Mailing List CGatePro@mail.stalker.com Message #92433
From: Marcel Hochuli <mhochuli@a-f.ch>
Subject: Feature-Request: Auto-Detect Hack Attempts
Date: Tue, 4 Sep 2007 12:05:19 +0200
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.752.2)
Auto-Detect Hack Attempts is a feature of Rumpus. Rumpus is a good choice for ftp- and http-filetransfer-servers (www.maxum.com).

It detects automatically guessing of usernames and / or passwords.

It will inform about actions with these two sentences:

The IP address 'ww.xx.yy.zz' has been added to the 'Blocked Clients' list because it appears that the client is attempting to guess a username and password.
To remove the address from the list, use the 'Blocked Clients' window in Rumpus.  To adjust the sensitivity of Rumpus to potential hack attempts, use the 'Hack Attempt Recognition' options on the 'Security' tab of the FTP Settings window.

-

I would like to see such a feature on CGP!

Last night, I had these log-entries (about 3000 over all):

05:40:15.524 1 FTP-000054([211.174.176.105]) failed to open 'abby'. Port:42474. Error=unknown user account
05:40:18.160 1 FTP-000054([211.174.176.105]) failed to open 'abby'. Port:42474. Error=unknown user account
05:40:20.802 1 FTP-000054([211.174.176.105]) failed to open 'abby'. Port:42474. Error=unknown user account
05:40:23.447 1 FTP-000054([211.174.176.105]) failed to open 'abigail'. Port:42474. Error=unknown user account
05:40:26.087 1 FTP-000054([211.174.176.105]) failed to open 'abigail'. Port:42474. Error=unknown user account
05:40:29.365 1 FTP-000055([211.174.176.105]) failed to open 'abigail'. Port:53457. Error=unknown user account
05:40:32.000 1 FTP-000055([211.174.176.105]) failed to open 'abraham'. Port:53457. Error=unknown user account
05:40:34.637 1 FTP-000055([211.174.176.105]) failed to open 'abraham'. Port:53457. Error=unknown user account
05:40:39.101 1 FTP-000055([211.174.176.105]) failed to open 'abraham'. Port:53457. Error=unknown user account
05:40:51.341 1 FTP-000056([211.174.176.105]) failed to open 'access'. Port:37990. Error=unknown user account
05:40:53.983 1 FTP-000056([211.174.176.105]) failed to open 'access'. Port:37990. Error=unknown user account
05:40:56.622 1 FTP-000056([211.174.176.105]) failed to open 'access'. Port:37990. Error=unknown user account
05:40:59.929 1 FTP-000057([211.174.176.105]) failed to open 'account'. Port:48577. Error=unknown user account
05:41:04.426 1 FTP-000057([211.174.176.105]) failed to open 'account'. Port:48577. Error=unknown user account
05:41:07.065 1 FTP-000057([211.174.176.105]) failed to open 'account'. Port:48577. Error=unknown user account
05:41:09.701 1 FTP-000057([211.174.176.105]) failed to open 'accounts'. Port:48577. Error=unknown user account
05:41:12.343 1 FTP-000057([211.174.176.105]) failed to open 'accounts'. Port:48577. Error=unknown user account
05:41:18.426 1 FTP-000058([211.174.176.105]) failed to open 'accounts'. Port:60912. Error=unknown user account

…and so on till…

08:03:35.223 1 FTP-000647([211.174.176.105]) failed to open 'winston'. Port:44083. Error=unknown user account
08:03:37.861 1 FTP-000647([211.174.176.105]) failed to open 'winston'. Port:44083. Error=unknown user account
08:03:40.505 1 FTP-000647([211.174.176.105]) failed to open 'winston'. Port:44083. Error=unknown user account
08:03:45.393 1 FTP-000648([211.174.176.105]) failed to open 'www'. Port:58881. Error=unknown user account
08:03:48.031 1 FTP-000648([211.174.176.105]) failed to open 'www'. Port:58881. Error=unknown user account
08:03:50.668 1 FTP-000648([211.174.176.105]) failed to open 'www'. Port:58881. Error=unknown user account
08:03:53.312 1 FTP-000648([211.174.176.105]) failed to open 'xavier'. Port:58881. Error=unknown user account
08:03:55.949 1 FTP-000648([211.174.176.105]) failed to open 'xavier'. Port:58881. Error=unknown user account
08:03:59.235 1 FTP-000649([211.174.176.105]) failed to open 'xavier'. Port:42858. Error=unknown user account
08:04:01.910 1 FTP-000649([211.174.176.105]) failed to open 'zachary'. Port:42858. Error=unknown user account
08:04:04.550 1 FTP-000649([211.174.176.105]) failed to open 'zachary'. Port:42858. Error=unknown user account
08:04:07.195 1 FTP-000649([211.174.176.105]) failed to open 'zachary'. Port:42858. Error=unknown user account
08:04:09.830 1 FTP-000649([211.174.176.105]) failed to open 'zack'. Port:42858. Error=unknown user account
08:04:13.107 1 FTP-000650([211.174.176.105]) failed to open 'zack'. Port:51972. Error=unknown user account
08:04:15.750 1 FTP-000650([211.174.176.105]) failed to open 'zack'. Port:51972. Error=unknown user account
08:04:18.387 1 FTP-000650([211.174.176.105]) failed to open 'zackary'. Port:51972. Error=unknown user account
08:04:21.023 1 FTP-000650([211.174.176.105]) failed to open 'zackary'. Port:51972. Error=unknown user account
08:04:23.659 1 FTP-000650([211.174.176.105]) failed to open 'zackary'. Port:51972. Error=unknown user account

Earlier, I also recorded thousands of entries like this:

05:54:56.790 1 POP-020808([213.92.78.231]) failed to open 'aaron'. Port:2911. Error=unknown user account
05:54:56.908 1 POP-020809([213.92.78.231]) failed to open 'abby'. Port:2913. Error=unknown user account
05:54:57.017 1 POP-020810([213.92.78.231]) failed to open 'abigail'. Port:2915. Error=unknown user account
05:54:57.126 1 POP-020811([213.92.78.231]) failed to open 'abraham'. Port:2917. Error=unknown user account
05:54:57.360 1 POP-020813([213.92.78.231]) failed to open 'access'. Port:2921. Error=unknown user account
05:54:57.485 1 POP-020814([213.92.78.231]) failed to open 'account'. Port:2923. Error=unknown user account
05:54:57.595 1 POP-020815([213.92.78.231]) failed to open 'accounts'. Port:2925. Error=unknown user account
05:54:57.704 1 POP-020816([213.92.78.231]) failed to open 'adam'. Port:2927. Error=unknown user account
05:54:57.813 1 POP-020817([213.92.78.231]) failed to open 'adm'. Port:2929. Error=unknown user account
05:54:57.938 1 POP-020818([213.92.78.231]) failed to open 'admin'. Port:2931. Error=unknown user account
05:54:58.050 1 POP-020819([213.92.78.231]) failed to open 'admin2'. Port:2933. Error=unknown user account
05:54:58.157 1 POP-020820([213.92.78.231]) failed to open 'adrian'. Port:2935. Error=unknown user account
05:54:58.283 1 POP-020821([213.92.78.231]) failed to open 'aerial'. Port:2937. Error=unknown user account
05:54:58.395 1 POP-020822([213.92.78.231]) failed to open 'agent'. Port:2939. Error=unknown user account
05:54:58.501 1 POP-020823([213.92.78.231]) failed to open 'alan'. Port:2941. Error=unknown user account

Or these with different passwords (also thousands of entries):

08:11:50.259 1 FTP-001184([218.10.251.197]) failed to open 'Administrator'. Port:53440. Error=unknown user account
08:11:53.151 1 FTP-001184([218.10.251.197]) failed to open 'Administrator'. Port:53440. Error=unknown user account
08:11:55.993 1 FTP-001184([218.10.251.197]) failed to open 'Administrator'. Port:53440. Error=unknown user account
08:11:58.803 1 FTP-001184([218.10.251.197]) failed to open 'Administrator'. Port:53440. Error=unknown user account
08:12:01.642 1 FTP-001184([218.10.251.197]) failed to open 'Administrator'. Port:53440. Error=unknown user account
08:12:05.327 1 FTP-001185([218.10.251.197]) failed to open 'Administrator'. Port:54463. Error=unknown user account
08:12:08.150 1 FTP-001185([218.10.251.197]) failed to open 'Administrator'. Port:54463. Error=unknown user account
08:12:10.965 1 FTP-001185([218.10.251.197]) failed to open 'Administrator'. Port:54463. Error=unknown user account
08:12:13.796 1 FTP-001185([218.10.251.197]) failed to open 'Administrator'. Port:54463. Error=unknown user account
08:12:16.686 1 FTP-001185([218.10.251.197]) failed to open 'Administrator'. Port:54463. Error=unknown user account
08:12:20.376 1 FTP-001186([218.10.251.197]) failed to open 'Administrator'. Port:55509. Error=unknown user account
08:12:23.226 1 FTP-001186([218.10.251.197]) failed to open 'Administrator'. Port:55509. Error=unknown user account
08:12:26.079 1 FTP-001186([218.10.251.197]) failed to open 'Administrator'. Port:55509. Error=unknown user account
08:12:28.912 1 FTP-001186([218.10.251.197]) failed to open 'Administrator'. Port:55509. Error=unknown user account
08:12:31.747 1 FTP-001186([218.10.251.197]) failed to open 'Administrator'. Port:55509. Error=unknown user account
08:12:35.440 1 FTP-001187([218.10.251.197]) failed to open 'Administrator'. Port:56585. Error=unknown user account



Marcel


+---
mailto:mhochuli@a-f.ch
otherto:noway@a-f.ch
___________________________________


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster