PaulDotCom mailing list archives

http://twitter.com/sotohide_log

From: xgermx at gmail.com (xgermx)
Date: Tue, 29 Dec 2009 08:31:02 -0600

Just so we're clear, I don't think this is the attackers SSH brute force
logs; this is someone defending against it. Keep in mind how I found his
page in the first place, by googling my attackers IP which was prefixed with
"sshd[]: refused connect" in his Twitter stream. Additionally, if you google
other IPs in his logs, most are on http://www.sshbl.org/ (the SSH blacklist)
.


On Mon, Dec 28, 2009 at 3:00 PM, Scott Webster <websterstech at gmail.com>wrote:

 Interesting?.



*From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:
pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *xgermx
*Sent:* Monday, December 28, 2009 11:35 AM

*To:* PaulDotCom Security Weekly Mailing List
*Subject:* Re: [Pauldotcom] http://twitter.com/sotohide_log



I'm interested in who's following that account. Someone should follow/DM
them.

On Mon, Dec 28, 2009 at 12:12 PM, Scott Webster <websterstech at gmail.com>
wrote:

Its been running from 10/9/2009, using perl net. And not very productive,
the times seem random.



*From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:
pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *xgermx
*Sent:* Monday, December 28, 2009 8:46 AM


*To:* PaulDotCom Security Weekly Mailing List

*Subject:* [Pauldotcom] http://twitter.com/sotohide_log



So I was checking some of my web server logs and I ran across an SHH brute
force attack coming from a Chinese IP. Upon googling the IP I find this
http://twitter.com/sotohide_log
Does anyone have any insight?


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091229/27d34bdc/attachment.htm

Current thread:

http://twitter.com/sotohide_log xgermx (Dec 28)
- http://twitter.com/sotohide_log John Strand (Dec 28)
  - http://twitter.com/sotohide_log Rob Fuller (Dec 28)
- http://twitter.com/sotohide_log Butturini, Russell (Dec 28)
- http://twitter.com/sotohide_log Michael Miller (Dec 28)
  - http://twitter.com/sotohide_log Brett Hoff (Dec 28)
- http://twitter.com/sotohide_log Scott Webster (Dec 28)
  - http://twitter.com/sotohide_log infolookup at gmail.com (Dec 28)
  - http://twitter.com/sotohide_log xgermx (Dec 28)
    - http://twitter.com/sotohide_log Scott Webster (Dec 28)
    - http://twitter.com/sotohide_log xgermx (Dec 29)
  - http://twitter.com/sotohide_log Nicholas B. (Dec 28)
    - http://twitter.com/sotohide_log xgermx (Dec 28)
- http://twitter.com/sotohide_log Dennis Lavrinenko (Dec 28)
  - http://twitter.com/sotohide_log Jason Jones (Dec 28)
  - http://twitter.com/sotohide_log Dan McGinn-Combs (Dec 28)
- http://twitter.com/sotohide_log Robert Miller (Dec 28)