Category Archives: OVH

[Fail2Ban] ssh: banned 87.98.252.201

Hi,

The IP 87.98.252.201 has just been banned by Fail2Ban after
7 attempts against ssh.

Here are more information about 87.98.252.201:

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘87.98.252.0 – 87.98.253.255’

% Abuse contact for ‘87.98.252.0 – 87.98.253.255’ is ‘abuse@ovh.net’

inetnum: 87.98.252.0 – 87.98.253.255
netname: BE-OVH
descr: OVH BE
country: BE
org: ORG-OB10-RIPE
admin-c: OK217-RIPE
tech-c: OTC2-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
source: RIPE # Filtered

organisation: ORG-OB10-RIPE
org-name: OVH BE
org-type: OTHER
address: InterXion Belgium N.V.
address: Wezembeekstraat 2
address: 1930 Zaventem
address: Belgium
abuse-mailbox: abuse@ovh.net
mnt-ref: OVH-MNT
mnt-by: OVH-MNT
source: RIPE # Filtered

role: OVH Technical Contact
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
admin-c: OK217-RIPE
tech-c: GM84-RIPE
nic-hdl: OTC2-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
source: RIPE # Filtered

person: Octave Klaba
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
phone: +33 9 74 53 13 23
nic-hdl: OK217-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
source: RIPE # Filtered

% Information related to ‘87.98.128.0/17AS16276’

route: 87.98.128.0/17
descr: OVH ISP
descr: Paris, France
origin: AS16276
mnt-by: OVH-MNT
source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.72 (DBC-WHOIS1)

Lines containing IP:87.98.252.201 in /var/log/auth.log

Apr 26 21:46:52 vps3 sshd[3312]: Failed password for root from 87.98.252.201 port 50578 ssh2
Apr 26 21:46:52 vps3 sshd[3312]: Received disconnect from 87.98.252.201: 11: Bye Bye [preauth]
Apr 26 21:46:53 vps3 sshd[3314]: Invalid user ghost from 87.98.252.201
Apr 26 21:46:55 vps3 sshd[3314]: Failed password for invalid user ghost from 87.98.252.201 port 52990 ssh2
Apr 26 21:46:55 vps3 sshd[3314]: Received disconnect from 87.98.252.201: 11: Bye Bye [preauth]
Apr 26 21:46:58 vps3 sshd[3316]: Failed password for root from 87.98.252.201 port 54702 ssh2
Apr 26 21:46:58 vps3 sshd[3316]: Received disconnect from 87.98.252.201: 11: Bye Bye [preauth]
Apr 26 21:47:00 vps3 sshd[3318]: Failed password for root from 87.98.252.201 port 56588 ssh2
Apr 26 21:47:01 vps3 sshd[3318]: Received disconnect from 87.98.252.201: 11: Bye Bye [preauth]
Apr 26 21:47:04 vps3 sshd[3320]: Failed password for root from 87.98.252.201 port 57864 ssh2
Apr 26 21:47:04 vps3 sshd[3320]: Received disconnect from 87.98.252.201: 11: Bye Bye [preauth]
Apr 26 21:47:05 vps3 sshd[3322]: Invalid user syslog from 87.98.252.201
Apr 26 21:47:07 vps3 sshd[3322]: Failed password for invalid user syslog from 87.98.252.201 port 59742 ssh2