Fail2ban attacker

Discussion in 'General' started by Toucan, Oct 5, 2010.

  1. Toucan

    Toucan New Member

    Fail2ban constantly reports warnings banning ip addresses. This eventually causes apache to stop responding and needs restarting. Am I being attacked constantly? I had a look at the IP address of one of the banned entries and it appears to be DCS Pacific which looks like a hosting company. Surely another hosting company isn't trying to crash my server?? I am the only person with legitimate ssh access to my servers.

    Does anyone else experience this?


    2010-10-03 10:45:33,659 fail2ban.actions: WARNING [ssh] Unban 206.217.137.184
    2010-10-03 10:49:12,675 fail2ban.actions: WARNING [ssh] Unban 41.130.234.116
    2010-10-03 17:27:00,003 fail2ban.jail : INFO Jail 'ssh' stopped
    2010-10-03 17:35:42,507 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
    2010-10-03 17:35:42,526 fail2ban.jail : INFO Creating new jail 'ssh'
    2010-10-03 17:35:42,526 fail2ban.jail : INFO Jail 'ssh' uses poller
    2010-10-03 17:35:42,774 fail2ban.filter : INFO Added logfile = /var/log/auth.log
    2010-10-03 17:35:42,776 fail2ban.filter : INFO Set maxRetry = 6
    2010-10-03 17:35:42,777 fail2ban.filter : INFO Set findtime = 600
    2010-10-03 17:35:42,778 fail2ban.actions: INFO Set banTime = 600
    2010-10-03 17:35:42,886 fail2ban.jail : INFO Jail 'ssh' started
    2010-10-03 18:34:25,050 fail2ban.actions: WARNING [ssh] Ban 78.101.169.35
    2010-10-03 18:44:25,066 fail2ban.actions: WARNING [ssh] Unban 78.101.169.35
    2010-10-03 20:07:33,090 fail2ban.actions: WARNING [ssh] Ban 83.237.215.84
    2010-10-03 20:17:33,158 fail2ban.actions: WARNING [ssh] Unban 83.237.215.84
    2010-10-03 20:45:37,178 fail2ban.actions: WARNING [ssh] Ban 94.179.99.171
    2010-10-03 20:55:37,210 fail2ban.actions: WARNING [ssh] Unban 94.179.99.171
    2010-10-04 00:15:08,231 fail2ban.actions: WARNING [ssh] Ban 184.106.241.145
    2010-10-04 00:25:08,491 fail2ban.actions: WARNING [ssh] Unban 184.106.241.145
    2010-10-04 00:26:15,586 fail2ban.actions: WARNING [ssh] Ban 190.42.208.209
    2010-10-04 00:36:15,606 fail2ban.actions: WARNING [ssh] Unban 190.42.208.209
    2010-10-04 00:39:26,622 fail2ban.actions: WARNING [ssh] Ban 88.198.11.232
    2010-10-04 00:49:26,638 fail2ban.actions: WARNING [ssh] Unban 88.198.11.232
    2010-10-04 01:55:43,678 fail2ban.actions: WARNING [ssh] Ban 211.254.130.116
    2010-10-04 02:05:43,718 fail2ban.actions: WARNING [ssh] Unban 211.254.130.116
    2010-10-04 03:12:23,838 fail2ban.actions: WARNING [ssh] Ban 216.17.111.135
    2010-10-04 03:22:23,854 fail2ban.actions: WARNING [ssh] Unban 216.17.111.135
    2010-10-04 06:57:00,890 fail2ban.actions: WARNING [ssh] Ban 93.153.189.85
    2010-10-04 07:07:01,078 fail2ban.actions: WARNING [ssh] Unban 93.153.189.85
    2010-10-04 09:43:04,102 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 09:53:04,150 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 09:56:09,174 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 10:06:09,230 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 10:08:33,246 fail2ban.actions: WARNING [ssh] Ban 41.238.224.28
    2010-10-04 10:08:40,263 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 10:08:40,282 fail2ban.actions: WARNING [ssh] Ban 212.98.166.61
    2010-10-04 10:18:33,298 fail2ban.actions: WARNING [ssh] Unban 41.238.224.28
    2010-10-04 10:18:40,314 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 10:18:40,332 fail2ban.actions: WARNING [ssh] Unban 212.98.166.61
    2010-10-04 10:21:23,350 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 10:23:12,366 fail2ban.actions: WARNING [ssh] Ban 91.149.187.72
    2010-10-04 10:31:23,382 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 10:33:12,398 fail2ban.actions: WARNING [ssh] Unban 91.149.187.72
    2010-10-04 10:33:25,414 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 10:43:25,434 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 10:45:44,450 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 10:55:44,466 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 10:58:43,482 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 11:08:43,514 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 11:11:49,534 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 11:21:49,558 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 11:24:18,574 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 11:34:18,590 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 11:36:40,606 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 11:46:40,622 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 11:49:38,638 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 11:59:38,654 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 12:01:50,682 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 12:02:23,698 fail2ban.actions: WARNING [ssh] Ban 121.119.160.134
    2010-10-04 12:11:50,714 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 12:12:23,730 fail2ban.actions: WARNING [ssh] Unban 121.119.160.134
    2010-10-04 12:14:54,746 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 12:24:54,762 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 12:28:17,778 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 12:38:17,794 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 12:41:24,810 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 12:51:24,826 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 12:54:12,842 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 13:04:12,858 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 13:06:58,874 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 13:16:58,898 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 13:19:36,914 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 13:29:36,930 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 13:33:40,962 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 13:43:40,978 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 13:46:33,994 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
    2010-10-04 13:56:34,010 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
    2010-10-04 16:56:45,042 fail2ban.actions: WARNING [ssh] Ban 220.127.174.119
    2010-10-04 17:06:45,062 fail2ban.actions: WARNING [ssh] Unban 220.127.174.119
    2010-10-04 18:26:09,314 fail2ban.actions: WARNING [ssh] Ban 218.241.161.186
    2010-10-04 18:36:09,547 fail2ban.actions: WARNING [ssh] Unban 218.241.161.186
    2010-10-04 19:15:59,694 fail2ban.actions: WARNING [ssh] Ban 216.245.208.93
    2010-10-04 19:25:59,730 fail2ban.actions: WARNING [ssh] Unban 216.245.208.93
    2010-10-04 20:48:59,762 fail2ban.actions: WARNING [ssh] Ban 153.65.20.115
    2010-10-04 20:58:59,866 fail2ban.actions: WARNING [ssh] Unban 153.65.20.115
    2010-10-04 22:07:03,902 fail2ban.actions: WARNING [ssh] Ban 41.234.76.58
    2010-10-04 22:17:03,986 fail2ban.actions: WARNING [ssh] Unban 41.234.76.58
    2010-10-05 08:20:16,110 fail2ban.actions: WARNING [ssh] Ban 41.208.137.12
    2010-10-05 08:30:16,226 fail2ban.actions: WARNING [ssh] Unban 41.208.137.12
    2010-10-05 08:31:03,242 fail2ban.actions: WARNING [ssh] Ban 41.208.137.12
    2010-10-05 08:41:03,258 fail2ban.actions: WARNING [ssh] Unban 41.208.137.12
    2010-10-05 08:52:10,278 fail2ban.actions: WARNING [ssh] Ban 118.129.166.120
    2010-10-05 08:52:35,294 fail2ban.actions: WARNING [ssh] Ban 190.232.206.129
    2010-10-05 09:02:10,326 fail2ban.actions: WARNING [ssh] Unban 118.129.166.120
    2010-10-05 09:02:35,342 fail2ban.actions: WARNING [ssh] Unban 190.232.206.129
     
  2. till

    till Super Moderator

    Thats normal, so nothing to worry about. This happens to every computer which is connected to the internet all the time. Fail2ban is installed to block such attempts. The ssh login attempst are not related to apache response problems, so if you have any problems with apache, then you should investigate this in the apache error.log and syslog.
     
  3. Toucan

    Toucan New Member

    I'll have a look at the logs...

    Strange though that when I block ssh ports via the router all problems stop.
     

Share This Page