[Fail2Ban] ssh: banned 58.215.172.27

Hi,

The IP 58.215.172.27 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 58.215.172.27:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘58.208.0.0 – 58.223.255.255’

inetnum: 58.208.0.0 – 58.223.255.255
netname: CHINANET-JS
descr: CHINANET jiangsu province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
country: CN
admin-c: CH93-AP
tech-c: CJ186-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-JS
mnt-routes: MAINT-CHINANET-JS
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation’s account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20050624
source: APNIC

role: CHINANET JIANGSU
address: 260 Zhongyang Road,Nanjing 210037
country: CN
phone: +86-25-86588231
phone: +86-25-86588745
fax-no: +86-25-86588104
e-mail: ip@jsinfo.net
remarks: send anti-spam reports to spam@jsinfo.net
remarks: send abuse reports to abuse@jsinfo.net
remarks: times in GMT+8
admin-c: CH360-AP
tech-c: CS306-AP
tech-c: CN142-AP
nic-hdl: CJ186-AP
remarks: www.jsinfo.net
notify: ip@jsinfo.net
mnt-by: MAINT-CHINANET-JS
changed: dns@jsinfo.net 20090831
changed: ip@jsinfo.net 20090831
changed: hm-changed@apnic.net 20090901
source: APNIC
changed: hm-changed@apnic.net 20111114

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
changed: zhengzm@gsta.com 20140227
mnt-by: MAINT-CHINANET
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS3)

Lines containing IP:58.215.172.27 in /var/log/auth.log

Apr 29 19:21:32 vps3 sshd[30433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.215.172.27 user=root
Apr 29 19:21:34 vps3 sshd[30433]: Failed password for root from 58.215.172.27 port 45002 ssh2
Apr 29 19:21:35 vps3 sshd[30433]: Received disconnect from 58.215.172.27: 11: Bye Bye [preauth]
Apr 29 19:21:36 vps3 sshd[30435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.215.172.27 user=root
Apr 29 19:21:39 vps3 sshd[30435]: Failed password for root from 58.215.172.27 port 46146 ssh2
Apr 29 19:21:39 vps3 sshd[30435]: Received disconnect from 58.215.172.27: 11: Bye Bye [preauth]
Apr 29 19:21:40 vps3 sshd[30437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.215.172.27 user=root
Apr 29 19:21:42 vps3 sshd[30437]: Failed password for root from 58.215.172.27 port 47298 ssh2
Apr 29 19:21:43 vps3 sshd[30437]: Received disconnect from 58.215.172.27: 11: Bye Bye [preauth]
Apr 29 19:21:44 vps3 sshd[30439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.215.172.27 user=root
Apr 29 19:21:46 vps3 sshd[30439]: Failed password for root from 58.215.172.27 port 48382 ssh2
Apr 29 19:21:47 vps3 sshd[30439]: Received disconnect from 58.215.172.27: 11: Bye Bye [preauth]
Apr 29 19:21:48 vps3 sshd[30441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.215.172.27 user=root
Apr 29 19:21:50 vps3 sshd[30441]: Failed password for root from 58.215.172.27 port 49485 ssh2
Apr 29 19:21:50 vps3 sshd[30441]: Received disconnect from 58.215.172.27: 11: Bye Bye [preauth]
Apr 29 19:21:52 vps3 sshd[30443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.215.172.27 user=root
Apr 29 19:21:54 vps3 sshd[30443]: Failed password for root from 58.215.172.27 port 50605 ssh2
Apr 29 19:21:54 vps3 sshd[30443]: Received disconnect from 58.215.172.27: 11: Bye Bye [preauth]
Apr 29 19:21:56 vps3 sshd[30445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.215.172.27 user=root

Leave a Reply

Your email address will not be published. Required fields are marked *