Ihatehackers password
99 views
Skip to first unread message
Leon van der Eijk
Nov 8, 2011, 12:37:43 PM11/8/11
to kippo...@googlegroups.com
Gents,
For some days the password ihatehackers is beeing used for kippo ssh attacks. SANS has a article online and some other kippo users are reporting similar events. What are you experiencing ?
Sent from my iPad
Justin Elze
Nov 8, 2011, 12:49:58 PM11/8/11
to kippo...@googlegroups.com
Someone obviously hates hackers...
More then likely there is a backdoored version of sshd out there maybe part of someone rootkit?
--
IMPORTANT NOTICE: This e-mail and any attachments thereto is intended only
for use by the individual or entity to whom it's addressed and may be
proprietary and/or legally privileged. If you are not the intended
recipient of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this email, and any attachments thereto, without
the prior written permission of the sender is strictly prohibited. If you
receive this e-mail in error, please immediately telephone or e-mail the
sender and permanently delete the original copy and any copy of this
e-mail, and any printout thereof.
More then likely there is a backdoored version of sshd out there maybe part of someone rootkit?
--
You received this message because you are subscribed to the Google Groups "kippo users" group.
To post to this group, send email to kippo...@googlegroups.com.
To unsubscribe from this group, send email to kippousers+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/kippousers?hl=en.
--
IMPORTANT NOTICE: This e-mail and any attachments thereto is intended only
for use by the individual or entity to whom it's addressed and may be
proprietary and/or legally privileged. If you are not the intended
recipient of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this email, and any attachments thereto, without
the prior written permission of the sender is strictly prohibited. If you
receive this e-mail in error, please immediately telephone or e-mail the
sender and permanently delete the original copy and any copy of this
e-mail, and any printout thereof.
Charlie HUREL
Nov 8, 2011, 1:05:32 PM11/8/11
to kippo...@googlegroups.com
Hello,
Here is what i have (France Here) :
Charlie
./kippo.log.2:2011-11-03 18:13:02+0100 [SSHService ssh-userauth on HoneyPotTransport,8783,99.13.226.154] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-03 19:02:29+0100 [SSHService ssh-userauth on HoneyPotTransport,8784,83.103.59.130] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-03 20:37:11+0100 [SSHService ssh-userauth on HoneyPotTransport,8785,218.1.67.151] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-03 21:24:12+0100 [SSHService ssh-userauth on HoneyPotTransport,8786,69.162.70.2] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 00:09:01+0100 [SSHService ssh-userauth on HoneyPotTransport,8787,83.3.229.114] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 00:54:24+0100 [SSHService ssh-userauth on HoneyPotTransport,8802,211.144.82.8] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 02:33:30+0100 [SSHService ssh-userauth on HoneyPotTransport,8803,219.240.36.108] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 03:27:37+0100 [SSHService ssh-userauth on HoneyPotTransport,8804,118.142.4.27] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 04:18:50+0100 [SSHService ssh-userauth on HoneyPotTransport,8805,64.251.14.116] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 06:50:53+0100 [SSHService ssh-userauth on HoneyPotTransport,8806,69.162.70.2] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 10:25:44+0100 [SSHService ssh-userauth on HoneyPotTransport,8807,189.14.99.226] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 11:17:59+0100 [SSHService ssh-userauth on HoneyPotTransport,8808,189.14.99.226] login attempt [root/ihatehackers] failed
./kippo.log.2:2011-11-04 12:11:11+0100 [SSHService ssh-userauth on HoneyPotTransport,8809,202.100.80.21] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-04 20:57:25+0100 [SSHService ssh-userauth on HoneyPotTransport,8999,210.42.35.1] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-04 22:18:18+0100 [SSHService ssh-userauth on HoneyPotTransport,9000,210.42.35.1] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-04 23:40:14+0100 [SSHService ssh-userauth on HoneyPotTransport,9001,202.100.80.21] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-05 02:26:47+0100 [SSHService ssh-userauth on HoneyPotTransport,9002,222.73.41.52] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-05 05:20:20+0100 [SSHService ssh-userauth on HoneyPotTransport,9003,122.70.141.250] login attempt [root/ihatehackers] failed
./kippo.log.1:2011-11-05 10:00:29+0100 [SSHService ssh-userauth on HoneyPotTransport,9004,69.162.70.2] login attempt [root/ihatehackers] failed
D malware collect
Nov 8, 2011, 3:11:53 PM11/8/11
to kippo...@googlegroups.com
Same here: 2011-11-04 19:44:00 gw6 60.195.249.67 root ihatehackers 2011-11-04 23:43:33 gw6 218.77.120.135 root ihatehackers 2011-11-05 01:06:05 gw6 202.100.80.21 root ihatehackers 2011-11-05 02:30:44 gw6 222.73.41.52 root ihatehackers But there are other common passwords I see like:
Ki!l|iN6#Th3Ph03$%nix@NdR3b!irD KILLhackersF###KERS1234 etc
However, these two examples are part of full brute scans unlike the ihatehackers ones for which I only see one hit/try per IP and only this one password. Grtz.
2011/11/8 Charlie HUREL <cha...@hurel.info>
Reply all
Reply to author
Forward
0 new messages