's perspectrive, what do I take
> away from this bit of "follow the bouncing ball"?
>
> 153.126.166.203 (ik1-319-19699.vs.sakura.ne.jp
> <http://ik1-319-19699.vs.sakura.ne.jp>)
>
> gives me this:
> ________________________________________________________________
>
>
> Welcome to nmp3000's site
>
> yukkuri goran kudasai
>
> ________________________________________________________________
>
> and googling nmp3000, I get this twitter user as a top hit and he
> seems to be a Linux-y kind of guy in Japan:
>
> https://twitter.com/nmp3000
>
> No idea if there is any meaning to be gleaned from this, but I thought
> it might be mildly interesting. I do wonder if that fella's site is
> hacked and someone is using his url for dastardly deeds. I am not at
> all savvy about how these things work, but I thought it curious.
>
> Thanks,
>
> Ron Singh
>
>
>
> On Sun, Dec 29, 2019 at 12:06 PM Khalid Baheyeldin <kb at 2bits.com
> <mailto:kb at 2bits.com>> wrote:
>
> Here is an example from the scary internet ...
>
> From today's logs of a server I manage (via logwatch):
>
> Failed logins from:
> 92.246.17.5 <http://92.246.17.5>: 1 time
> 95.88.219.197 (ip5f58dbc5.dynamic.kabel-deutschland.de
> <http://ip5f58dbc5.dynamic.kabel-deutschland.de>): 1 time
> 153.126.166.203 (ik1-319-19699.vs.sakura.ne.jp
> <http://ik1-319-19699.vs.sakura.ne.jp>): 1 time
>
> Illegal users from:
> undef: 3 times
> 12.22.203.226 <http://12.22.203.226>: 1 time
> 63.142.97.181 (63-142-97-63-142-97-181.cpe.sparklight.net
> <http://63-142-97-63-142-97-181.cpe.sparklight.net>): 1 time
> 92.246.17.5 <http://92.246.17.5>: 2 times
> 97.84.76.88 (97-84-76-88.dhcp.snlo.ca.charter.com
> <http://97-84-76-88.dhcp.snlo.ca.charter.com>): 1 time
> 115.160.163.195 <http://115.160.163.195>: 2 times
> 142.4.208.131 (ns502558.ip-142-4-208.net
> <http://ns502558.ip-142-4-208.net>): 1 time
> 153.126.141.19 (ik1-306-13265.vs.sakura.ne.jp
> <http://ik1-306-13265.vs.sakura.ne.jp>): 1 time
>
> These are all ssh login attempts from various IP addresses.
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org <mailto:kwlug-disc at kwlug.org>
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
--
Mikalai Birukou
CEO | 3NSoft Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20191229/4e4421ba/attachment.htm>
More information about the kwlug-disc
mailing list