Category Archives: Energomontazh

[Fail2Ban] ssh: banned 91.223.89.47

Hi,

The IP 91.223.89.47 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 91.223.89.47:

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘91.223.89.0 – 91.223.89.255’

% No abuse contact registered for 91.223.89.0 – 91.223.89.255

inetnum: 91.223.89.0 – 91.223.89.255
netname: ENERGOMONTAZH-NET
descr: ENERGOMONTAZH ltd.
country: RU
org: ORG-El113-RIPE
admin-c: AV5863-RIPE
tech-c: AV5863-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: MNT-ENERGOMONTAZH
mnt-routes: MNT-ENERGOMONTAZH
mnt-routes: Cosmonova-MNT
mnt-domains: MNT-ENERGOMONTAZH
source: RIPE # Filtered

organisation: ORG-El113-RIPE
org-name: ENERGOMONTAZH ltd.
org-type: OTHER
address: Aleutskaya str. 29, off. 22, Vladivostok, Russian Federation
mnt-ref: MNT-ENERGOMONTAZH
mnt-by: MNT-ENERGOMONTAZH
source: RIPE # Filtered

person: Aleksandr Volosovyk
address: Vladivostok, Russian Federation
phone: +74999186174
nic-hdl: AV5863-RIPE
mnt-by: MNT-ENERGOMONTAZH
source: RIPE # Filtered

% Information related to ‘91.223.89.0/24AS34867’

route: 91.223.89.0/24
descr: Cosmonova DC – ENERGOMONTAZH
origin: AS34867
mnt-by: Cosmonova-MNT
source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.72 (DBC-WHOIS1)

Lines containing IP:91.223.89.47 in /var/log/auth.log

Apr 29 05:41:12 vps3 sshd[25489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47 user=root
Apr 29 05:41:14 vps3 sshd[25489]: Failed password for root from 91.223.89.47 port 35635 ssh2
Apr 29 05:41:14 vps3 sshd[25489]: Received disconnect from 91.223.89.47: 11: Bye Bye [preauth]
Apr 29 05:41:15 vps3 sshd[25491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47 user=root
Apr 29 05:41:17 vps3 sshd[25491]: Failed password for root from 91.223.89.47 port 36793 ssh2
Apr 29 05:41:17 vps3 sshd[25491]: Received disconnect from 91.223.89.47: 11: Bye Bye [preauth]
Apr 29 05:41:18 vps3 sshd[25493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47 user=root
Apr 29 05:41:20 vps3 sshd[25493]: Failed password for root from 91.223.89.47 port 37872 ssh2
Apr 29 05:41:20 vps3 sshd[25493]: Received disconnect from 91.223.89.47: 11: Bye Bye [preauth]
Apr 29 05:41:21 vps3 sshd[25495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47 user=root
Apr 29 05:41:23 vps3 sshd[25495]: Failed password for root from 91.223.89.47 port 38937 ssh2
Apr 29 05:41:23 vps3 sshd[25495]: Received disconnect from 91.223.89.47: 11: Bye Bye [preauth]
Apr 29 05:41:24 vps3 sshd[25497]: Invalid user wxia from 91.223.89.47
Apr 29 05:41:24 vps3 sshd[25497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47
Apr 29 05:41:26 vps3 sshd[25497]: Failed password for invalid user wxia from 91.223.89.47 port 39844 ssh2
Apr 29 05:41:26 vps3 sshd[25497]: Received disconnect from 91.223.89.47: 11: Bye Bye [preauth]
Apr 29 05:41:27 vps3 sshd[25500]: Invalid user denny from 91.223.89.47
Apr 29 05:41:27 vps3 sshd[25500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47
Apr 29 05:41:29 vps3 sshd[25500]: Failed password for invalid user denny from 91.223.89.47 port 41061 ssh2
May 1 04:13:05 vps3 sshd[6062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47 user=root
May 1 04:13:07 vps3 sshd[6062]: Failed password for root from 91.223.89.47 port 51598 ssh2
May 1 04:13:07 vps3 sshd[6062]: Received disconnect from 91.223.89.47: 11: Bye Bye [preauth]
May 1 04:13:08 vps3 sshd[6064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47 user=root
May 1 04:13:10 vps3 sshd[6064]: Failed password for root from 91.223.89.47 port 53777 ssh2
May 1 04:13:10 vps3 sshd[6064]: Received disconnect from 91.223.89.47: 11: Bye Bye [preauth]
May 1 04:13:11 vps3 sshd[6066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47 user=root
May 1 04:13:14 vps3 sshd[6066]: Failed password for root from 91.223.89.47 port 54825 ssh2
May 1 04:13:14 vps3 sshd[6066]: Received disconnect from 91.223.89.47: 11: Bye Bye [preauth]
May 1 04:13:15 vps3 sshd[6068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47 user=root
May 1 04:13:17 vps3 sshd[6068]: Failed password for root from 91.223.89.47 port 55954 ssh2
May 1 04:13:18 vps3 sshd[6068]: Received disconnect from 91.223.89.47: 11: Bye Bye [preauth]
May 1 04:13:19 vps3 sshd[6070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47 user=root
May 1 04:13:20 vps3 sshd[6070]: Failed password for root from 91.223.89.47 port 57172 ssh2
May 1 04:13:21 vps3 sshd[6070]: Received disconnect from 91.223.89.47: 11: Bye Bye [preauth]
May 1 04:13:22 vps3 sshd[6072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47 user=root
May 1 04:13:24 vps3 sshd[6072]: Failed password for root from 91.223.89.47 port 58211 ssh2
May 1 04:13:24 vps3 sshd[6072]: Received disconnect from 91.223.89.47: 11: Bye Bye [preauth]
May 1 04:13:25 vps3 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.223.89.47 user=root