Tag Archives: 60.173.26.104

[Fail2Ban] ssh: banned 60.173.26.104

China_Telecom_Logo.svgThe IP 60.173.26.104 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 60.173.26.104:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘60.166.0.0 – 60.175.255.255’

inetnum: 60.166.0.0 – 60.175.255.255
netname: CHINANET-AH
descr: CHINANET anhui province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
country: CN
admin-c: CH93-AP
tech-c: JW89-AP
mnt-by: APNIC-HM
mnt-routes: MAINT-CHINANET-AH
mnt-lower: MAINT-CHINANET-AH
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20040721
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
changed: zhengzm@gsta.com 20140227
mnt-by: MAINT-CHINANET
source: APNIC

person: Jinneng Wang
address: 17/F, Postal Building No.120 Changjiang
address: Middle Road, Hefei, Anhui, China
country: CN
phone: +86-551-2659073
fax-no: +86-551-2659287
e-mail: ahdata@189.cn
nic-hdl: JW89-AP
mnt-by: MAINT-CHINANET-AH
changed: wang@mail.hf.ah.cninfo.net 19990818
changed: hm-changed@apnic.net 20140221
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS4)

Lines containing IP:60.173.26.104 in /var/log/auth.log

May 6 12:24:04 vps3 sshd[1287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:05 vps3 sshd[1287]: Failed password for root from 60.173.26.104 port 13254 ssh2
May 6 12:24:05 vps3 sshd[1287]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]
May 6 12:24:08 vps3 sshd[1289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:11 vps3 sshd[1289]: Failed password for root from 60.173.26.104 port 14069 ssh2
May 6 12:24:11 vps3 sshd[1289]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]
May 6 12:24:13 vps3 sshd[1291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:15 vps3 sshd[1291]: Failed password for root from 60.173.26.104 port 14969 ssh2
May 6 12:24:16 vps3 sshd[1291]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]
May 6 12:24:18 vps3 sshd[1293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:20 vps3 sshd[1293]: Failed password for root from 60.173.26.104 port 15733 ssh2
May 6 12:24:20 vps3 sshd[1293]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]
May 6 12:24:23 vps3 sshd[1295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:24 vps3 sshd[1295]: Failed password for root from 60.173.26.104 port 16455 ssh2
May 6 12:24:25 vps3 sshd[1295]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]
May 6 12:24:27 vps3 sshd[1298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:29 vps3 sshd[1298]: Failed password for root from 60.173.26.104 port 17267 ssh2
May 6 12:24:29 vps3 sshd[1298]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]

The IP 60.173.26.104 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 60.173.26.104:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘60.166.0.0 – 60.175.255.255’

inetnum: 60.166.0.0 – 60.175.255.255
netname: CHINANET-AH
descr: CHINANET anhui province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
country: CN
admin-c: CH93-AP
tech-c: JW89-AP
mnt-by: APNIC-HM
mnt-routes: MAINT-CHINANET-AH
mnt-lower: MAINT-CHINANET-AH
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20040721
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
changed: zhengzm@gsta.com 20140227
mnt-by: MAINT-CHINANET
source: APNIC

person: Jinneng Wang
address: 17/F, Postal Building No.120 Changjiang
address: Middle Road, Hefei, Anhui, China
country: CN
phone: +86-551-2659073
fax-no: +86-551-2659287
e-mail: ahdata@189.cn
nic-hdl: JW89-AP
mnt-by: MAINT-CHINANET-AH
changed: wang@mail.hf.ah.cninfo.net 19990818
changed: hm-changed@apnic.net 20140221
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS4)

Lines containing IP:60.173.26.104 in /var/log/auth.log

May 6 12:24:04 vps3 sshd[1287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:05 vps3 sshd[1287]: Failed password for root from 60.173.26.104 port 13254 ssh2
May 6 12:24:05 vps3 sshd[1287]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]
May 6 12:24:08 vps3 sshd[1289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:11 vps3 sshd[1289]: Failed password for root from 60.173.26.104 port 14069 ssh2
May 6 12:24:11 vps3 sshd[1289]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]
May 6 12:24:13 vps3 sshd[1291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:15 vps3 sshd[1291]: Failed password for root from 60.173.26.104 port 14969 ssh2
May 6 12:24:16 vps3 sshd[1291]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]
May 6 12:24:18 vps3 sshd[1293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:20 vps3 sshd[1293]: Failed password for root from 60.173.26.104 port 15733 ssh2
May 6 12:24:20 vps3 sshd[1293]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]
May 6 12:24:23 vps3 sshd[1295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:24 vps3 sshd[1295]: Failed password for root from 60.173.26.104 port 16455 ssh2
May 6 12:24:25 vps3 sshd[1295]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]
May 6 12:24:27 vps3 sshd[1298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.104 user=root
May 6 12:24:29 vps3 sshd[1298]: Failed password for root from 60.173.26.104 port 17267 ssh2
May 6 12:24:29 vps3 sshd[1298]: Received disconnect from 60.173.26.104: 11: Normal Shutdown, Thank you for playing [preauth]