自宅鯖にて
(nni's blog) 情報元:[>>
誠天調書: 奴隷労働]
ここを見て、ウチも自分onlyで使ってる自宅FTPサーバーがあるのでログを見てみた。
・・・
なんか10月末あたりからちょくちょく一日3Mbyteオーバーなログが;;
[L 2006/11/14 8:17:50][624 ] Connect from 58.56.77.68
[M 2006/11/14 8:17:50][624 ] USER Administrator
[R 2006/11/14 8:17:50][624 Administrator ] 331 User name okay, need password.
[M 2006/11/14 8:17:50][624 Administrator ] PASS Administrator
[R 2006/11/14 8:17:50][624 Administrator ] 530 Account not exist.
[C 2006/11/14 8:17:50][624 Administrator ] login denied. account "Administrator" not exist.
[M 2006/11/14 8:17:51][624 Administrator ] USER Administrator
[R 2006/11/14 8:17:51][624 Administrator ] 331 User name okay, need password.
[M 2006/11/14 8:17:51][624 Administrator ] PASS administrator
[R 2006/11/14 8:17:51][624 Administrator ] 530 Account not exist.
[C 2006/11/14 8:17:51][624 Administrator ] login denied. account "Administrator" not exist.
[M 2006/11/14 8:17:51][624 Administrator ] USER Administrator
[R 2006/11/14 8:17:51][624 Administrator ] 331 User name okay, need password.
[M 2006/11/14 8:17:51][624 Administrator ] PASS administrateur
[R 2006/11/14 8:17:51][624 Administrator ] 530 Account not exist.
[C 2006/11/14 8:17:51][624 Administrator ] login denied. account "Administrator" not exist.
[M 2006/11/14 8:17:51][624 Administrator ] USER Administrator
[R 2006/11/14 8:17:51][624 Administrator ] 331 User name okay, need password.
[M 2006/11/14 8:17:51][624 Administrator ] PASS "NULL"
[R 2006/11/14 8:17:51][624 Administrator ] 530 Account not exist.
[C 2006/11/14 8:17:51][624 Administrator ] login denied. account "Administrator" not exist.
[M 2006/11/14 8:17:51][624 Administrator ] USER Administrator
[R 2006/11/14 8:17:51][624 Administrator ] 331 User name okay, need password.
[M 2006/11/14 8:17:51][624 Administrator ] PASS qwerty
[R 2006/11/14 8:17:51][624 Administrator ] 530 Account not exist.
[C 2006/11/14 8:17:51][624 Administrator ] login denied. account "Administrator" not exist.
〜以下略〜
うちにも来てたーw
もちろん Administrator なんてバレバレなIDは登録していないので入られる事は無いのだけど;;
コイツは辞書総当たりのBOTで一時間ほどで立ち去ったのだけどその間15,890回もアタックしてやがった。
予想はつくけれど一体どこから来てるか調べてみると
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 58.56.0.0 - 58.59.127.255
netname: CHINANET-SD
descr: CHINANET SHANDONG PROVINCE NETWORK
descr: Shandong Telecom Corporation
descr: No.999,Shunhua road,Jinan,Shandong
country: CN → (中国)
admin-c: XR55-AP
tech-c: CH93-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-SD
mnt-routes: MAINT-CHINANET-SD
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-
changed: hm-changed@apnic.net 20050622
changed: hm-changed@apnic.net 20060605
source: APNIC
ヾ( ゜д゜)ノ゛シナチクー
まぁこんなアクセスはFTPサーバーを建て始めた当初からたまにあったのだけど、10月下旬くらいから急に頻度が増えてた。
今度ちゃんとIPでアクセス制限しておこっと。