These days I had a very big issue which leads me to write 3 articles, so I think this was a big plus because I had a long time with no posts. Trying to understand, how from nowhere, one of our servers is not properly working I discovered a huge problem related to permissions on the EC2 instance.
Our server has exposed the 22 port and some good boys figure this out and tried to brute force the access. I canceled immediately the public access for that port and I think this maybe is helpful for you.
How it looks like in logs
Jul 15 07:11:42 ip-X-X-X-X sshd[9037]: Disconnected from invalid user user1 111.229.196.130 port 42312 [preauth]
Jul 15 07:11:42 ip-X-X-X-X sshd[9037]: Received disconnect from 111.229.196.130 port 42312:11: Bye Bye [preauth]
Jul 15 07:11:41 ip-X-X-X-X sshd[9037]: Invalid user user1 from 111.229.196.130 port 42312
10:14
Jul 15 07:11:57 ip-X-X-X-X sshd[9039]: Disconnected from invalid user uat 139.155.93.180 port 43756 [preauth]
Jul 15 07:11:57 ip-X-X-X-X sshd[9039]: Received disconnect from 139.155.93.180 port 43756:11: Bye Bye [preauth]
10:14
Jul 15 07:12:29 ip-X-X-X-X sshd[9042]: Disconnected from invalid user henry 106.12.111.201 port 36280 [preauth]
Jul 15 07:12:29 ip-X-X-X-X sshd[9042]: Received disconnect from 106.12.111.201 port 36280:11: Bye Bye [preauth]
Jul 15 07:12:28 ip-X-X-X-X sshd[9042]: Invalid user henry from 106.12.111.201 port 36280
10:14
Jul 15 07:13:02 ip-X-X-X-X sshd[9044]: Disconnected from invalid user jojo 49.233.197.193 port 39912 [preauth]
Jul 15 07:13:02 ip-X-X-X-X sshd[9044]: Received disconnect from 49.233.197.193 port 39912:11: Bye Bye [preauth]
Jul 15 07:13:01 ip-X-X-X-X sshd[9044]: Invalid user jojo from 49.233.197.193 port 39912
The post Don’t play stupid with the security of your app appeared first on boobo94.
Top comments (0)