Tag Archives: downtime

Col. Panic

Posted on by
Reply

Almost 19 hours of total blackout! all sites are down, what a huge mess I got when another “Kernel Panic” hits my server in just 3 weeks (this is the 3rd time). It comes to my decision to sit down on it and do something why and how this happening. With another help from my long time friend Mr. Google, I research this “mysterious phenomena” I called it that occurs in Linux machines. After reading all my recorded log files and tracing the last entry (which registered at 3/5/08 22:31:28 hrs) which says something about one of my Network Card is not acting normally and continually rejecting Rx and Tx connection!

Soon as I found out, I think he wanted to tell me that I should replace him in soonest possible and buy a new one!

Anyway, prior to this to prevent me from waiting to someone from our house(where my server also resides) to come home to REBOOT the box I modify the server to automatically reboot itself after the first 20 secs of kernel panic.

Another day go by and a relief from tragedy.

My first encounter of severe server attack

Posted on by
2

Just this last 3 days, I am encountered severe, simultaneous, relentless attack on My server to gain my administration account and to control. I was so mad because the overall bandwidth is eating it and thus a Denial Of Service occurred.

One way in another there are many different sources I traced and detected some of them mostly came from china (WTF you doi’n Chinese hackers on my server?) and Australia.

I was forced to kill my own root account for security reasons (well you might read this if you are the one who is breaking my box asshole).

Install the last weapon I got- The DENYHOST program.

For those wondering how severe these Brute Force Attack was, Well they repeatedly attempting to login in the server EVERY SECOND!

Feb 19 19:45:27 michael-yap sshd[3150]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=blk-7-211-207.eastlink.ca user=root
Feb 19 19:45:29 michael-yap sshd[3150]: Failed password for root from 71.7.211.207 port 4967 ssh2
Feb 19 19:45:37 michael-yap sshd[3152]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=blk-7-211-207.eastlink.ca user=root
Feb 19 19:45:39 michael-yap sshd[3152]: Failed password for root from 71.7.211.207 port 3197 ssh2

Feb 19 21:26:38 michael-yap sshd[4931]: Invalid user fax from 190.2.12.161
Feb 19 21:26:44 michael-yap sshd[4931]: reverse mapping checking getaddrinfo for customer2-12-161.iplannetworks.net failed – POSSIBLE BREAK-IN ATTEMPT!
Feb 19 21:26:44 michael-yap sshd[4931]: (pam_unix) check pass; user unknown
Feb 19 21:26:44 michael-yap sshd[4931]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.2.12.161
Feb 19 21:26:46 michael-yap sshd[4931]: Failed password for invalid user fax from 190.2.12.161 port 53378 ssh2
And after installing my weapon…

Feb 20 15:00:37 michael-yap sshd[27830]: User root from 201.219.9.12 not allowed because not listed in AllowUsers
Feb 20 15:00:37 michael-yap sshd[27830]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.219.9.12 user=root
Feb 20 15:00:38 michael-yap sshd[27830]: Failed password for invalid user root from 201.219.9.12 port 54898 ssh2
Feb 20 15:00:42 michael-yap sshd[27832]: Invalid user admin from 201.219.9.12
Feb 20 15:00:42 michael-yap sshd[27832]: (pam_unix) check pass; user unknown
Feb 20 15:00:42 michael-yap sshd[27832]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.219.9.12
Feb 20 15:00:43 michael-yap sshd[27832]: Failed password for invalid user admin from 201.219.9.12 port 55212 ssh2
Feb 20 15:00:47 michael-yap sshd[27834]: Invalid user test from 201.219.9.12
Feb 20 15:00:47 michael-yap sshd[27834]: (pam_unix) check pass; user unknown
Feb 20 15:00:47 michael-yap sshd[27834]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.219.9.12
Feb 20 15:00:49 michael-yap sshd[27834]: Failed password for invalid user test from 201.219.9.12 port 55522 ssh2
Feb 20 15:00:53 michael-yap sshd[27836]: Invalid user guest from 201.219.9.12
Feb 20 15:00:53 michael-yap sshd[27836]: (pam_unix) check pass; user unknown
Feb 20 15:00:53 michael-yap sshd[27836]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.219.9.12
Feb 20 15:00:55 michael-yap sshd[27836]: Failed password for invalid user guest from 201.219.9.12 port 55883 ssh2
Feb 20 15:00:59 michael-yap sshd[27838]: Invalid user webmaster from 201.219.9.12
Feb 20 15:00:59 michael-yap sshd[27838]: (pam_unix) check pass; user unknown
Feb 20 15:00:59 michael-yap sshd[27838]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.219.9.12
Feb 20 15:01:01 michael-yap sshd[27838]: Failed password for invalid user webmaster from 201.219.9.12 port 56240 ssh2
Feb 20 15:01:04 michael-yap sshd[27846]: User mysql from 201.219.9.12 not allowed because not listed in AllowUsers
Feb 20 15:01:04 michael-yap sshd[27846]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.219.9.12 user=mysql
Feb 20 15:01:07 michael-yap sshd[27846]: Failed password for invalid user mysql from 201.219.9.12 port 56589 ssh2
Feb 20 15:01:07 michael-yap sshd[27874]: refused connect from ::ffff:201.219.9.12 (::ffff:201.219.9.12)

YOU ARE DENIED MR. #$@#$%!