Category Archives: HANGZHOU

[Fail2Ban] ssh: banned 115.238.236.88

The IP 115.238.236.88 has just been banned by Fail2Ban after
7 attempts against ssh.

Here are more information about 115.238.236.88:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘115.238.236.0 – 115.238.237.255’

inetnum: 115.238.236.0 – 115.238.237.255
netname: HANGZHOU-SRT-TECHNOLOGY-CO-LTD
country: CN
descr: HANGZHOU SRT TECHNOLOGY CO., LTD
descr:
admin-c: BB324-AP
tech-c: CH119-AP
mnt-irt: IRT-CHINANET-ZJ
status: ASSIGNED NON-PORTABLE
changed: zjnoc_ip_1@163.com 20120730
mnt-by: MAINT-CN-CHINANET-ZJ-HU
source: APNIC

irt: IRT-CHINANET-ZJ
address: Hangzhou, 288 fucun Road, China
e-mail: lfliu@pubinfo.com.cn
abuse-mailbox: antispam@dcb.hz.zj.cn
admin-c: CZ61-AP
tech-c: CZ61-AP
auth: # Filtered
mnt-by: MAINT-CHINANET-ZJ
changed: auto-dbm@dcb.hz.zj.cn 20101129
source: APNIC

role: CHINANET-ZJ Huzhou
address: No.18 Hongqi Road,Huzhou,Zhejiang.313000
country: CN
phone: +86-572-2022163
fax-no: +86-572-2210609
e-mail: anti_spam@mail.huptt.zj.cn
remarks: send spam reports to anti_spam@mail.huptt.zj.cn
remarks: and abuse reports to anti_spam@mail.huptt.zj.cn
remarks: Please include detailed information and times in UTC
admin-c: CH50-AP
tech-c: CH50-AP
nic-hdl: CH119-AP
mnt-by: MAINT-CHINANET-ZJ
changed: master@dcb.hz.zj.cn 20031204
source: APNIC
changed: hm-changed@apnic.net 20111114

person: Bing Bai
nic-hdl: BB324-AP
e-mail: anti_spam@mail.huptt.zj.cn
address: Huzhou,Zhejiang.Postcode:313000
phone: +86-13666633017
country: CN
changed: zjnoc_ip_3@163.com 20131107
mnt-by: MAINT-CN-CHINANET-ZJ-HU
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS2)

Lines containing IP:115.238.236.88 in /var/log/auth.log

May 20 19:06:59 vps3 sshd[8596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.88 user=root
May 20 19:06:59 vps3 sshd[8597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.88 user=root
May 20 19:06:59 vps3 sshd[8600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.88 user=root
May 20 19:06:59 vps3 sshd[8598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.88 user=root
May 20 19:06:59 vps3 sshd[8599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.88 user=root
May 20 19:06:59 vps3 sshd[8601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.88 user=root
May 20 19:07:00 vps3 sshd[8602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.88 user=root
May 20 19:07:01 vps3 sshd[8596]: Failed password for root from 115.238.236.88 port 30916 ssh2
May 20 19:07:01 vps3 sshd[8597]: Failed password for root from 115.238.236.88 port 30919 ssh2
May 20 19:07:01 vps3 sshd[8600]: Failed password for root from 115.238.236.88 port 30923 ssh2
May 20 19:07:01 vps3 sshd[8598]: Failed password for root from 115.238.236.88 port 30918 ssh2
May 20 19:07:01 vps3 sshd[8599]: Failed password for root from 115.238.236.88 port 30914 ssh2
May 20 19:07:01 vps3 sshd[8601]: Failed password for root from 115.238.236.88 port 30922 ssh2
May 20 19:07:01 vps3 sshd[8602]: Failed password for root from 115.238.236.88 port 30917 ssh2
May 20 19:07:03 vps3 sshd[8600]: Failed password for root from 115.238.236.88 port 30923 ssh2
May 20 19:07:03 vps3 sshd[8596]: Failed password for root from 115.238.236.88 port 30916 ssh2
May 20 19:07:03 vps3 sshd[8597]: Failed password for root from 115.238.236.88 port 30919 ssh2
May 20 19:07:03 vps3 sshd[8598]: Failed password for root from 115.238.236.88 port 30918 ssh2
May 20 19:07:03 vps3 sshd[8599]: Failed password for root from 115.238.236.88 port 30914 ssh2
May 20 19:07:03 vps3 sshd[8601]: Failed password for root from 115.238.236.88 port 30922 ssh2
May 20 19:07:03 vps3 sshd[8602]: Failed password for root from 115.238.236.88 port 30917 ssh2

[Fail2Ban] ssh: banned 61.174.51.226

Hi,

The IP 61.174.51.226 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 61.174.51.226:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘61.174.51.192 – 61.174.51.255’

inetnum: 61.174.51.192 – 61.174.51.255
netname: HANGZHOU-SRT-TECHNOLOGY-CO-LTD
country: CN
descr: HANGZHOU SRT TECHNOLOGY CO., LTD
descr:
admin-c: BB324-AP
tech-c: CH119-AP
mnt-irt: IRT-CHINANET-ZJ
status: ASSIGNED NON-PORTABLE
changed: zjnoc_ip_4@163.com 20130508
mnt-by: MAINT-CN-CHINANET-ZJ-HU
source: APNIC

irt: IRT-CHINANET-ZJ
address: Hangzhou, 288 fucun Road, China
e-mail: lfliu@pubinfo.com.cn
abuse-mailbox: antispam@dcb.hz.zj.cn
admin-c: CZ61-AP
tech-c: CZ61-AP
auth: # Filtered
mnt-by: MAINT-CHINANET-ZJ
changed: auto-dbm@dcb.hz.zj.cn 20101129
source: APNIC

role: CHINANET-ZJ Huzhou
address: No.18 Hongqi Road,Huzhou,Zhejiang.313000
country: CN
phone: +86-572-2022163
fax-no: +86-572-2210609
e-mail: anti_spam@mail.huptt.zj.cn
remarks: send spam reports to anti_spam@mail.huptt.zj.cn
remarks: and abuse reports to anti_spam@mail.huptt.zj.cn
remarks: Please include detailed information and times in UTC
admin-c: CH50-AP
tech-c: CH50-AP
nic-hdl: CH119-AP
mnt-by: MAINT-CHINANET-ZJ
changed: master@dcb.hz.zj.cn 20031204
source: APNIC
changed: hm-changed@apnic.net 20111114

person: Bing Bai
nic-hdl: BB324-AP
e-mail: anti_spam@mail.huptt.zj.cn
address: Huzhou,Zhejiang.Postcode:313000
phone: +86-13666633017
country: CN
changed: zjnoc_ip_3@163.com 20131107
mnt-by: MAINT-CN-CHINANET-ZJ-HU
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS1)

Lines containing IP:61.174.51.226 in /var/log/auth.log

Apr 30 00:32:56 vps3 sshd[31621]: reverse mapping checking getaddrinfo for 226.51.174.61.dial.wz.zj.dynamic.163data.com.cn [61.174.51.226] failed – POSSIBLE BREAK-IN ATTEMPT!
Apr 30 00:32:56 vps3 sshd[31621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.174.51.226 user=root
Apr 30 00:32:58 vps3 sshd[31621]: Failed password for root from 61.174.51.226 port 1616 ssh2
Apr 30 00:32:59 vps3 sshd[31620]: reverse mapping checking getaddrinfo for 226.51.174.61.dial.wz.zj.dynamic.163data.com.cn [61.174.51.226] failed – POSSIBLE BREAK-IN ATTEMPT!
Apr 30 00:32:59 vps3 sshd[31620]: Invalid user admin from 61.174.51.226
Apr 30 00:33:01 vps3 sshd[31621]: Failed password for root from 61.174.51.226 port 1616 ssh2
Apr 30 00:33:05 vps3 sshd[31621]: Failed password for root from 61.174.51.226 port 1616 ssh2
Apr 30 00:33:06 vps3 sshd[31620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.174.51.226
Apr 30 00:33:08 vps3 sshd[31621]: Failed password for root from 61.174.51.226 port 1616 ssh2
Apr 30 00:33:08 vps3 sshd[31620]: Failed password for invalid user admin from 61.174.51.226 port 2561 ssh2

[Fail2Ban] ssh: banned 61.174.51.221

Hi,

The IP 61.174.51.221 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 61.174.51.221:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘61.174.51.192 – 61.174.51.255’

inetnum: 61.174.51.192 – 61.174.51.255
netname: HANGZHOU-SRT-TECHNOLOGY-CO-LTD
country: CN
descr: HANGZHOU SRT TECHNOLOGY CO., LTD
descr:
admin-c: BB324-AP
tech-c: CH119-AP
mnt-irt: IRT-CHINANET-ZJ
status: ASSIGNED NON-PORTABLE
changed: zjnoc_ip_4@163.com 20130508
mnt-by: MAINT-CN-CHINANET-ZJ-HU
source: APNIC

irt: IRT-CHINANET-ZJ
address: Hangzhou, 288 fucun Road, China
e-mail: lfliu@pubinfo.com.cn
abuse-mailbox: antispam@dcb.hz.zj.cn
admin-c: CZ61-AP
tech-c: CZ61-AP
auth: # Filtered
mnt-by: MAINT-CHINANET-ZJ
changed: auto-dbm@dcb.hz.zj.cn 20101129
source: APNIC

role: CHINANET-ZJ Huzhou
address: No.18 Hongqi Road,Huzhou,Zhejiang.313000
country: CN
phone: +86-572-2022163
fax-no: +86-572-2210609
e-mail: anti_spam@mail.huptt.zj.cn
remarks: send spam reports to anti_spam@mail.huptt.zj.cn
remarks: and abuse reports to anti_spam@mail.huptt.zj.cn
remarks: Please include detailed information and times in UTC
admin-c: CH50-AP
tech-c: CH50-AP
nic-hdl: CH119-AP
mnt-by: MAINT-CHINANET-ZJ
changed: master@dcb.hz.zj.cn 20031204
source: APNIC
changed: hm-changed@apnic.net 20111114

person: Bing Bai
nic-hdl: BB324-AP
e-mail: anti_spam@mail.huptt.zj.cn
address: Huzhou,Zhejiang.Postcode:313000
phone: +86-13666633017
country: CN
changed: zjnoc_ip_3@163.com 20131107
mnt-by: MAINT-CN-CHINANET-ZJ-HU
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS3)

Lines containing IP:61.174.51.221 in /var/log/auth.log

Apr 29 19:49:35 vps3 sshd[30580]: reverse mapping checking getaddrinfo for 221.51.174.61.dial.wz.zj.dynamic.163data.com.cn [61.174.51.221] failed – POSSIBLE BREAK-IN ATTEMPT!
Apr 29 19:49:35 vps3 sshd[30580]: Invalid user admin from 61.174.51.221
Apr 29 19:49:35 vps3 sshd[30580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.174.51.221
Apr 29 19:49:37 vps3 sshd[30580]: Failed password for invalid user admin from 61.174.51.221 port 2346 ssh2
Apr 29 19:49:39 vps3 sshd[30580]: Failed password for invalid user admin from 61.174.51.221 port 2346 ssh2
Apr 29 19:49:42 vps3 sshd[30580]: Failed password for invalid user admin from 61.174.51.221 port 2346 ssh2
Apr 29 19:49:44 vps3 sshd[30580]: Failed password for invalid user admin from 61.174.51.221 port 2346 ssh2
Apr 29 19:49:46 vps3 sshd[30580]: Failed password for invalid user admin from 61.174.51.221 port 2346 ssh2
Apr 29 19:49:48 vps3 sshd[30580]: Failed password for invalid user admin from 61.174.51.221 port 2346 ssh2
Apr 29 19:49:48 vps3 sshd[30580]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.174.51.221