damn_registrars's Journal: Another Distributed Hack Attempt

This is an interesting follow-up to my earlier journal entry regarding a distributed attempt to hack my server.

However, this is a slightly different game this time. Last time I saw hundreds of addresses that each tried to hack the username root. Perhaps I shouldn't have bragged that it was disabled.

This time, each address tries one name. The logs show that each name that is being tried is tried on average three times:

Nov 24 08:04:39 nfsbox sshd[64246]: error: PAM: authentication error for illegal user betelgeuse from 59-124-224-95.hinet-ip.hinet.net

Nov 24 08:06:09 nfsbox sshd[64254]: error: PAM: authentication error for illegal user betelgeuse from 203.70.179.113

Nov 24 08:08:47 nfsbox sshd[64257]: error: PAM: authentication error for illegal user beth from bno-84-242-66-10.karneval.cz

Nov 24 08:09:55 nfsbox sshd[64260]: error: PAM: authentication error for illegal user beth from gay130.internetdsl.tpnet.pl

Nov 24 08:11:25 nfsbox sshd[64279]: error: PAM: authentication error for illegal user betha from 84.234.110.86

Nov 24 08:12:43 nfsbox sshd[64283]: error: PAM: authentication error for illegal user betha from 200.29.137.117

Nov 24 08:14:01 nfsbox sshd[64286]: error: PAM: authentication error for illegal user betha from 59.6.185.37

And the addresses themselves seldom, if ever, show up more than once in a day. The attempts are so prevalent that right now my messages log file is turning over twice a day due to size.

This time, I did notice one thing that may have triggered this:

• I recently posted something for sale on craigslist, and linked from the ad to more information on my own web server

So it seems that whoever is controlling these bots is pulling adddresses from craigslist and pointing the bots at them.

And one last thing...

To whoever wrote the code for the new look of the user pages here on slashdot...

You suck.

At least the old pages rendered well on pretty much everything. And information was easy to find. I cannot say that for the new pages. Most browers I have tried so far have rendered the new pages terribly. Important bits of information are buried under other graphics. And what happened to the link to view all journal entries for a user? Finding old journal entries has become almost hopeless obfuscated - and the search function doesn't work worth a damn for it, either...