PaulDotCom mailing list archives
http://twitter.com/sotohide_log
From: xgermx at gmail.com (xgermx)
Date: Tue, 29 Dec 2009 08:31:02 -0600
Just so we're clear, I don't think this is the attackers SSH brute force logs; this is someone defending against it. Keep in mind how I found his page in the first place, by googling my attackers IP which was prefixed with "sshd[]: refused connect" in his Twitter stream. Additionally, if you google other IPs in his logs, most are on http://www.sshbl.org/ (the SSH blacklist) . On Mon, Dec 28, 2009 at 3:00 PM, Scott Webster <websterstech at gmail.com>wrote:
Interesting?. *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto: pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *xgermx *Sent:* Monday, December 28, 2009 11:35 AM *To:* PaulDotCom Security Weekly Mailing List *Subject:* Re: [Pauldotcom] http://twitter.com/sotohide_log I'm interested in who's following that account. Someone should follow/DM them. On Mon, Dec 28, 2009 at 12:12 PM, Scott Webster <websterstech at gmail.com> wrote: Its been running from 10/9/2009, using perl net. And not very productive, the times seem random. *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto: pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *xgermx *Sent:* Monday, December 28, 2009 8:46 AM *To:* PaulDotCom Security Weekly Mailing List *Subject:* [Pauldotcom] http://twitter.com/sotohide_log So I was checking some of my web server logs and I ran across an SHH brute force attack coming from a Chinese IP. Upon googling the IP I find this http://twitter.com/sotohide_log Does anyone have any insight? _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091229/27d34bdc/attachment.htm
Current thread:
- http://twitter.com/sotohide_log xgermx (Dec 28)
- http://twitter.com/sotohide_log John Strand (Dec 28)
- http://twitter.com/sotohide_log Rob Fuller (Dec 28)
- http://twitter.com/sotohide_log Butturini, Russell (Dec 28)
- http://twitter.com/sotohide_log Michael Miller (Dec 28)
- http://twitter.com/sotohide_log Brett Hoff (Dec 28)
- http://twitter.com/sotohide_log Scott Webster (Dec 28)
- http://twitter.com/sotohide_log infolookup at gmail.com (Dec 28)
- http://twitter.com/sotohide_log xgermx (Dec 28)
- http://twitter.com/sotohide_log Scott Webster (Dec 28)
- http://twitter.com/sotohide_log xgermx (Dec 29)
- http://twitter.com/sotohide_log Nicholas B. (Dec 28)
- http://twitter.com/sotohide_log xgermx (Dec 28)
- http://twitter.com/sotohide_log John Strand (Dec 28)
- http://twitter.com/sotohide_log Dennis Lavrinenko (Dec 28)
- http://twitter.com/sotohide_log Jason Jones (Dec 28)
- http://twitter.com/sotohide_log Dan McGinn-Combs (Dec 28)
- http://twitter.com/sotohide_log Robert Miller (Dec 28)