Just Give Me the Beans!
Hello All,
I am new to Linux/Ubuntu and I have setup a Ubuntu/Lamp box and I was just looking through the apache2 log file and i have a lot of lines that read 70.63.86.162 - - [14/Sep/2008:11:38:09 -0500] "GET /~fareeda/ HTTP/1.1" 404 319 "-" "-". There is a long list of these and it seems that it's an alpabetical list of poetntial user names. That is just one line of many. What is this? What does it mean? Is this an attempted hack?
Thanks.
Ubuntu loves me...
Possibly... crackers use "dictionary files" to brute-force login/password combos and the like. How many such entries are there in the log?Originally Posted by mregister
That IP address 70.63.86.162 is in a block registered to "Cape Fear Community College". Is that a real college? Does it mean anything to you? Or anyone else?
Last edited by t0p; September 15th, 2008 at 07:38 PM.
"All people are scum. No matter what they look like." ~ Spider Jerusalem, Transmetropolitan #4
Just Give Me the Beans!
there are a lot. It looks like a dictionary. They start with A and all the way through, just about every name there is. No the college does not mean anything to me. How did you find out what block it comes from. How do I stop that kind of attack. Wow I have a lot to learn.
Dipped in Ubuntu
Crazy! Is there any way to have ubuntu automatically check for brute force attacks? Say maybe it informs you that there have been a certain number of failed login attempts... at the GUI level... not console.
Ubuntu addict and loving it
the absolute beginners section might not be the right place for this
try the security section - http://ubuntuforums.org/forumdisplay.php?f=338
they have all the knowledge you need...
Walking moon
See this link :
http://ubuntuforums.org/showthread.php?t=919472
Truth is these kinds of things are very common, take a look at ssh if you run it.
If I see a persistent IP -> black list the IP with iptables (UFW).
https://help.ubuntu.com/community/Un...ocking%20Rules
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
Frothy Coffee!
concider using ".htaccess" to protect your dirrectory, and you can also block alot of known bad BOTS with it.
"A bill of rights is what the people are entitled to against every government on earth, general or particular, and what no just government should refuse, or rest on inference."- Thomas Jefferson
Frothy Coffee!
google shows that ip being used alot for wierd stuff and strange user names.
"A bill of rights is what the people are entitled to against every government on earth, general or particular, and what no just government should refuse, or rest on inference."- Thomas Jefferson
May the Ubuntu Be With You!
OrgName: Road Runner HoldCo LLC
OrgID: RCMS
Address: 13241 Woodland Park Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
I get that with a whois lookup
Our only ignorance is our own intelligence
Linux Is not Windows | Atheros 5007 Wifi Chipset Hardy (8.04LTS) Install|
Linux user number 479043 | Ubuntu User number is # 24065
Just Give Me the Beans!
thanks I will read that
Posting Permissions
Adv Reply
Bookmarks