[Pauldotcom] http://twitter.com/sotohide_log

xgermx xgermx at gmail.com
Tue Dec 29 14:31:02 UTC 2009 

Just so we're clear, I don't think this is the attackers SSH brute force
logs; this is someone defending against it. Keep in mind how I found his
page in the first place, by googling my attackers IP which was prefixed with
"sshd[]: refused connect" in his Twitter stream. Additionally, if you google
other IPs in his logs, most are on http://www.sshbl.org/ (the SSH blacklist)
.


On Mon, Dec 28, 2009 at 3:00 PM, Scott Webster <websterstech at gmail.com>wrote:

>  Interesting….
>
>
>
> *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:
> pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *xgermx
> *Sent:* Monday, December 28, 2009 11:35 AM
>
> *To:* PaulDotCom Security Weekly Mailing List
> *Subject:* Re: [Pauldotcom] http://twitter.com/sotohide_log
>
>
>
> I'm interested in who's following that account. Someone should follow/DM
> them.
>
> On Mon, Dec 28, 2009 at 12:12 PM, Scott Webster <websterstech at gmail.com>
> wrote:
>
> Its been running from 10/9/2009, using perl net. And not very productive,
> the times seem random.
>
>
>
> *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:
> pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *xgermx
> *Sent:* Monday, December 28, 2009 8:46 AM
>
>
> *To:* PaulDotCom Security Weekly Mailing List
>
> *Subject:* [Pauldotcom] http://twitter.com/sotohide_log
>
>
>
> So I was checking some of my web server logs and I ran across an SHH brute
> force attack coming from a Chinese IP. Upon googling the IP I find this
> http://twitter.com/sotohide_log
> Does anyone have any insight?
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091229/27d34bdc/attachment.htm

More information about the Pauldotcom mailing list