Ihatehackers password

Skip to first unread message

Leon van der Eijk

Nov 8, 2011, 12:37:43 PM11/8/11
to kippo...@googlegroups.com


For some days the password ihatehackers is beeing used for kippo ssh attacks. SANS has a article online and some other kippo users are reporting similar events. What are you experiencing ?
Sent from my iPad

Justin Elze

Nov 8, 2011, 12:49:58 PM11/8/11
to kippo...@googlegroups.com
Someone obviously hates hackers...

More then likely there is a backdoored version of sshd out there maybe part of someone rootkit?

You received this message because you are subscribed to the Google Groups "kippo users" group.
To post to this group, send email to kippo...@googlegroups.com.
To unsubscribe from this group, send email to kippousers+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/kippousers?hl=en.

IMPORTANT NOTICE: This e-mail and any attachments thereto is intended only
for use by the individual or entity to whom it's addressed and may be
proprietary and/or legally privileged. If you are not the intended
recipient of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this email, and any attachments thereto, without
the prior written permission of the sender is strictly prohibited.   If you
receive this e-mail in error, please immediately telephone or e-mail the
sender and permanently delete the original copy and any copy of this
e-mail, and any printout thereof.

Charlie HUREL

Nov 8, 2011, 1:05:32 PM11/8/11
to kippo...@googlegroups.com

Here is what i have (France Here) :
./kippo.log.2:2011-11-03 18:13:02+0100 [SSHService ssh-userauth on HoneyPotTransport,8783,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-03 19:02:29+0100 [SSHService ssh-userauth on HoneyPotTransport,8784,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-03 20:37:11+0100 [SSHService ssh-userauth on HoneyPotTransport,8785,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-03 21:24:12+0100 [SSHService ssh-userauth on HoneyPotTransport,8786,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 00:09:01+0100 [SSHService ssh-userauth on HoneyPotTransport,8787,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 00:54:24+0100 [SSHService ssh-userauth on HoneyPotTransport,8802,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 02:33:30+0100 [SSHService ssh-userauth on HoneyPotTransport,8803,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 03:27:37+0100 [SSHService ssh-userauth on HoneyPotTransport,8804,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 04:18:50+0100 [SSHService ssh-userauth on HoneyPotTransport,8805,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 06:50:53+0100 [SSHService ssh-userauth on HoneyPotTransport,8806,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 10:25:44+0100 [SSHService ssh-userauth on HoneyPotTransport,8807,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 11:17:59+0100 [SSHService ssh-userauth on HoneyPotTransport,8808,] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 12:11:11+0100 [SSHService ssh-userauth on HoneyPotTransport,8809,] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-04 20:57:25+0100 [SSHService ssh-userauth on HoneyPotTransport,8999,] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-04 22:18:18+0100 [SSHService ssh-userauth on HoneyPotTransport,9000,] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-04 23:40:14+0100 [SSHService ssh-userauth on HoneyPotTransport,9001,] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-05 02:26:47+0100 [SSHService ssh-userauth on HoneyPotTransport,9002,] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-05 05:20:20+0100 [SSHService ssh-userauth on HoneyPotTransport,9003,] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-05 10:00:29+0100 [SSHService ssh-userauth on HoneyPotTransport,9004,] login attempt [root/ihatehackers] failed


D malware collect

Nov 8, 2011, 3:11:53 PM11/8/11
to kippo...@googlegroups.com
Same here:

2011-11-04 19:44:00 gw6 root ihatehackers
2011-11-04 23:43:33 gw6 root ihatehackers
2011-11-05 01:06:05 gw6 root ihatehackers
2011-11-05 02:30:44 gw6 root ihatehackers

But there are other common passwords I see like:

Ki!l|iN6#Th3Ph03$%nix@NdR3b!irD KILLhackersF###KERS1234 etc

However, these two examples are part of full brute scans unlike the ihatehackers ones for which I only see one hit/try per IP and only this one password. Grtz.

2011/11/8 Charlie HUREL <cha...@hurel.info>
Reply all
Reply to author
0 new messages