Tag Archives: 168.63.211.215

[Fail2Ban] ssh: banned 168.63.211.215

Hi,

The IP 168.63.211.215 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 168.63.211.215:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=168.63.211.215?showDetails=true&showARIN=false&ext=netref2
#

NetRange: 168.61.0.0 – 168.63.255.255
CIDR: 168.62.0.0/15, 168.61.0.0/16
OriginAS:
NetName: MICROSOFT
NetHandle: NET-168-61-0-0-1
Parent: NET-168-0-0-0-0
NetType: Direct Assignment
RegDate: 2011-06-22
Updated: 2013-08-20
Ref: http://whois.arin.net/rest/net/NET-168-61-0-0-1

OrgName: Microsoft Corp
OrgId: MSFT-Z
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 2011-06-22
Updated: 2013-10-03
Comment: To report suspected security issues specific to
Comment: traffic emanating from Microsoft online services,
Comment: including the distribution of malicious content
Comment: or other illicit or illegal material through a
Comment: Microsoft online service, please submit reports
Comment: to:
Comment: * https://cert.microsoft.com.
Comment:
Comment: For SPAM and other abuse issues, such as Microsoft
Comment: Accounts, please contact:
Comment: * abuse@microsoft.com.
Comment:
Comment: To report security vulnerabilities in Microsoft
Comment: products and services, please contact:
Comment: * secure@microsoft.com.
Comment:
Comment: For legal and law enforcement-related requests,
Comment: please contact:
Comment: * msndcc@microsoft.com
Comment:
Comment: For routing, peering or DNS issues, please
Comment: contact:
Comment: * IOC@microsoft.com
Ref: http://whois.arin.net/rest/org/MSFT-Z

OrgTechHandle: MRPD-ARIN
OrgTechName: Microsoft Routing, Peering, and DNS
OrgTechPhone: +1-425-882-8080
OrgTechEmail: IOC@microsoft.com
OrgTechRef: http://whois.arin.net/rest/poc/MRPD-ARIN

OrgAbuseHandle: MAC74-ARIN
OrgAbuseName: Microsoft Abuse Contact
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com
OrgAbuseRef: http://whois.arin.net/rest/poc/MAC74-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

Lines containing IP:168.63.211.215 in /var/log/auth.log

Apr 22 17:33:59 vps3 sshd[26047]: Did not receive identification string from 168.63.211.215
Apr 22 17:34:20 vps3 sshd[26048]: Invalid user admin from 168.63.211.215
Apr 22 17:34:20 vps3 sshd[26048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215
Apr 22 17:34:22 vps3 sshd[26048]: Failed password for invalid user admin from 168.63.211.215 port 1050 ssh2
Apr 22 17:34:42 vps3 sshd[26051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215 user=root
Apr 22 17:34:45 vps3 sshd[26051]: Failed password for root from 168.63.211.215 port 1049 ssh2
Apr 22 17:35:19 vps3 sshd[26053]: Invalid user guest from 168.63.211.215
Apr 22 17:35:19 vps3 sshd[26053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215
Apr 22 17:35:20 vps3 sshd[26053]: Failed password for invalid user guest from 168.63.211.215 port 1050 ssh2
Apr 22 17:36:10 vps3 sshd[26056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215 user=uucp
Apr 22 17:36:12 vps3 sshd[26056]: Failed password for uucp from 168.63.211.215 port 1040 ssh2

Regards,

Fail2Ban