[Novalug] POSSIBLE BREAK-IN in auth.log via ssh
novalugml at jgcomp.com
Fri Feb 13 09:56:04 EST 2009
On Fri, Feb 13, 2009 at 04:19:49AM -0500, Norman Bird wrote:
> This is interesting all,
> When I sent this to the lists I sent it to novolug and debian-user,
> i just queried the IP address that was trying to hack me and it came up on
> google. It was my question I asked the list on the internet, on this site:
> it appears that my question tot he list and maybe all questions to the list
> I dunno, are pushed out to the internet where the world can query it.
> Maybe I'm just a newbie but I had no idea. Just thought I would mention
> that. Anyone got any filler on this?
Just a similar observation.
When forming my reply I did a little research on the attacker's IP
address in your logfiles using the ARIN database and simple tools
like whois, dig, ... Didn't come up with anything particularly
interesting so I decided to google the domain the of the attacker,
Not only was your question in google's hit list, it was number one.
Jon H. LaBadie jon at jgcomp.com
12027 Creekbend Drive (703) 787-0884
Reston, VA 20194 (703) 787-0922 (fax)
More information about the Novalug