[TriLUG] Drop script kitties
Tarus Balog
tarus at opennms.org
Tue Oct 11 05:55:22 EDT 2011
Gang:
Lately I've noticed a lot of these, usually coming from Russia:
pam_succeed_if(sshd:auth): error retrieving information about user silvia : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user rachel : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user carola : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user nagios : 1 time(s)
Obviously hunting. Anyone know of a tool to temporarily block the IP making the attempt after x failures?
In a similar vein, I get script kitties hunting for HTTP exploits:
/genindexpage.cgi?13687+Home+/../../../../ ... ./../etc/passwd: 1 Time(s)
/gotopage.cgi?13686+/../../../../../../../ ... ./../etc/passwd: 1 Time(s)
/hsx.cgi?show=../../../../../../../../../../../etc/passwd%00: 1 Time(s)
/ikonboard.cgi: 1 Time(s)
/index.cgi: 2 Time(s)
and I'd like to do the same to them.
-T
_______________________________________________________________________
Tarus BALOG, OpenNMS Maintainer Main: +1 919 533 0160
The OpenNMS Group, Inc. Fax: +1 773 345 3645
Email: tarus at opennms.org URL: http://www.opennms.org
PGP Key Fingerprint: 8945 8521 9771 FEC9 5481 512B FECA 11D2 FD82 B45C
More information about the TriLUG
mailing list