Azi am primit o notificare cum că pe unul din serverele noastre (tango), un IP a fost blocat în urma unor încercări eşuate de autentificare repetate.
Este ceva obişnuit, cam 2-3 IP-uri fiind blocate zilnic de fiecare din serverele noastre.
Altceva m-a frapat însă: IP-ul are înregistrare Reverse DNS şi asta este: itm.vaslui.ro.

Am tatstat repede IP-ul 86.127.121.5 în browser şi surpriză: s-a deschis o pagină extrem de urâtă şi greu inteligibilă, aşa cum sunt toate paginile de la ITM (Inspecţia Teritorială a Muncii). Am verificat repede la ITM Online ce adresă ar trebui să aibă ITM Vaslui şi a început distracţia: adresa oficială a ITM Vaslui ar trebui să fie www.itmvaslui.home.ro, pagină care nu există. Mai mult, numărul de telefon afişat nu este valabil.

Aşadar, a avut loc o încercare de autentificare neautorizată de la un IP care pare a fi al ITM Vaslui.
Pe de altă parte, ITM Online are informaţii neactualizate despre inspectoratele judeţene.

Interpretarea vă aparţine.

Feb 15 18:19:50 tango sshd[21817]: Did not receive identification string from 86.127.121.5
Feb 15 18:20:02 tango sshd[21821]: Did not receive identification string from 86.127.121.5
Feb 15 18:25:36 tango sshd[21931]: Invalid user mysql from 86.127.121.5
Feb 15 18:25:36 tango sshd[21932]: input_userauth_request: invalid user mysql
Feb 15 18:25:36 tango sshd[21931]: pam_unix(sshd:auth): check pass; user unknown
Feb 15 18:25:36 tango sshd[21931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=itm.vaslui.ro
Feb 15 18:25:36 tango sshd[21931]: pam_succeed_if(sshd:auth): error retrieving information about user mysql
Feb 15 18:25:38 tango sshd[21931]: Failed password for invalid user mysql from 86.127.121.5 port 34890 ssh2
Feb 15 18:25:38 tango sshd[21932]: Received disconnect from 86.127.121.5: 11: Bye Bye
Feb 15 18:25:39 tango sshd[21933]: Invalid user mysql from 86.127.121.5
Feb 15 18:25:39 tango sshd[21934]: input_userauth_request: invalid user mysql
Feb 15 18:25:39 tango sshd[21933]: pam_unix(sshd:auth): check pass; user unknown
Feb 15 18:25:39 tango sshd[21933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.127.121.5
Feb 15 18:25:39 tango sshd[21933]: pam_succeed_if(sshd:auth): error retrieving information about user mysql
Feb 15 18:25:42 tango sshd[21933]: Failed password for invalid user mysql from 86.127.121.5 port 34968 ssh2
Feb 15 18:25:42 tango sshd[21934]: Received disconnect from 86.127.121.5: 11: Bye Bye
Feb 15 18:25:42 tango sshd[21936]: Invalid user mysql from 86.127.121.5
Feb 15 18:25:42 tango sshd[21937]: input_userauth_request: invalid user mysql
Feb 15 18:25:42 tango sshd[21936]: pam_unix(sshd:auth): check pass; user unknown
Feb 15 18:25:42 tango sshd[21936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.127.121.5
Feb 15 18:25:42 tango sshd[21936]: pam_succeed_if(sshd:auth): error retrieving information about user mysql
Feb 15 18:25:44 tango sshd[21936]: Failed password for invalid user mysql from 86.127.121.5 port 35051 ssh2
Feb 15 18:25:44 tango sshd[21937]: Received disconnect from 86.127.121.5: 11: Bye Bye
Feb 15 18:25:45 tango sshd[21938]: Invalid user mysql from 86.127.121.5
Feb 15 18:25:45 tango sshd[21939]: input_userauth_request: invalid user mysql
Feb 15 18:25:45 tango sshd[21938]: pam_unix(sshd:auth): check pass; user unknown
Feb 15 18:25:45 tango sshd[21938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=itm.vaslui.ro
Feb 15 18:25:45 tango sshd[21938]: pam_succeed_if(sshd:auth): error retrieving information about user mysql
Feb 15 18:25:47 tango sshd[21938]: Failed password for invalid user mysql from 86.127.121.5 port 35128 ssh2
Feb 15 18:25:48 tango sshd[21939]: Received disconnect from 86.127.121.5: 11: Bye Bye
Feb 15 18:25:48 tango sshd[21940]: Invalid user mysql from 86.127.121.5
Feb 15 18:25:48 tango sshd[21941]: input_userauth_request: invalid user mysql
Feb 15 18:25:48 tango sshd[21940]: pam_unix(sshd:auth): check pass; user unknown
Feb 15 18:25:48 tango sshd[21940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=itm.vaslui.ro
Feb 15 18:25:48 tango sshd[21940]: pam_succeed_if(sshd:auth): error retrieving information about user mysql
Feb 15 18:25:50 tango sshd[21940]: Failed password for invalid user mysql from 86.127.121.5 port 35226 ssh2
Feb 15 18:25:50 tango sshd[21941]: Received disconnect from 86.127.121.5: 11: Bye Bye
Feb 15 18:25:51 tango sshd[21942]: Invalid user mysqlshell from 86.127.121.5
Feb 15 18:25:51 tango sshd[21943]: input_userauth_request: invalid user mysqlshell
Feb 15 18:25:51 tango sshd[21942]: pam_unix(sshd:auth): check pass; user unknown
Feb 15 18:25:51 tango sshd[21942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=itm.vaslui.ro
Feb 15 18:25:51 tango sshd[21942]: pam_succeed_if(sshd:auth): error retrieving information about user mysqlshell
Feb 15 18:25:54 tango sshd[21942]: Failed password for invalid user mysqlshell from 86.127.121.5 port 35327 ssh2