mudmanc4 Posted April 16, 2013 CID Share Posted April 16, 2013 Anyone else getting beaten up by registrations from russia ? At a glance on one site I've had 5000+ in the last 24 hours. Logs don't show any more than normal port mappings and root attempts, just registrations like sadly madly. They seem to be doing this from a mail server ---- OSSEC HIDS Notification. 2013 Apr 16 06:10:17 Received From: xxxxxxx->/var/log/auth.log Rule: 5703 fired (level 10) -> "Possible breakin attempt (high number of reverse lookup errors)." Portion of the log(s): Apr 16 06:10:15 xxxxxxx sshd[8105]: reverse mapping checking getaddrinfo for 203-69-37-206.hinet-ip.hinet.net [203.69.37.206] failed - POSSIBLE BREAK-IN ATTEMPT! Apr 16 06:10:11 xxxxxxx sshd[8103]: reverse mapping checking getaddrinfo for 203-69-37-206.hinet-ip.hinet.net [203.69.37.206] failed - POSSIBLE BREAK-IN ATTEMPT! Apr 16 06:10:07 xxxxxxx sshd[8101]: reverse mapping checking getaddrinfo for 203-69-37-206.hinet-ip.hinet.net [203.69.37.206] failed - POSSIBLE BREAK-IN ATTEMPT! Apr 16 06:10:03 xxxxxxx sshd[8099]: reverse mapping checking getaddrinfo for 203-69-37-206.hinet-ip.hinet.net [203.69.37.206] failed - POSSIBLE BREAK-IN ATTEMPT! Apr 16 06:09:59 xxxxxxx sshd[8097]: reverse mapping checking getaddrinfo for 203-69-37-206.hinet-ip.hinet.net [203.69.37.206] failed - POSSIBLE BREAK-IN ATTEMPT! Apr 16 06:09:55 xxxxxxx sshd[8095]: reverse mapping checking getaddrinfo for 203-69-37-206.hinet-ip.hinet.net [203.69.37.206] failed - POSSIBLE BREAK-IN ATTEMPT! And that list goes on and on ------------- and ON and ON lol yes - I xed out the domain Quote Link to comment Share on other sites More sharing options...
TriRan Posted April 16, 2013 CID Share Posted April 16, 2013 yeah the past few months one of my clients got owned by russian registrations over 3k registrations and 40k posts Quote Link to comment Share on other sites More sharing options...
CA3LE Posted April 26, 2013 CID Share Posted April 26, 2013 Most of them probably aren't actually in Russia, just tunneling through there. So don't be pissed off at Russians. lol. Be pissed off that Russia doesn't do anything about it... so people use Russia as a gateway to mess with people. ... I haven't had any problems since I changed to keycaptcha on registration. Way less registrations, but they're all human. I was so impressed with it after just a couple days I paid them for the full version. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.