Category Archives: Chinanet

[Fail2Ban] ssh: banned 116.10.191.223

Hi,

The IP 116.10.191.223 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 116.10.191.223:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘116.8.0.0 – 116.11.255.255’

inetnum: 116.8.0.0 – 116.11.255.255
netname: CHINANET-GX
descr: CHINANET Guangxi province network
descr: Data Communication Division
descr: China Telecom
country: CN
admin-c: CR76-AP
tech-c: BD37-AP
status: ALLOCATED PORTABLE
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET
mnt-lower: MAINT-CHINANET-GX
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation’s account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20070322
source: APNIC

person: Bin Deng
nic-hdl: BD37-AP
e-mail: 18977164171@189.cn
address: Guangxi data comm.Bureau
address: 35 Minzhu Road
address: Nanning city
address: Guangxi 530015 China
phone: +86-771-2835112
fax-no: +86-771-2839278
country: CN
changed: rebecca@public.nn.gx.cn 20021023
changed: zhengzm@gsta.com 20140326
mnt-by: MAINT-CHINANET-GX
source: APNIC

person: Cailing Ruan
nic-hdl: CR76-AP
e-mail: 18977164171@189.cn
address: Guangxi data comm.Bureau
address: 35 Minzhu Road
address: Nanning city
address: Guangxi 530015 China
phone: +86-771-2815987
fax-no: +86-771-2839278
country: CN
changed: rebecca@public.nn.gx.cn 20021023
changed: zhengzm@gsta.com 20140326
mnt-by: MAINT-CHINANET-GX
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS2)

Lines containing IP:116.10.191.223 in /var/log/auth.log

Apr 28 13:49:25 vps3 sshd[20638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.10.191.223 user=root
Apr 28 13:49:27 vps3 sshd[20638]: Failed password for root from 116.10.191.223 port 2603 ssh2
Apr 28 13:49:28 vps3 sshd[20638]: Failed password for root from 116.10.191.223 port 2603 ssh2
Apr 28 13:49:31 vps3 sshd[20638]: Failed password for root from 116.10.191.223 port 2603 ssh2
Apr 28 13:49:34 vps3 sshd[20638]: Failed password for root from 116.10.191.223 port 2603 ssh2
Apr 28 13:49:36 vps3 sshd[20638]: Failed password for root from 116.10.191.223 port 2603 ssh2
Apr 28 13:49:38 vps3 sshd[20638]: Failed password for root from 116.10.191.223 port 2603 ssh2
Apr 28 13:49:38 vps3 sshd[20638]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.10.191.223 user=root

[Fail2Ban] ssh: banned 118.122.120.128

Hi,

The IP 118.122.120.128 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 118.122.120.128:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘118.120.0.0 – 118.123.255.255’

inetnum: 118.120.0.0 – 118.123.255.255
netname: CHINANET-SC
descr: CHINANET Sichuan province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
country: CN
admin-c: CH93-AP
tech-c: CS408-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-SC
mnt-routes: MAINT-CHINANET-SC
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation’s account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20070912
source: APNIC

role: CHINANET SICHUAN
address: No.72,Wen Miao Qian Str Chengdu SiChuan PR China
country: CN
phone: +86-28-86190657
fax-no: +86-25-86190641
e-mail: scipadmin2013@189.cn
remarks: send anti-spam reports to scipadmin2013@189.cn
remarks: send abuse reports to scipadmin2013@189.cn
remarks: times in GMT+8
remarks: noc.cd.sc.cn
admin-c: YZ43-AP
tech-c: RL357-AP
tech-c: XS16-AP
nic-hdl: CS408-AP
notify: scipadmin2013@189.cn
mnt-by: MAINT-CHINANET-SC
changed: zhengzm@gsta.com 20131226
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
changed: zhengzm@gsta.com 20140227
mnt-by: MAINT-CHINANET
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS1)

Lines containing IP:118.122.120.128 in /var/log/auth.log

Apr 27 10:37:30 vps3 sshd[6591]: Did not receive identification string from 118.122.120.128
Apr 27 11:47:54 vps3 sshd[7083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.122.120.128 user=root
Apr 27 11:47:56 vps3 sshd[7083]: Failed password for root from 118.122.120.128 port 39070 ssh2
Apr 27 11:47:59 vps3 sshd[7083]: Failed password for root from 118.122.120.128 port 39070 ssh2
Apr 27 11:48:01 vps3 sshd[7083]: Failed password for root from 118.122.120.128 port 39070 ssh2
Apr 27 11:48:01 vps3 sshd[7083]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.122.120.128 user=root
Apr 27 11:48:05 vps3 sshd[7089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.122.120.128 user=root
Apr 27 11:48:08 vps3 sshd[7089]: Failed password for root from 118.122.120.128 port 39341 ssh2
Apr 27 11:48:11 vps3 sshd[7089]: Failed password for root from 118.122.120.128 port 39341 ssh2
Apr 27 11:48:14 vps3 sshd[7089]: Failed password for root from 118.122.120.128 port 39341 ssh2
Apr 27 11:48:14 vps3 sshd[7089]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.122.120.128 user=root

[Fail2Ban] ssh: banned 222.242.105.93

Hi,

The IP 222.242.105.93 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 222.242.105.93:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘222.240.0.0 – 222.247.255.255’

inetnum: 222.240.0.0 – 222.247.255.255
netname: CHINANET-HN
descr: CHINANET Hunan province network
descr: China Telecom
descr: No1,jin-rong Street
descr: Beijing 100032
country: CN
admin-c: CH93-AP
tech-c: YX69-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-HN
mnt-routes: MAINT-CHINANET-HN
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation’s account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20040326
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
changed: zhengzm@gsta.com 20140227
mnt-by: MAINT-CHINANET
source: APNIC

person: Yali Xiao
address: Hunan Data Communication Bureau No.9 middle wuyi road ChangSha city,Hunan ,P.R.China 410011
country: CN
phone: +86-731-2260079
fax-no: +86-731-2265549
e-mail: liul@hnpta.net.cn
nic-hdl: YX69-AP
mnt-by: MAINT-CHINANET-HUNAN
changed: liul@hndcb.hnpta.net.cn 20010523
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS2)

Lines containing IP:222.242.105.93 in /var/log/auth.log

Apr 27 08:29:10 vps3 sshd[6074]: Invalid user a from 222.242.105.93
Apr 27 08:29:10 vps3 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.105.93
Apr 27 08:29:12 vps3 sshd[6074]: Failed password for invalid user a from 222.242.105.93 port 39781 ssh2
Apr 27 08:29:12 vps3 sshd[6074]: Received disconnect from 222.242.105.93: 11: Bye Bye [preauth]
Apr 27 08:29:15 vps3 sshd[6076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.105.93 user=root
Apr 27 08:29:16 vps3 sshd[6076]: Failed password for root from 222.242.105.93 port 41187 ssh2
Apr 27 08:29:17 vps3 sshd[6076]: Received disconnect from 222.242.105.93: 11: Bye Bye [preauth]
Apr 27 08:29:19 vps3 sshd[6078]: Invalid user postgres from 222.242.105.93
Apr 27 08:29:19 vps3 sshd[6078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.105.93
Apr 27 08:29:21 vps3 sshd[6078]: Failed password for invalid user postgres from 222.242.105.93 port 42645 ssh2
Apr 27 08:29:21 vps3 sshd[6078]: Received disconnect from 222.242.105.93: 11: Bye Bye [preauth]
Apr 27 08:29:24 vps3 sshd[6080]: Invalid user nagios from 222.242.105.93
Apr 27 08:29:24 vps3 sshd[6080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.105.93

[Fail2Ban] ssh: banned 60.173.26.69

Hi,

The IP 60.173.26.69 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 60.173.26.69:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘60.166.0.0 – 60.175.255.255’

inetnum: 60.166.0.0 – 60.175.255.255
netname: CHINANET-AH
descr: CHINANET anhui province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
country: CN
admin-c: CH93-AP
tech-c: JW89-AP
mnt-by: APNIC-HM
mnt-routes: MAINT-CHINANET-AH
mnt-lower: MAINT-CHINANET-AH
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20040721
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
changed: zhengzm@gsta.com 20140227
mnt-by: MAINT-CHINANET
source: APNIC

person: Jinneng Wang
address: 17/F, Postal Building No.120 Changjiang
address: Middle Road, Hefei, Anhui, China
country: CN
phone: +86-551-2659073
fax-no: +86-551-2659287
e-mail: ahdata@189.cn
nic-hdl: JW89-AP
mnt-by: MAINT-CHINANET-AH
changed: wang@mail.hf.ah.cninfo.net 19990818
changed: hm-changed@apnic.net 20140221
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS2)

Lines containing IP:60.173.26.69 in /var/log/auth.log

Apr 25 19:31:41 vps3 sshd[11271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:31:43 vps3 sshd[11271]: Failed password for root from 60.173.26.69 port 13398 ssh2
Apr 25 19:31:43 vps3 sshd[11271]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:31:45 vps3 sshd[11273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:31:46 vps3 sshd[11273]: Failed password for root from 60.173.26.69 port 14250 ssh2
Apr 25 19:31:46 vps3 sshd[11273]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:31:48 vps3 sshd[11275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:31:50 vps3 sshd[11275]: Failed password for root from 60.173.26.69 port 15008 ssh2
Apr 25 19:31:50 vps3 sshd[11275]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:31:52 vps3 sshd[11277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:31:54 vps3 sshd[11277]: Failed password for root from 60.173.26.69 port 15848 ssh2
Apr 25 19:31:54 vps3 sshd[11277]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:31:56 vps3 sshd[11280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:31:58 vps3 sshd[11280]: Failed password for root from 60.173.26.69 port 16657 ssh2
Apr 25 19:31:58 vps3 sshd[11280]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:32:00 vps3 sshd[11282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:32:01 vps3 sshd[11282]: Failed password for root from 60.173.26.69 port 17537 ssh2
Apr 25 19:32:02 vps3 sshd[11282]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:32:03 vps3 sshd[11284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root