[mythtv-users] SSH break in attempt this morning using mythtv user
Jason Gillis
jgillis at acm.org
Tue Feb 28 02:20:10 UTC 2006
Hi John,
Why am I emailing you tonight? Well, it looks like you have a machine on
24.1.121.211 that tried to break into my system this morning. I was able to
track you down via the whois information for your domain (nissley.org) and
the IP address in my logs.
Why am I CC'ing this to the mythtv-users mail list? Well, the following
information is really useful to other mythtv system owners who may also be
affected by John's break in activity. It's interesting that the attempts
from your IP address only tried to use the mythtv login name, so I'm
guessing it's a fairly targetted attack. If you're a mythtv user and you
have an Internet accessible mythtv system, please check your logs to see if
anyone other than you has logged into your system as the user mythtv.
Feb 27 08:08:21 phoenix sshd[8083]: User mythtv from
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in
AllowUsers
Feb 27 08:08:22 phoenix sshd[8088]: User mythtv from
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in
AllowUsers
Feb 27 08:08:25 phoenix sshd[8093]: User mythtv from
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in
AllowUsers
Feb 27 08:08:26 phoenix sshd[8098]: User mythtv from
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in
AllowUsers
Feb 27 08:08:28 phoenix sshd[8103]: User mythtv from
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in
AllowUsers
Feb 27 08:08:30 phoenix sshd[8108]: User mythtv from
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in
AllowUsers
Feb 27 08:08:31 phoenix sshd[8113]: User mythtv from
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in
AllowUsers
Feb 27 08:08:31 phoenix sshd[8118]: User mythtv from
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in
AllowUsers
Feb 27 08:08:32 phoenix sshd[8123]: User mythtv from
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in
AllowUsers
Feb 27 08:08:33 phoenix sshd[8128]: User mythtv from
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in
AllowUsers
Feb 27 08:08:34 phoenix sshd[8133]: User mythtv from
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in
AllowUsers
Luckily, I was smart enough to not allow mythtv to log into the system via
ssh. (Those times are Pacific time, by the way, so those would have been at
around 10:08 AM your time in Texas.)
I would really appreciate it if you stop trying to break into my system. I
would assume that other people who run mythtv would really like you to not
try to break into their systems either. At best, it's really rude. It's
most likely illegal, though. Don't do things that are illegal.
In any case, I noticed that you posted to the mythtv list a couple months
ago. I hope that things are going well with your mythtv system: It's
really the only way to watch TV!
Thanks,
Jason
nissley.org WhoIs information:
----------------------------
Domain ID:D101443055-LROR
Domain Name:NISSLEY.ORG
Created On:10-Sep-2003 03:53:17 UTC
Last Updated On:16-Feb-2006 09:29:31 UTC
Expiration Date:10-Sep-2007 03:53:17 UTC
Sponsoring Registrar:Go Daddy Software, Inc. (R91-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:GODA-03981248
Registrant Name:John Nissley
Registrant Organization:Personal
Registrant Street1:1426 Westmont Drive
Registrant City:Allen
Registrant State/Province:Texas
Registrant Postal Code:75013
Registrant Country:US
Registrant Phone:+1.2142743724
Registrant Email:John.Nissley at yahoo.com
Admin ID:GODA-23981248
Admin Name:John Nissley
Admin Organization:Personal
Admin Street1:1426 Westmont Drive
Admin City:Allen
Admin State/Province:Texas
Admin Postal Code:75013
Admin Country:US
Admin Phone:+1.9727470912
Admin Email:John.Nissley at mail.com
Tech ID:GODA-13981248
Tech Name:John Nissley
Tech Organization:Personal
Tech Street1:1426 Westmont Drive
Tech City:Allen
Tech State/Province:Texas
Tech Postal Code:75013
Tech Country:US
Tech Phone:+1.2142743724
Tech Email:John.Nissley at mail.com
Name Server:PARK11.SECURESERVER.NET
Name Server:PARK12.SECURESERVER.NET
More information about the mythtv-users
mailing list