Was going through my daily ritual of looking at the web servers log files and found these entries in the /var/log/secure. There were several attempts from this IP address. The usual stuff.
Mar 8 05:50:18 localhost sshd[20017]: Failed password for root from ::ffff:12.149.67.178 port 34463 ssh2
Mar 8 05:50:21 localhost sshd[20019]: Failed password for root from ::ffff:12.149.67.178 port 34733 ssh2
Mar 8 05:50:25 localhost sshd[20021]: Failed password for root from ::ffff:12.149.67.178 port 34997 ssh2
Mar 8 05:50:28 localhost sshd[20023]: Failed password for root from ::ffff:12.149.67.178 port 35257 ssh2
Let see who owns the IP address.
Pasted the info into Arin who’s who to see who it is.
AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
AMERICAN CHECK MANAGEMENT AMERICAN53-67-160 (NET-12-149-67-160-1)
12.149.67.160 - 12.149.67.191
Not much information, but it is American based so I’ll try and notify. I did a search on American Check Management and found this article.
I wonder if they will be happy with the hosting service if has ended up compromising financial data.
Labels: linux
