<div dir="ltr">It's a rare hosting shop that actually does anything with these, but I do it anyway.<div><br></div><div>Here's the example complaint:<br><br><div class="gmail_quote">---------- Forwarded message ----------<br>
From: <b class="gmail_sendername">Lisa Kachold</b> <span dir="ltr"><<a href="mailto:lisakachold@obnosis.com">lisakachold@obnosis.com</a>></span><br>Date: Thu, Sep 26, 2013</div><div class="gmail_quote">Subject: Aggressive Hacking Attempts from your IP<br>
To: <a href="mailto:oles@ovh.net">oles@ovh.net</a>, <a href="mailto:abuse@ovh.com">abuse@ovh.com</a>, <a href="mailto:support@ovh.net">support@ovh.net</a><br><br><div dir="ltr">Complaint:<div><br></div><div><br><div>Aggressive exploit attempts from your hosted IP:<br>
<br><div class="gmail_quote"><div dir="ltr"><div class="im"><div>Nmap scan report for 192.95.38.42</div><div>Host is up (0.087s latency).</div>
<div>Not shown: 998 filtered ports</div><div>PORT STATE SERVICE</div><div>3389/tcp open ms-wbt-server</div><div>49154/tcp open unknown</div>
<div><br></div><div>Nmap done: 1 IP address (1 host up) scanned in 12.64 seconds</div><div>[root@fly-obnosis-com asil]# </div><div><br></div></div><div>Easily exploited port 3389 is open. SUSPECT it has been ENCROACHED.</div>
<div><br></div>Overview: <a href="http://www.dome9.com/security-challenges/rdp-port-3389-security" target="_blank">http://www.dome9.com/security-challenges/rdp-port-3389-security</a><div><br></div><div><div>IP Ownership:<br>
</div><div class="im"><div><br></div><div><table width="100%" cellpadding="0" cellspacing="0" border="0" style="font-family:'Times New Roman'">
<tbody><tr><td width="20" nowrap> </td><td valign="top"><table bgcolor="#f3f0e0" width="728" cellpadding="5" cellspacing="1" border="0"><tbody><tr><td colspan="2" style="font-size:19px;line-height:22px;font-family:'trebuchet ms'">
192.95.38.42 - Geo Information</td></tr><tr><td bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">IP Address</td><td bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
<a href="http://cqcounter.com/traceroute/?query=192.95.38.42" style="color:rgb(0,0,153)" target="_blank">192.95.38.42</a></td></tr><tr><td bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Host</td><td bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">192.95.38.42</td></tr><tr><td bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Location</td><td bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'"><img src="http://n1.dlcache.com/flags/us.gif" border="0" alt="US"> US, United States</td></tr><tr><td bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
City</td><td bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">Newark, NJ 07102</td></tr><tr><td bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Organization</td><td bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">OVH Hosting</td></tr><tr><td bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
ISP</td><td bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">OVH Hosting</td></tr><tr><td bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
AS Number</td><td bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">AS16276 OVH Systems</td></tr><tr><td bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Latitude</td><td bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">40°73'55" North</td></tr><tr><td bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Longitude</td><td bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">74°17'41" West</td></tr><tr><td bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Distance</td><td bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">7593.96 km (4718.67 miles)</td></tr></tbody></table></td></tr></tbody></table></div><div><br></div><div>
<a href="http://www.ovh.com/us/index.xml" target="_blank">http://www.ovh.com/us/index.xml</a></div><div><br></div><div>This is a hosting account on an international hosting provider. </div></div><div><div><br></div><div>
Might have to block all of OVH IP Ranges? </div>
<div><br></div><div><a href="http://bgp.he.net/AS16276" target="_blank">http://bgp.he.net/AS16276</a><br></div><div><div class="im"><br><div class="gmail_quote">---------- Forwarded message ----------<br>
From: <b class="gmail_sendername">DenyHosts</b> <span dir="ltr"><<a href="mailto:nobody@mail.obnosis.com" target="_blank">nobody@mail.obnosis.com</a>></span><br>Date: Wed, Sep 25, 2013 at 5:07 PM<br>Subject: DenyHosts Report from mail<br>
To: <a href="mailto:lisakachold@obnosis.com" target="_blank">lisakachold@obnosis.com</a><br><br><br><div>Added the following hosts to /etc/hosts.deny:<br>
<br>
</div>192.95.38.42 (unknown)<br>
<br>
---------------------------------------------------------------------</div><div class="gmail_quote"><br></div></div><div class="gmail_quote">LOGs:</div><div class="gmail_quote"><br></div><div class="gmail_quote"><div class="gmail_quote">
# DenyHosts: Wed Sep 25 17:07:15 2013 | sshd: 192.95.38.42</div><div class="gmail_quote">sshd: 192.95.38.42</div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote">[root@mail ~]#</div>
<div class="gmail_quote"><br></div><div class="gmail_quote"><div class="gmail_quote">Sep 25 17:07:10 server sshd[28818]: Did not receive identification string from 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:12 server sshd[28821]: Invalid user admin from 192.95.38.42</div>
<div class="gmail_quote">Sep 25 17:07:12 server sshd[28821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.95.38.42 </div><div class="gmail_quote">Sep 25 17:07:12 server sshd[28824]: Invalid user admin from 192.95.38.42</div>
<div class="gmail_quote">Sep 25 17:07:12 server sshd[28830]: Invalid user admin from 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:13 server sshd[28824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.95.38.42 </div>
<div class="gmail_quote">Sep 25 17:07:13 server sshd[28830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.95.38.42 </div><div class="gmail_quote">Sep 25 17:07:13 server sshd[28837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.95.38.42 user=root</div>
<div class="gmail_quote">Sep 25 17:07:14 server sshd[28841]: Did not receive identification string from 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:14 server sshd[28829]: Invalid user admin from 192.95.38.42</div>
<div class="gmail_quote">Sep 25 17:07:14 server sshd[28829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.95.38.42 </div><div class="gmail_quote">Sep 25 17:07:15 server sshd[28821]: Failed password for invalid user admin from 192.95.38.42 port 62644 ssh2</div>
<div class="gmail_quote">Sep 25 17:07:15 server sshd[28824]: Failed password for invalid user admin from 192.95.38.42 port 62657 ssh2</div><div class="gmail_quote">Sep 25 17:07:15 server sshd[28830]: Failed password for invalid user admin from 192.95.38.42 port 62671 ssh2</div>
<div class="gmail_quote">Sep 25 17:07:15 server sshd[28825]: Connection closed by 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:15 server sshd[28828]: Connection closed by 192.95.38.42</div><div class="gmail_quote">
Sep 25 17:07:15 server sshd[28836]: Connection closed by 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:15 server sshd[28837]: Failed password for root from 192.95.38.42 port 62714 ssh2</div><div class="gmail_quote">
Sep 25 17:07:15 server sshd[28840]: Connection closed by 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:16 server sshd[28829]: Failed password for invalid user admin from 192.95.38.42 port 62672 ssh2</div><div class="gmail_quote">
Sep 25 17:07:16 server sshd[28835]: Connection closed by 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:16 server sshd[28847]: Invalid user admin from 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:16 server sshd[28856]: Invalid user admin from 192.95.38.42</div>
<div class="gmail_quote">Sep 25 17:07:16 server sshd[28847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.95.38.42 </div><div class="gmail_quote">Sep 25 17:07:16 server sshd[28844]: Invalid user admin from 192.95.38.42</div>
<div class="gmail_quote">Sep 25 17:07:16 server sshd[28850]: Invalid user admin from 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:16 server sshd[28857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.95.38.42 user=root</div>
<div class="gmail_quote">Sep 25 17:07:16 server sshd[28856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.95.38.42 </div><div class="gmail_quote">Sep 25 17:07:16 server sshd[28870]: refused connect from 192.95.38.42 (192.95.38.42)</div>
<div class="gmail_quote">Sep 25 17:07:16 server sshd[28844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.95.38.42 </div><div class="gmail_quote">Sep 25 17:07:17 server sshd[28873]: refused connect from 192.95.38.42 (192.95.38.42)</div>
<div class="gmail_quote">Sep 25 17:07:17 server sshd[28850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.95.38.42 </div><div class="gmail_quote">Sep 25 17:07:17 server sshd[28876]: refused connect from 192.95.38.42 (192.95.38.42)</div>
<div class="gmail_quote">Sep 25 17:07:17 server sshd[28879]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">Sep 25 17:07:17 server sshd[28880]: refused connect from 192.95.38.42 (192.95.38.42)</div>
<div class="gmail_quote">Sep 25 17:07:18 server sshd[28847]: Failed password for invalid user admin from 192.95.38.42 port 62827 ssh2</div><div class="gmail_quote">Sep 25 17:07:18 server sshd[28850]: Failed password for invalid user admin from 192.95.38.42 port 62828 ssh2</div>
<div class="gmail_quote">Sep 25 17:07:19 server sshd[28854]: Connection closed by 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:19 server sshd[28857]: Failed password for root from 192.95.38.42 port 62834 ssh2</div>
<div class="gmail_quote">Sep 25 17:07:19 server sshd[28855]: Connection closed by 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:19 server sshd[28856]: Failed password for invalid user admin from 192.95.38.42 port 62833 ssh2</div>
<div class="gmail_quote">Sep 25 17:07:19 server sshd[28844]: Failed password for invalid user admin from 192.95.38.42 port 62823 ssh2</div><div class="gmail_quote">Sep 25 17:07:19 server sshd[28863]: Connection closed by 192.95.38.42</div>
<div class="gmail_quote">Sep 25 17:07:19 server sshd[28862]: Connection closed by 192.95.38.42</div><div class="gmail_quote">Sep 25 17:07:19 server sshd[28853]: Connection closed by 192.95.38.42</div><div class="gmail_quote">
Sep 25 17:07:19 server sshd[28885]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">Sep 25 17:07:19 server sshd[28888]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">
Sep 25 17:07:19 server sshd[28891]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">Sep 25 17:07:19 server sshd[28894]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">
Sep 25 17:07:19 server sshd[28897]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">Sep 25 17:08:25 server sshd[28904]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">
Sep 25 17:08:26 server sshd[28907]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">Sep 25 17:08:26 server sshd[28910]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">
Sep 25 17:08:28 server sshd[28913]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">Sep 25 17:08:28 server sshd[28916]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">
Sep 25 17:08:28 server sshd[28917]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">Sep 25 17:08:28 server sshd[28918]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">
Sep 25 17:08:28 server sshd[28923]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">Sep 25 17:08:28 server sshd[28928]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">
Sep 25 17:08:28 server sshd[28929]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">Sep 25 17:09:31 server sshd[28936]: refused connect from 192.95.38.42 (192.95.38.42)</div><div class="gmail_quote">
Sep 25 17:09:31 server sshd[28939]: refused connect from 192.95.38.42 (192.95.38.42)</div></div><div class="gmail_quote"><br></div><div class="gmail_quote"> </div><div><br></div></div><span><font color="#888888"><div>
Times are MST:</div><div class="im"><div><br></div>-- <br><div><br></div><a href="tel:%28503%29%20754-4452" value="+15037544452" target="_blank">(503) 754-4452</a> Android<br><a href="tel:%28623%29%20239-3392" value="+16232393392" target="_blank">(623) 239-3392</a> Skype<br>
<a href="tel:%28623%29%20688-3392" value="+16236883392" target="_blank">(623) 688-3392</a> Google Voice<br>**<br><a href="http://it-clowns.com/c/" target="_blank">it-clowns.com</a><br>
Chief Clown<br><br><br></div></font></span></div></div></div></div></div></div></div></div></div><br>
</div></div>