Numerosos intentos de ataques en mi servidor cada día

Publicat per joan el Mon, 06/05/2013 - 18:26
Hacker

A continuación os dejo los logs /var/log/authlog de mi servidor OpenBSD doméstico donde, cada día, veo numerosísimos atacantes intentando romper la seguridad probando usuarios, contraseñas y puertos. Y, por primera vez, quiero probar otra estrategia: ponerme en contacto con los administradores de sistemas de los equipos desde donde lanzan sus scripts los intrusos.

Sólo para que os hagáis una idea, aquí os dejo los que simplemente intentan probar diccionarios de contraseñas del usuario root, pero tengo intentos con usuarios aleatorios, o svnroot, mysql, tomcat, tomcat2, etc, etc, etc.

Cada día, tal vez tenga unas 3.000 nuevas líneas de supuestos atacantes, los cuales provienen principalmente de las IP's 151.236.222.112 y 109.72.216.34 como puedes ver aquí:

May 6 02:09:27 mi_servidor_domestico sshd[17359]: Failed password for root from 151.236.222.112 port 57036 ssh2
May 6 02:09:28 mi_servidor_domestico sshd[9080]: Failed password for root from 151.236.222.112 port 57441 ssh2
May 6 02:09:29 mi_servidor_domestico sshd[3671]: Failed password for root from 151.236.222.112 port 57804 ssh2
May 6 02:09:30 mi_servidor_domestico sshd[28274]: Failed password for root from 151.236.222.112 port 58214 ssh2
May 6 02:09:31 mi_servidor_domestico sshd[263]: Failed password for root from 151.236.222.112 port 58526 ssh2
May 6 02:09:33 mi_servidor_domestico sshd[22073]: Failed password for root from 151.236.222.112 port 58925 ssh2
May 6 02:09:34 mi_servidor_domestico sshd[3381]: Failed password for root from 151.236.222.112 port 59282 ssh2
May 6 02:09:35 mi_servidor_domestico sshd[17571]: Failed password for root from 151.236.222.112 port 59595 ssh2
May 6 02:09:36 mi_servidor_domestico sshd[27252]: Failed password for root from 151.236.222.112 port 59959 ssh2
May 6 02:09:38 mi_servidor_domestico sshd[6706]: Failed password for root from 151.236.222.112 port 60298 ssh2
May 6 02:09:48 mi_servidor_domestico sshd[15049]: Failed password for root from 151.236.222.112 port 34640 ssh2
May 6 02:09:50 mi_servidor_domestico sshd[20749]: Failed password for root from 151.236.222.112 port 35346 ssh2
May 6 02:09:52 mi_servidor_domestico sshd[12338]: Failed password for root from 151.236.222.112 port 35721 ssh2
May 6 02:09:53 mi_servidor_domestico sshd[31711]: Failed password for root from 151.236.222.112 port 35988 ssh2
May 6 02:09:54 mi_servidor_domestico sshd[7668]: Failed password for root from 151.236.222.112 port 36320 ssh2
May 6 02:09:55 mi_servidor_domestico sshd[26438]: Failed password for root from 151.236.222.112 port 36610 ssh2
May 6 02:09:56 mi_servidor_domestico sshd[28260]: Failed password for root from 151.236.222.112 port 36901 ssh2
May 6 02:09:58 mi_servidor_domestico sshd[32300]: Failed password for root from 151.236.222.112 port 37246 ssh2
May 6 02:09:59 mi_servidor_domestico sshd[12653]: Failed password for root from 151.236.222.112 port 37506 ssh2
May 6 02:10:00 mi_servidor_domestico sshd[22357]: Failed password for root from 151.236.222.112 port 37789 ssh2
May 6 02:10:01 mi_servidor_domestico sshd[11729]: Failed password for root from 151.236.222.112 port 38172 ssh2
May 6 02:10:03 mi_servidor_domestico sshd[25936]: Failed password for root from 151.236.222.112 port 38405 ssh2
May 6 02:10:04 mi_servidor_domestico sshd[32405]: Failed password for root from 151.236.222.112 port 38766 ssh2
May 6 02:10:05 mi_servidor_domestico sshd[19714]: Failed password for root from 151.236.222.112 port 39040 ssh2
May 6 02:10:06 mi_servidor_domestico sshd[24410]: Failed password for root from 151.236.222.112 port 39324 ssh2
May 6 02:10:08 mi_servidor_domestico sshd[21786]: Failed password for root from 151.236.222.112 port 39635 ssh2
May 6 02:10:09 mi_servidor_domestico sshd[18508]: Failed password for root from 151.236.222.112 port 39936 ssh2
May 6 02:10:10 mi_servidor_domestico sshd[20688]: Failed password for root from 151.236.222.112 port 40263 ssh2
May 6 02:10:11 mi_servidor_domestico sshd[14580]: Failed password for root from 151.236.222.112 port 40504 ssh2
May 6 02:10:13 mi_servidor_domestico sshd[7815]: Failed password for root from 151.236.222.112 port 40827 ssh2
May 6 02:10:14 mi_servidor_domestico sshd[12743]: Failed password for root from 151.236.222.112 port 41092 ssh2
May 6 02:10:16 mi_servidor_domestico sshd[8405]: Failed password for root from 151.236.222.112 port 41506 ssh2
May 6 02:10:17 mi_servidor_domestico sshd[22209]: Failed password for root from 151.236.222.112 port 41890 ssh2
May 6 02:10:18 mi_servidor_domestico sshd[6015]: Failed password for root from 151.236.222.112 port 42160 ssh2
May 6 02:10:20 mi_servidor_domestico sshd[31482]: Failed password for root from 151.236.222.112 port 42468 ssh2
May 6 02:10:21 mi_servidor_domestico sshd[6718]: Failed password for root from 151.236.222.112 port 42795 ssh2
May 6 02:10:22 mi_servidor_domestico sshd[24357]: Failed password for root from 151.236.222.112 port 43106 ssh2
May 6 02:10:23 mi_servidor_domestico sshd[20815]: Failed password for root from 151.236.222.112 port 43400 ssh2
May 6 02:10:24 mi_servidor_domestico sshd[22493]: Failed password for root from 151.236.222.112 port 43737 ssh2
May 6 02:10:26 mi_servidor_domestico sshd[4143]: Failed password for root from 151.236.222.112 port 44005 ssh2
May 6 02:10:27 mi_servidor_domestico sshd[19232]: Failed password for root from 151.236.222.112 port 44333 ssh2
May 6 07:33:32 mi_servidor_domestico sshd[8109]: Failed password for root from 185.19.93.203 port 47680 ssh2
May 6 08:47:40 mi_servidor_domestico sshd[16343]: Failed password for root from 109.72.216.34 port 57649 ssh2
May 6 08:47:42 mi_servidor_domestico sshd[23088]: Failed password for root from 109.72.216.34 port 61575 ssh2
May 6 08:47:43 mi_servidor_domestico sshd[30637]: Failed password for root from 109.72.216.34 port 48341 ssh2
May 6 08:47:44 mi_servidor_domestico sshd[15248]: Failed password for root from 109.72.216.34 port 42141 ssh2
May 6 08:47:45 mi_servidor_domestico sshd[29348]: Failed password for root from 109.72.216.34 port 41299 ssh2
May 6 08:47:46 mi_servidor_domestico sshd[14813]: Failed password for root from 109.72.216.34 port 39258 ssh2
May 6 08:47:48 mi_servidor_domestico sshd[19346]: Failed password for root from 109.72.216.34 port 57217 ssh2
May 6 08:47:49 mi_servidor_domestico sshd[20631]: Failed password for root from 109.72.216.34 port 44944 ssh2
May 6 08:47:50 mi_servidor_domestico sshd[22023]: Failed password for root from 109.72.216.34 port 52391 ssh2
May 6 08:47:51 mi_servidor_domestico sshd[6237]: Failed password for root from 109.72.216.34 port 64938 ssh2
May 6 08:47:52 mi_servidor_domestico sshd[18860]: Failed password for root from 109.72.216.34 port 34671 ssh2
May 6 08:48:40 mi_servidor_domestico sshd[18765]: Failed password for root from 109.72.216.34 port 37627 ssh2
May 6 08:48:41 mi_servidor_domestico sshd[28855]: Failed password for root from 109.72.216.34 port 61150 ssh2
May 6 08:48:42 mi_servidor_domestico sshd[14721]: Failed password for root from 109.72.216.34 port 59094 ssh2
May 6 08:48:44 mi_servidor_domestico sshd[4570]: Failed password for root from 109.72.216.34 port 65228 ssh2
May 6 08:48:45 mi_servidor_domestico sshd[6947]: Failed password for root from 109.72.216.34 port 56712 ssh2
May 6 08:48:46 mi_servidor_domestico sshd[4754]: Failed password for root from 109.72.216.34 port 49812 ssh2
May 6 08:48:47 mi_servidor_domestico sshd[21193]: Failed password for root from 109.72.216.34 port 50080 ssh2
May 6 08:48:48 mi_servidor_domestico sshd[4964]: Failed password for root from 109.72.216.34 port 38461 ssh2
May 6 08:48:50 mi_servidor_domestico sshd[27746]: Failed password for root from 109.72.216.34 port 33628 ssh2
May 6 08:48:51 mi_servidor_domestico sshd[12480]: Failed password for root from 109.72.216.34 port 42119 ssh2
May 6 08:48:52 mi_servidor_domestico sshd[9385]: Failed password for root from 109.72.216.34 port 34037 ssh2
May 6 08:48:53 mi_servidor_domestico sshd[10753]: Failed password for root from 109.72.216.34 port 47918 ssh2
May 6 08:48:54 mi_servidor_domestico sshd[29933]: Failed password for root from 109.72.216.34 port 50541 ssh2
May 6 08:48:56 mi_servidor_domestico sshd[17413]: Failed password for root from 109.72.216.34 port 42862 ssh2
May 6 08:48:57 mi_servidor_domestico sshd[20861]: Failed password for root from 109.72.216.34 port 53066 ssh2
May 6 08:48:58 mi_servidor_domestico sshd[25997]: Failed password for root from 109.72.216.34 port 33715 ssh2
May 6 08:48:59 mi_servidor_domestico sshd[1689]: Failed password for root from 109.72.216.34 port 51613 ssh2
May 6 08:49:00 mi_servidor_domestico sshd[14229]: Failed password for root from 109.72.216.34 port 36126 ssh2
May 6 08:49:01 mi_servidor_domestico sshd[26819]: Failed password for root from 109.72.216.34 port 36117 ssh2
May 6 08:49:03 mi_servidor_domestico sshd[15841]: Failed password for root from 109.72.216.34 port 50566 ssh2
May 6 08:51:05 mi_servidor_domestico sshd[1982]: Failed password for root from 109.72.216.34 port 35754 ssh2
May 6 08:51:06 mi_servidor_domestico sshd[21655]: Failed password for root from 109.72.216.34 port 50856 ssh2
May 6 08:56:05 mi_servidor_domestico sshd[26639]: Failed password for invalid user svnroot from 109.72.216.34 port 46576 ssh2
May 6 08:56:06 mi_servidor_domestico sshd[25019]: Failed password for invalid user svnroot from 109.72.216.34 port 43900 ssh2
May 6 08:56:07 mi_servidor_domestico sshd[6427]: Failed password for invalid user svnroot from 109.72.216.34 port 49862 ssh2
May 6 08:56:08 mi_servidor_domestico sshd[23508]: Failed password for invalid user svnroot from 109.72.216.34 port 51283 ssh2
May 6 08:56:10 MY_SERVER sshd[7985]: Failed password for invalid user svnroot from 109.72.216.34 port 62033 ssh2
May 6 08:56:11 mi_servidor_domestico sshd[22893]: Failed password for invalid user svnroot from 109.72.216.34 port 36957 ssh2
May 6 08:56:12 mi_servidor_domestico sshd[21812]: Failed password for invalid user svnroot from 109.72.216.34 port 37770 ssh2
May 6 08:56:13 mi_servidor_domestico sshd[26747]: Failed password for invalid user svnroot from 109.72.216.34 port 56714 ssh2
May 6 08:56:14 mi_servidor_domestico sshd[21286]: Failed password for invalid user svnroot from 109.72.216.34 port 45523 ssh2
May 6 08:56:15 mi_servidor_domestico sshd[2496]: Failed password for invalid user svnroot from 109.72.216.34 port 46514 ssh2
May 6 08:56:16 mi_servidor_domestico sshd[5160]: Failed password for invalid user svnroot from 109.72.216.34 port 60705 ssh2

Buscando en webs que ofrecen servicios de geolocalización de IP's, veo que la IP 109.72.216.34 proviene del Reino Unido:

General IP Information
IP: 109.72.216.34
Decimal: 1833490466
Hostname: node5.hostedsip.co.uk
ISP: Hastingwood Securities Ltd.
Organization: Hastingwood Securities Ltd.
Services: None detected
Type:
Assignment: Static IP
Blacklist:

Geolocation Information
Country: United Kingdom GB
State/Region: London, City of
City: London
Latitude: 51.5142 (51° 30′ 51.12″ N)
Longitude: -0.0931 (0° 5′ 35.16″ W)

Al parecer, es esta empresa industrial creada hace 20 años que tiene sede en varias ciudades inglesas: http://www.hastwood.com
Entre muchos servicios, también ofrece servicios informáticos, servidores, hosting y registro de dominios, y juegos en la red.
Ahí está la primera prueba de que a algún curioso de la empresa le gusta jugar a sentirse un malo malote en la red.

Y la segunda IP que me está molestando cada segundo, la 151.236.222.112, resulta que también proviene del Reino Unido:

General IP Information
IP: 151.236.222.112
Decimal: 2548883056
Hostname: li593-112.members.linode.com
ISP: Linode, LLC
Organization: Linode, LLC
Services: None detected
Type:
Assignment: Static IP
Blacklist:

Geolocation Information
Country: United Kingdom GB
State/Region: London, City of
City: London
Latitude: 51.5142 (51° 30′ 51.12″ N)
Longitude: -0.0931 (0° 5′ 35.16″ W)

Esta segunda empresa es http://www.linode.com , una empresa de internet que ofrece servicios de máquinas GNU/Linux virtuales por distintas tarifas, según capacidad y funcionalidad.
Parece también que algún cowboy solitario juega a sentirse un ganster cibernético intentando joder servidores de manera indiscriminada.

¿Qué puedo hacer?... pues bueno, de momento voy a probar a contactar a los administradores de sistemas de la tal empresa Hastingwood Securities Ltd y Linode, los cuales tienen un Twitter y una página Facebook. Seguiré informando en el blog.

Manos a la obra.

Doncs bé això és tot, espere que trobes útil aquest article i que et motive a compartir els teus trucs, els teus coneixements i els teus experiments amb el Programari Lliure. Pensa-ho, va, que la Comunitat del Programari Lliure va creixent gràcies a la documentació, el disseny, la formació o la programació, sigues part de la Comunitat :-)

La cultura i la lliure circulació de les idees és l'arma més efectiva contra les dictadures del pensament i contra la ignorància.

Utilitats

NAVEGACIÓ SENSE RATOLÍ

- Tab següent enllaç.
- Shift+Tab anterior enllaç.
- Enter activa l'enllaç.
- Alt+esquerra anar arrere.

CONTRAST DE COLORS

Accessibilitat - Color Negre
Accessibilitat - Color Groc
Accessibilitat - Color Verd

Accessibilitat - Color Blau
Accessibilitat - Color Crema
Accessibilitat - Color Blanc

 

PORTADES ALTERNATIVES