[mythtv-users] SSH break in attempt this morning using mythtv user

Jason Gillis jgillis at acm.org
Tue Feb 28 02:20:10 UTC 2006


Hi John,

Why am I emailing you tonight?  Well, it looks like you have a machine on 
24.1.121.211 that tried to break into my system this morning.  I was able to 
track you down via the whois information for your domain (nissley.org) and 
the IP address in my logs.

Why am I CC'ing this to the mythtv-users mail list?  Well, the following 
information is really useful to other mythtv system owners who may also be 
affected by John's break in activity.  It's interesting that the attempts 
from your IP address only tried to use the mythtv login name, so I'm 
guessing it's a fairly targetted attack.  If you're a mythtv user and you 
have an Internet accessible mythtv system, please check your logs to see if 
anyone other than you has logged into your system as the user mythtv.


Feb 27 08:08:21 phoenix sshd[8083]: User mythtv from 
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in 
AllowUsers
Feb 27 08:08:22 phoenix sshd[8088]: User mythtv from 
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in 
AllowUsers
Feb 27 08:08:25 phoenix sshd[8093]: User mythtv from 
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in 
AllowUsers
Feb 27 08:08:26 phoenix sshd[8098]: User mythtv from 
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in 
AllowUsers
Feb 27 08:08:28 phoenix sshd[8103]: User mythtv from 
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in 
AllowUsers
Feb 27 08:08:30 phoenix sshd[8108]: User mythtv from 
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in 
AllowUsers
Feb 27 08:08:31 phoenix sshd[8113]: User mythtv from 
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in 
AllowUsers
Feb 27 08:08:31 phoenix sshd[8118]: User mythtv from 
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in 
AllowUsers
Feb 27 08:08:32 phoenix sshd[8123]: User mythtv from 
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in 
AllowUsers
Feb 27 08:08:33 phoenix sshd[8128]: User mythtv from 
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in 
AllowUsers
Feb 27 08:08:34 phoenix sshd[8133]: User mythtv from 
c-24-1-121-211.hsd1.tx.comcast.net not allowed because not listed in 
AllowUsers

Luckily, I was smart enough to not allow mythtv to log into the system via 
ssh.  (Those times are Pacific time, by the way, so those would have been at 
around 10:08 AM your time in Texas.)

I would really appreciate it if you stop trying to break into my system.  I 
would assume that other people who run mythtv would really like you to not 
try to break into their systems either.  At best, it's really rude.  It's 
most likely illegal, though.  Don't do things that are illegal.

In any case, I noticed that you posted to the mythtv list a couple months 
ago.  I hope that things are going well with your mythtv system:  It's 
really the only way to watch TV!

Thanks,
Jason




nissley.org WhoIs information:
----------------------------
Domain ID:D101443055-LROR
Domain Name:NISSLEY.ORG
Created On:10-Sep-2003 03:53:17 UTC
Last Updated On:16-Feb-2006 09:29:31 UTC
Expiration Date:10-Sep-2007 03:53:17 UTC
Sponsoring Registrar:Go Daddy Software, Inc. (R91-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:GODA-03981248
Registrant Name:John Nissley
Registrant Organization:Personal
Registrant Street1:1426 Westmont Drive
Registrant City:Allen
Registrant State/Province:Texas
Registrant Postal Code:75013
Registrant Country:US
Registrant Phone:+1.2142743724
Registrant Email:John.Nissley at yahoo.com
Admin ID:GODA-23981248
Admin Name:John Nissley
Admin Organization:Personal
Admin Street1:1426 Westmont Drive
Admin City:Allen
Admin State/Province:Texas
Admin Postal Code:75013
Admin Country:US
Admin Phone:+1.9727470912
Admin Email:John.Nissley at mail.com
Tech ID:GODA-13981248
Tech Name:John Nissley
Tech Organization:Personal
Tech Street1:1426 Westmont Drive
Tech City:Allen
Tech State/Province:Texas
Tech Postal Code:75013
Tech Country:US
Tech Phone:+1.2142743724
Tech Email:John.Nissley at mail.com
Name Server:PARK11.SECURESERVER.NET
Name Server:PARK12.SECURESERVER.NET



More information about the mythtv-users mailing list