2014-09-24-0527Z


I rarely run a security audit on my servers. here's one:

root@hetzner2 ~ # grep -v cron /var/log/auth.log | grep Failed | awk '{print $11}' | sort | uniq -c
    473 116.255.183.148
      1 122.141.251.42
    153 122.225.109.118
    166 122.225.109.195
    247 122.225.109.211
    197 122.225.109.216
    287 122.225.109.219
    279 122.225.109.220
     78 122.225.109.98
      4 193.104.41.10
      1 209.239.114.179
    208 211.72.184.100
   6546 219.138.135.62
    278 219.138.135.66
      2 221.131.71.123
   2391 222.186.34.119
     12 27.254.33.142
      8 61.152.108.18
    113 61.174.51.194
    240 61.174.51.199
    449 61.174.51.207
    230 61.174.51.219
    271 61.174.51.222
      5 61.234.104.167
      2 a
      8 abc123
    381 admin
     12 adrian
     32 aion
     29 alex
     14 angel
     16 anna
     27 apache
      9 asp
     23 asterisk
      9 asteriskpbx
     14 ben
      1 bwadmin
      2 cmsftp
      2 cpter1
     13 cyrus
     18 daniel
      2 dasusr1
     16 david
      2 db2admin
      2 db2fenc1
      4 db2inst
     19 db2inst1
     12 debian
     24 deploy
     28 deployer
     17 dev
      2 devdata
     34 developer
     23 ec2-user
      6 eric
     26 ftp
     14 ftp1
     28 ftpuser
      2 ftpuser1
      1 george
      6 getmail
      2 gfep
     59 git
      1 gitlab
      4 gitolite
      1 gitorious
      4 gitosis
      3 gituser
      1 gouveia1
      1 gpadmin
      3 guest
     23 hadoop
      2 haibis
     14 hannes
      1 hbistc
      1 hduser
     10 henny
      3 hexiao
      2 hmsftp
      1 homes
     16 hostmaster
      2 hqq
      2 hsm
     17 hudson
      3 icinga
      1 ims
     21 info
      2 informix
     15 ispconfig
      2 jannik
     22 jason
      2 jbc
     24 jboss
     49 jenkins
     35 jira
     18 joomla
     15 juan
     11 kartel
     14 kevin
      1 kubota
      1 laci
      1 liangxiao
      1 linux
      1 lisendong
      2 lshapps
      2 lshora
      1 machenglong
     20 mailer
      1 mantis
     15 martin
      1 mas
      1 mc
     50 minecraft
      1 minidlna
      1 mircte
      1 mlog
      1 mobilenetgames
      1 mongodb
      1 moni
      9 moodle
      1 mpos
      1 mumble
      1 muraki
      2 mxque
      5 mysql
      4 mythtv
      2 nag1os
     40 nagios
      1 nagios1
      1 nagios2
      1 nagios3
      1 nagios5
      1 nani
      1 nexus
      2 nginx
      1 nicole
      1 nitin
      2 niuchao
     17 noreply
     16 no-reply
      1 notice
      1 openbraov
     31 openbravo
      1 openvpn
      6 oprofile
     31 oracle
      1 oracle1
      1 oracle11g
      1 oracle2
      1 orsap
      1 orsapinf
     23 otrs
      3 patrol
     13 pedro
      1 pervuhina
      3 pgsql
      6 pi
      2 portal
      7 posp
     28 postgres
      1 praveen
      1 public
      1 qma
     12 qtss
      3 rashed
      1 ravikanth
      6 recruit
      4 redis
     35 redmine
      1 report
      1 resim
      1 righa
     11 rsync
      2 rts
     21 share
      6 support
     18 svn
     62 teamspeak
     41 teamspeak3
     10 test
      7 test1
      2 test123
      1 test1234
      5 test2
      6 test3
      5 test4
      6 testuser
     14 tom
     26 tomcat
     11 tomcat5
     13 tomcat6
     11 tomcat7
      2 trade
     44 ts
     38 ts3
      2 ubnt
     19 upload
     25 usuario
      5 usuario1
      6 usuario2
      2 web
     25 webadmin
      2 weblogic
      2 webuser
     24 wordpress
      9 wp
     20 www
     12 wwwrun
      8 xyz
     39 zabbix

Back to blog or home page

last updated 2014-09-24 01:36:50. served from tektonic.jcomeau.com