Mailing List SIMS@mail.stalker.com Message #13875
From: Peter Jones @ Jonesfam <peter@thejonesfamily.org>
Subject: Re: DDoS?
Date: Tue, 28 Oct 2003 18:37:38 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
I'm not a guru like some on this list but I believe someone knows you're
using SIMS and is trying to hack into the server. I put that IP in
SamSpade.org and it appears to be from China Telcom. Possibly trying to
hijack your server for spam.

Can you block all accesses from that IP address ... perhaps with your
firewall software?

Peter



> From: Chris Wagner <ismgr@atchisonkansas.net>
> Reply-To: "SIMS Discussions" <SIMS@mail.stalker.com>
> Date: Tue, 28 Oct 2003 17:03:24 -0600
> To: "SIMS Discussions" <SIMS@mail.stalker.com>
> Subject: DDoS?
>
> Got a slew of these in the log yesterday.
>
> Just curious if this looks like a serious attempt at compromising the
> system.
>
>
> 11:47:09 1 SMTP {web} AUTH failed: password(54321) is wrong. Connection from
> [218.70.9.34:3101]
> 11:47:10 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:10 1 SMTP {web} AUTH failed: password(00000000) is wrong. Connection
> from [218.70.9.34:3101]
> 11:47:11 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:11 1 SMTP {web} AUTH failed: password(88888888) is wrong. Connection
> from [218.70.9.34:3101]
> 11:47:12 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:12 1 SMTP {web} AUTH failed: password(admin) is wrong. Connection from
> [218.70.9.34:3101]
> 11:47:12 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:12 1 SMTP {web} AUTH failed: password(root) is wrong. Connection from
> [218.70.9.34:3101]
> 11:47:13 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:13 1 SMTP {web} AUTH failed: password(pass) is wrong. Connection from
> [218.70.9.34:3101]
> 11:47:14 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:14 1 SMTP {web} AUTH failed: password(passwd) is wrong. Connection
> from [218.70.9.34:3101]
> 11:47:15 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:15 1 SMTP {web} AUTH failed: password(password) is wrong. Connection
> from [218.70.9.34:3101]
> 11:47:16 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:16 1 SMTP {web} AUTH failed: password(super) is wrong. Connection from
> [218.70.9.34:3101]
> 11:47:16 0 SYSTEM Account {web} Resources open failed. Error Code=-43
> 11:47:16 1 SMTP {web} AUTH failed: password(!@#$%^&*) is wrong. Connection
> from [218.70.9.34:3101]
> 11:47:17 0 SYSTEM Account {www} Resources open failed. Error Code=-43
> 11:47:17 1 SMTP {www} AUTH failed: password(www) is wrong. Connection from
> [218.70.9.34:3101]
>
> Just curious.
> Thought it looked an awful like attempts at hacking the admin account or
> getting root level access, especially given the transition in the different
> passwords (the progression from pass to passwd for password).
>
> The rest of the entries are much more convincing.
>
> Looks like SIMS knocked them out, and that's fine, just was wondering.
>
> Thanks!
>
> Chris
>
>
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <SIMS@mail.stalker.com>.
> To unsubscribe, E-mail to: <SIMS-off@mail.stalker.com>
> To switch to the DIGEST mode, E-mail to <SIMS-digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <SIMS-index@mail.stalker.com>
> Send administrative queries to  <SIMS-request@mail.stalker.com>
>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster