[arm-allstar] Selective IP Blocking
Lloyd Duck
lduck at icloud.com
Tue Feb 13 10:20:49 EST 2024
It’s on the Linux logs on supermon where I’m seeing it.
Command: export TERM=vt100 && /usr/bin/sudo /usr/bin/journalctl --no-pager --since "1 day ago" | /bin/sed -e "/sudo/ d"
-----------------------------------------------------------------
-- Logs begin at Sun 2024-02-11 14:29:50 CST, end at Tue 2024-02-13 09:17:51 CST. --
Feb 12 09:34:14 W5AW sshd[32556]: rexec line 110: Deprecated option UsePrivilegeSeparation
Feb 12 09:34:15 W5AW sshd[32556]: Invalid user ic from 146.59.228.105 port 49302
Feb 12 09:34:15 W5AW sshd[32556]: pam_tally(sshd:auth): pam_get_uid; no such user
Feb 12 09:34:15 W5AW sshd[32556]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 09:34:15 W5AW sshd[32556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.59.228.105
Feb 12 09:34:15 W5AW sshd[32558]: rexec line 110: Deprecated option UsePrivilegeSeparation
Feb 12 09:34:16 W5AW sshd[32558]: Invalid user sonbol from 46.101.77.207 port 36174
Feb 12 09:34:16 W5AW sshd[32558]: pam_tally(sshd:auth): pam_get_uid; no such user
Feb 12 09:34:16 W5AW sshd[32558]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 09:34:16 W5AW sshd[32558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.77.207
Feb 12 09:34:17 W5AW sshd[32556]: Failed password for invalid user ic from 146.59.228.105 port 49302 ssh2
Feb 12 09:34:17 W5AW sshd[32556]: Received disconnect from 146.59.228.105 port 49302:11: Bye Bye [preauth]
Feb 12 09:34:17 W5AW sshd[32556]: Disconnected from invalid user ic 146.59.228.105 port 49302 [preauth]
Feb 12 09:34:18 W5AW sshd[32558]: Failed password for invalid user sonbol from 46.101.77.207 port 36174 ssh2
Feb 12 09:34:20 W5AW sshd[32558]: Received disconnect from 46.101.77.207 port 36174:11: Bye Bye [preauth]
Feb 12 09:34:20 W5AW sshd[32558]: Disconnected from invalid user sonbol 46.101.77.207 port 36174 [preauth]
Feb 12 09:34:46 W5AW sshd[32588]: rexec line 110: Deprecated option UsePrivilegeSeparation
Feb 12 09:34:47 W5AW sshd[32588]: Invalid user btm from 43.136.122.160 port 35180
Feb 12 09:34:47 W5AW sshd[32588]: pam_tally(sshd:auth): pam_get_uid; no such user
Feb 12 09:34:47 W5AW sshd[32588]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 09:34:47 W5AW sshd[32588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.136.122.160
Feb 12 09:34:49 W5AW sshd[32588]: Failed password for invalid user btm from 43.136.122.160 port 35180 ssh2
Feb 12 09:34:50 W5AW sshd[32588]: Received disconnect from 43.136.122.160 port 35180:11: Bye Bye [preauth]
Feb 12 09:34:50 W5AW sshd[32588]: Disconnected from invalid user btm 43.136.122.160 port 35180 [preauth]
Feb 12 09:34:54 W5AW sshd[32618]: rexec line 110: Deprecated option UsePrivilegeSeparation
Feb 12 09:34:54 W5AW sshd[32618]: Invalid user socket from 170.106.196.12 port 53748
Feb 12 09:34:54 W5AW sshd[32618]: pam_tally(sshd:auth): pam_get_uid; no such user
Feb 12 09:34:54 W5AW sshd[32618]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 09:34:54 W5AW sshd[32618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.106.196.12
Feb 12 09:34:56 W5AW sshd[32618]: Failed password for invalid user socket from 170.106.196.12 port 53748 ssh2
Feb 12 09:34:57 W5AW sshd[32618]: Received disconnect from 170.106.196.12 port 53748:11: Bye Bye [preauth]
Feb 12 09:34:57 W5AW sshd[32618]: Disconnected from invalid user socket 170.106.196.12 port 53748 [preauth]
Feb 12 09:35:09 W5AW sshd[32620]: rexec line 110: Deprecated option UsePrivilegeSeparation
Feb 12 09:35:11 W5AW sshd[32620]: Invalid user shipping from 101.43.226.18 port 45932
Feb 12 09:35:11 W5AW sshd[32620]: pam_tally(sshd:auth): pam_get_uid; no such user
Feb 12 09:35:11 W5AW sshd[32620]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 09:35:11 W5AW sshd[32620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.43.226.18
Feb 12 09:35:13 W5AW sshd[32622]: rexec line 110: Deprecated option UsePrivilegeSeparation
Feb 12 09:35:13 W5AW sshd[32620]: Failed password for invalid user shipping from 101.43.226.18 port 45932 ssh2
Feb 12 09:35:14 W5AW sshd[32622]: Invalid user lot from 41.82.208.182 port 26050
Feb 12 09:35:14 W5AW sshd[32622]: pam_tally(sshd:auth): pam_get_uid; no such user
Feb 12 09:35:14 W5AW sshd[32622]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 09:35:14 W5AW sshd[32622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.208.182
Feb 12 09:35:15 W5AW sshd[32620]: Received disconnect from 101.43.226.18 port 45932:11: Bye Bye [preauth]
Feb 12 09:35:15 W5AW sshd[32620]: Disconnected from invalid user shipping 101.43.226.18 port 45932 [preauth]
Feb 12 09:35:16 W5AW sshd[32622]: Failed password for invalid user lot from 41.82.208.182 port 26050 ssh2
Feb 12 09:35:18 W5AW sshd[32622]: Received disconnect from 41.82.208.182 port 26050:11: Bye Bye [preauth]
Lloyd Duck
W5LND
On Feb 12, 2024, at 6:54 PM, David McGough via ARM-allstar <arm-allstar at hamvoip.org> wrote:
Hi,
How is your node being attacked?? Are you seeing entries in the Apache
(webserver) logs, the sshd logs (lastb command) or other?
73, David K4FXC
On Mon, 12 Feb 2024, Anthony (N2KI) via ARM-allstar wrote:
> Hello,
>
> I understand there is a Linux package that can be installed to an Allstar
> (HamVoip) node that we can program to block specific IP addresses from
> connecting. Recently, I have been noticing many attempts to hack into a
> node. Is there such an installation package and if so what is the name and
> how do I get it? Thanks a lot for your help.
>
>
>
>
> *Regards,Anthony *
> * N2KI*
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
_______________________________________________
ARM-allstar mailing list
ARM-allstar at hamvoip.org
http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
More information about the ARM-allstar
mailing list