Ihatehackers password

93 views
Skip to first unread message

Leon van der Eijk

unread,
Nov 8, 2011, 12:37:43 PM11/8/11
to kippo...@googlegroups.com

Gents,

For some days the password ihatehackers is beeing used for kippo ssh attacks. SANS has a article online and some other kippo users are reporting similar events. What are you experiencing ?
Sent from my iPad

Justin Elze

unread,
Nov 8, 2011, 12:49:58 PM11/8/11
to kippo...@googlegroups.com
Someone obviously hates hackers...

More then likely there is a backdoored version of sshd out there maybe part of someone rootkit?


--
You received this message because you are subscribed to the Google Groups "kippo users" group.
To post to this group, send email to kippo...@googlegroups.com.
To unsubscribe from this group, send email to kippousers+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/kippousers?hl=en.




--
IMPORTANT NOTICE: This e-mail and any attachments thereto is intended only
for use by the individual or entity to whom it's addressed and may be
proprietary and/or legally privileged. If you are not the intended
recipient of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this email, and any attachments thereto, without
the prior written permission of the sender is strictly prohibited.   If you
receive this e-mail in error, please immediately telephone or e-mail the
sender and permanently delete the original copy and any copy of this
e-mail, and any printout thereof.

Charlie HUREL

unread,
Nov 8, 2011, 1:05:32 PM11/8/11
to kippo...@googlegroups.com
Hello,

Here is what i have (France Here) :
./kippo.log.2:2011-11-03 18:13:02+0100 [SSHService ssh-userauth on HoneyPotTransport,8783,99.13.226.154] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-03 19:02:29+0100 [SSHService ssh-userauth on HoneyPotTransport,8784,83.103.59.130] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-03 20:37:11+0100 [SSHService ssh-userauth on HoneyPotTransport,8785,218.1.67.151] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-03 21:24:12+0100 [SSHService ssh-userauth on HoneyPotTransport,8786,69.162.70.2] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 00:09:01+0100 [SSHService ssh-userauth on HoneyPotTransport,8787,83.3.229.114] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 00:54:24+0100 [SSHService ssh-userauth on HoneyPotTransport,8802,211.144.82.8] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 02:33:30+0100 [SSHService ssh-userauth on HoneyPotTransport,8803,219.240.36.108] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 03:27:37+0100 [SSHService ssh-userauth on HoneyPotTransport,8804,118.142.4.27] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 04:18:50+0100 [SSHService ssh-userauth on HoneyPotTransport,8805,64.251.14.116] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 06:50:53+0100 [SSHService ssh-userauth on HoneyPotTransport,8806,69.162.70.2] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 10:25:44+0100 [SSHService ssh-userauth on HoneyPotTransport,8807,189.14.99.226] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 11:17:59+0100 [SSHService ssh-userauth on HoneyPotTransport,8808,189.14.99.226] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 12:11:11+0100 [SSHService ssh-userauth on HoneyPotTransport,8809,202.100.80.21] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-04 20:57:25+0100 [SSHService ssh-userauth on HoneyPotTransport,8999,210.42.35.1] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-04 22:18:18+0100 [SSHService ssh-userauth on HoneyPotTransport,9000,210.42.35.1] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-04 23:40:14+0100 [SSHService ssh-userauth on HoneyPotTransport,9001,202.100.80.21] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-05 02:26:47+0100 [SSHService ssh-userauth on HoneyPotTransport,9002,222.73.41.52] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-05 05:20:20+0100 [SSHService ssh-userauth on HoneyPotTransport,9003,122.70.141.250] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-05 10:00:29+0100 [SSHService ssh-userauth on HoneyPotTransport,9004,69.162.70.2] login attempt [root/ihatehackers] failed

Charlie 

D malware collect

unread,
Nov 8, 2011, 3:11:53 PM11/8/11
to kippo...@googlegroups.com
Same here:

2011-11-04 19:44:00 gw6 60.195.249.67 root ihatehackers
2011-11-04 23:43:33 gw6 218.77.120.135 root ihatehackers
2011-11-05 01:06:05 gw6 202.100.80.21 root ihatehackers
2011-11-05 02:30:44 gw6 222.73.41.52 root ihatehackers

But there are other common passwords I see like:

Ki!l|iN6#Th3Ph03$%nix@NdR3b!irD KILLhackersF###KERS1234 etc

However, these two examples are part of full brute scans unlike the ihatehackers ones for which I only see one hit/try per IP and only this one password. Grtz.


2011/11/8 Charlie HUREL <cha...@hurel.info>
Reply all
Reply to author
Forward
0 new messages