[bitfolk] Security incident: SSH dictionary attack

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 

Reply to this message
Author: Andy Smith
Date:  
Subject: [bitfolk] Security incident: SSH dictionary attack
04pOX/A6/tQZH"
Content-Disposition: inline
OpenPGP: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
X-URL: http://strugglers.net/wiki/User:Andy
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Sun,
    09 Dec 2012 08:10:31 +0000
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: andy@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
    spamd0.lon.bitfolk.com
X-Spam-Level: 
X-Spam-ASN: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS shortcircuit=no
    autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: [bitfolk] Security incident: SSH dictionary attack
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
    <mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
    <mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Sun, 09 Dec 2012 08:10:32 -0000



--7Yu04pOX/A6/tQZH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

In late November a customer's VPS was detected performing a high
rate of outbound SSH connections (~135/sec) to a wide range of IP
addresses. Their network access was suspended and they were
contacted and asked to investigate.

Unfortunately the customer never responded, so their BitFolk account
was closed and we will never know how they were compromised.

Cheers,
Andy

About this email:
https://tools.bitfolk.com/wiki/Security_incident_postings

--=20
http://bitfolk.com/ -- No-nonsense VPS hosting

--7Yu04pOX/A6/tQZH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAlDER3cACgkQIJm2TL8VSQtfUwCg5WgBO2fz6Yv3L6augemGYuVs
5EIAnjvm/bx6sUBWFEC4wqEPzifqC2mA
=o89W
-----END PGP SIGNATURE-----

--7Yu04pOX/A6/tQZH-- 


From andy@??? Sun Dec 09 09:03:46 2012
Received: from andy by mail.bitfolk.com with local (Exim 4.72)
    (envelope-from <andy@???>) id 1Thcna-0008Ep-1L
    for users@???; Sun, 09 Dec 2012 09:03:46 +0000
Date: Sun, 9 Dec 2012 09:03:46 +0000
From: Andy Smith <andy@???>
To: users@???
Message-ID: <20121209090345.GA3867@???>
References: <20121113083545.GD3867@???>
    <20121125172321.GW3867@???>
    <20121127160008.GZ3867@???>
MI
This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] Proposal: Security incidents postingsRe: [bitfolk] Christmas drinks in London->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)