Shell Person Help me keep the shell people alive.

10Apr/1042

Hacked – SSH Bruteforce

This isn't much of a surprise, as the box had an incredibly simple root password. Here's some info:

This was a brute force ssh attack. ssh root login was not disabled. Here are some of early attempts before success:

cat /var/log/auth.log.1 | grep "Invalid user" | cut -d ':' -f 4 | sort | uniq | tail -n 25
Invalid user wilson from 64.124.102.44
Invalid user windows from 64.124.102.44
Invalid user worthy from 122.201.70.12
Invalid user www123 from 64.124.102.44
Invalid user www from 64.124.102.44
Invalid user www from 66.235.201.39
Invalid user www from 75.126.69.5
Invalid user wwwrun from 64.124.102.44
Invalid user xam from 64.124.102.44
Invalid user xbitchx from 64.124.102.44
Invalid user xchat from 64.124.102.44
Invalid user xfs123 from 64.124.102.44
Invalid user xfs from 64.124.102.44
Invalid user ydnah from 64.124.102.44
Invalid user yoshida123 from 64.124.102.44
Invalid user yoshida321 from 64.124.102.44
Invalid user yoshida from 64.124.102.44
Invalid user yssor from 64.124.102.44
Invalid user z1x2c3 from 64.124.102.44
Invalid user zabbix from 75.126.69.5
Invalid user zachary from 64.124.102.44
Invalid user zoe from 64.124.102.44
Invalid user zuperman from 64.124.102.44
Invalid user zxcvb from 64.124.102.44
Invalid user zxcvbn from 64.124.102.44

The full list is at the bottom of the post.