# hmmm... a cracker?

## remix

last night i left my computer on, doing nothing but audacious with the monitor off.

this morning i wake up and there's no response from my computer, nothing on the screen, so i have to hard reboot. then when i boot up my cpu is back to stock speed, and it won't past post. so i turn it off, take a shower, and try again, this time it boots fine back to normal overclocked state. i look in /var/log/messages, and this is the last thing that happened last night...

*normal messages, i'm just including for context*

May 25 00:41:31 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:41:31 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:41:55 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:41:55 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:43:16 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:43:16 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:43:17 BFG-c2d device eth0 left promiscuous mode

May 25 00:43:17 BFG-c2d bridge-eth0: disabled promiscuous mode

May 25 00:43:17 BFG-c2d /dev/vmnet: open called by PID 8123 (vmware-vmx)

May 25 00:43:17 BFG-c2d device eth0 entered promiscuous mode

May 25 00:43:17 BFG-c2d bridge-eth0: enabled promiscuous mode

May 25 00:43:17 BFG-c2d /dev/vmnet: port on hub 0 successfully opened

May 25 00:43:17 BFG-c2d /dev/vmmon[8120]: host clock rate change request 83 -> 19

May 25 00:43:18 BFG-c2d device eth0 left promiscuous mode

May 25 00:43:18 BFG-c2d bridge-eth0: disabled promiscuous mode

May 25 00:43:18 BFG-c2d /dev/vmmon[8112]: host clock rate change request 19 -> 0

May 25 00:43:18 BFG-c2d vmmon: Had to deallocate locked 78554 pages from vm driver ffff81004f488000

May 25 00:43:18 BFG-c2d vmmon: Had to deallocate AWE 8892 pages from vm driver ffff81004f488000

May 25 00:43:52 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:43:52 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:43:57 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:43:57 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:44:05 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:44:05 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:44:24 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:44:24 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:46:00 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:46:00 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:46:09 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:46:09 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:47:01 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:47:01 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:48:01 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:48:01 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:48:02 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:48:02 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:48:08 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:48:08 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:48:13 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:48:13 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:48:19 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:48:19 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:49:05 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:49:05 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:50:26 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:50:26 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:50:27 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:50:27 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:50:31 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:50:31 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:50:52 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:50:52 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:51:27 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:51:27 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:51:32 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:51:32 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:52:22 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:52:22 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:53:16 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:53:16 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:53:19 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:53:19 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:53:24 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:53:24 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:53:34 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:53:34 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:53:42 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:53:42 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:54:02 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:54:02 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:54:06 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:54:06 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:54:14 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:54:14 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:54:19 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:54:19 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:55:58 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:55:58 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:56:02 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:56:02 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:56:13 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:56:13 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:57:11 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:57:11 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:57:19 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:57:19 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:58:41 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:58:41 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:58:42 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:58:42 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:58:47 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:58:47 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:58:52 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:58:52 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:59:06 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:59:06 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:59:09 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:59:09 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:59:15 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:59:15 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:59:20 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:59:20 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:59:24 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:59:24 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 00:59:51 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 00:59:51 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 00:59:51 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 00:59:51 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:00:00 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:00:00 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:00:05 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:00:05 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:00:12 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:00:12 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:00:17 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:00:17 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:00:51 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 01:00:51 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 01:00:52 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:00:52 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:00:57 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:00:57 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:01:45 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:01:45 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:01:48 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:01:48 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:01:51 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 01:01:51 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 01:01:53 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:01:53 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:02:01 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:02:01 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:02:07 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:02:07 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:02:52 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 01:02:52 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 01:02:54 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:02:54 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:03:57 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 01:03:57 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 01:03:57 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:03:57 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:04:02 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:04:02 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:04:34 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:04:34 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:05:19 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 01:05:19 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

May 25 01:05:28 BFG-c2d atkbd.c: Unknown key pressed (translated set 2, code 0xd9 on isa0060/serio0).

May 25 01:05:28 BFG-c2d atkbd.c: Use 'setkeycodes e059 <keycode>' to make it known.

May 25 01:08:46 BFG-c2d atkbd.c: Unknown key released (translated set 2, code 0x81 on isa0060/serio0).

May 25 01:08:46 BFG-c2d atkbd.c: Use 'setkeycodes e001 <keycode>' to make it known.

*normal messages, i was working late*

*no other messages in this 40 minutes*

*40 minutes after i hit the bed

May 25 01:49:25 BFG-c2d sshd[14198]: Did not receive identification string from 218.16.121.91

May 25 01:53:49 BFG-c2d sshd[14368]: Invalid user globus from 218.16.121.91

May 25 01:53:52 BFG-c2d sshd[14373]: Invalid user condor from 218.16.121.91

May 25 01:53:55 BFG-c2d sshd[14378]: Invalid user tomcat from 218.16.121.91

May 25 01:54:00 BFG-c2d sshd[14383]: Invalid user global from 218.16.121.91

May 25 01:54:02 BFG-c2d sshd[14388]: Invalid user upload from 218.16.121.91

May 25 01:54:06 BFG-c2d sshd[14393]: Invalid user jboss from 218.16.121.91

May 25 01:54:12 BFG-c2d sshd[14403]: Invalid user demo from 218.16.121.91

May 25 01:54:14 BFG-c2d sshd[14408]: Invalid user apache from 218.16.121.91

May 25 01:54:17 BFG-c2d sshd[14413]: Invalid user postgres from 218.16.121.91

May 25 01:54:22 BFG-c2d sshd[14423]: Invalid user tester from 218.16.121.91

May 25 01:54:25 BFG-c2d sshd[14428]: Invalid user testing from 218.16.121.91

May 25 01:54:27 BFG-c2d sshd[14433]: Invalid user test from 218.16.121.91

May 25 01:54:30 BFG-c2d sshd[14438]: Invalid user photo from 218.16.121.91

May 25 01:54:32 BFG-c2d sshd[14443]: Invalid user oracle from 218.16.121.91

May 25 01:54:34 BFG-c2d sshd[14448]: Invalid user feedback from 218.16.121.91

May 25 01:54:36 BFG-c2d sshd[14453]: Invalid user sameer from 218.16.121.91

May 25 01:54:40 BFG-c2d sshd[14458]: Invalid user temp from 218.16.121.91

May 25 01:54:43 BFG-c2d sshd[14463]: Invalid user testuser from 218.16.121.91

May 25 01:54:47 BFG-c2d sshd[14468]: Invalid user portal from 218.16.121.91

May 25 01:54:51 BFG-c2d sshd[14473]: Invalid user college from 218.16.121.91

May 25 01:54:53 BFG-c2d sshd[14478]: Invalid user nagios from 218.16.121.91

May 25 01:54:55 BFG-c2d sshd[14483]: Invalid user office from 218.16.121.91

May 25 01:54:58 BFG-c2d sshd[14489]: Invalid user info from 218.16.121.91

May 25 01:55:00 BFG-c2d sshd[14494]: Invalid user spamtest from 218.16.121.91

May 25 02:05:39 BFG-c2d sshd[14508]: Did not receive identification string from 64.56.191.176

May 25 02:07:27 BFG-c2d sshd[14513]: Invalid user webmaster from 64.56.191.176

May 25 02:07:29 BFG-c2d sshd[14518]: Invalid user admin from 64.56.191.176

May 25 02:07:32 BFG-c2d sshd[14528]: Invalid user webadmin from 64.56.191.176

May 25 02:07:34 BFG-c2d sshd[14533]: Invalid user ftp from 64.56.191.176

May 25 02:07:35 BFG-c2d sshd[14538]: Invalid user ftpuser from 64.56.191.176

May 25 02:07:37 BFG-c2d sshd[14543]: Invalid user testuser from 64.56.191.176

May 25 02:07:39 BFG-c2d sshd[14548]: Invalid user testuser from 64.56.191.176

May 25 02:07:41 BFG-c2d sshd[14553]: Invalid user test from 64.56.191.176

May 25 02:07:43 BFG-c2d sshd[14558]: Invalid user guestuser from 64.56.191.176

May 25 02:07:45 BFG-c2d sshd[14563]: Invalid user test01 from 64.56.191.176

May 25 02:07:47 BFG-c2d sshd[14568]: Invalid user test2 from 64.56.191.176

May 25 02:07:50 BFG-c2d sshd[14573]: Invalid user test3 from 64.56.191.176

May 25 02:07:51 BFG-c2d sshd[14578]: Invalid user test4 from 64.56.191.176

May 25 02:07:53 BFG-c2d sshd[14583]: Invalid user test5 from 64.56.191.176

May 25 02:07:55 BFG-c2d sshd[14588]: Invalid user test6 from 64.56.191.176

May 25 02:07:57 BFG-c2d sshd[14593]: Invalid user test7 from 64.56.191.176

May 25 02:07:59 BFG-c2d sshd[14598]: Invalid user test8 from 64.56.191.176

May 25 02:08:01 BFG-c2d sshd[14603]: Invalid user test9 from 64.56.191.176

May 25 02:08:03 BFG-c2d sshd[14608]: Invalid user test10 from 64.56.191.176

May 25 02:08:05 BFG-c2d sshd[14613]: Invalid user user1 from 64.56.191.176

May 25 02:08:06 BFG-c2d sshd[14618]: Invalid user user2 from 64.56.191.176

May 25 02:08:08 BFG-c2d sshd[14623]: Invalid user user3 from 64.56.191.176

May 25 02:08:10 BFG-c2d sshd[14628]: Invalid user user4 from 64.56.191.176

May 25 02:08:12 BFG-c2d sshd[14633]: Invalid user user5 from 64.56.191.176

May 25 02:08:15 BFG-c2d sshd[14638]: Invalid user user6 from 64.56.191.176

May 25 02:08:17 BFG-c2d sshd[14643]: Invalid user user7 from 64.56.191.176

May 25 02:08:19 BFG-c2d sshd[14648]: Invalid user user8 from 64.56.191.176

May 25 02:08:21 BFG-c2d sshd[14653]: Invalid user user9 from 64.56.191.176

May 25 02:08:24 BFG-c2d sshd[14658]: Invalid user user10 from 64.56.191.176

May 25 02:08:25 BFG-c2d sshd[14663]: Invalid user simon from 64.56.191.176

May 25 02:08:27 BFG-c2d sshd[14668]: Invalid user david from 64.56.191.176

May 25 02:08:29 BFG-c2d sshd[14673]: Invalid user monica from 64.56.191.176

May 25 02:08:31 BFG-c2d sshd[14678]: Invalid user sql from 64.56.191.176

May 25 02:08:38 BFG-c2d sshd[14689]: Invalid user sybase from 64.56.191.176

May 25 02:08:40 BFG-c2d sshd[14694]: Invalid user informix from 64.56.191.176

May 25 02:09:34 BFG-c2d sshd[14779]: Invalid user shell from 64.56.191.176

May 25 02:09:37 BFG-c2d sshd[14784]: Invalid user noaccess from 64.56.191.176

May 25 02:10:16 BFG-c2d sshd[14829]: Invalid user email from 64.56.191.176

*my computer stops working i guess cause this is the last message before it crashes.*

*this is me booting up in the morning*

May 25 06:48:11 BFG-c2d syslog-ng[5704]: syslog-ng version 1.6.11 starting

May 25 06:48:11 BFG-c2d syslog-ng[5704]: Changing permissions on special file /dev/tty12

May 25 06:48:11 BFG-c2d Linux version 2.6.20-viper4 (root@BFG-c2d) (gcc version 4.1.1 (Gentoo 4.1.1-r3)) #1 SMP PREEMPT Fri Feb 23 09:56:23 HST 2007

May 25 06:48:11 BFG-c2d Command line: root=/dev/sdb3 noexec32=off

May 25 06:48:11 BFG-c2d BIOS-provided physical RAM map:

May 25 06:48:11 BFG-c2d BIOS-e820: 0000000000000000 - 000000000009f000 (usable)

May 25 06:48:11 BFG-c2d BIOS-e820: 000000000009f000 - 00000000000a0000 (reserved)

May 25 06:48:11 BFG-c2d BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)

May 25 06:48:11 BFG-c2d BIOS-e820: 0000000000100000 - 000000007fef0000 (usable)

May 25 06:48:11 BFG-c2d BIOS-e820: 000000007fef0000 - 000000007fef3000 (ACPI NVS)

May 25 06:48:11 BFG-c2d BIOS-e820: 000000007fef3000 - 000000007ff00000 (ACPI data)

May 25 06:48:11 BFG-c2d BIOS-e820: 00000000d0000000 - 00000000f0000000 (reserved)

May 25 06:48:11 BFG-c2d BIOS-e820: 00000000fec00000 - 0000000100000000 (reserved)

May 25 06:48:11 BFG-c2d Entering add_active_range(0, 0, 159) 0 entries of 3200 used

May 25 06:48:11 BFG-c2d Entering add_active_range(0, 256, 524016) 1 entries of 3200 used

May 25 06:48:11 BFG-c2d end_pfn_map = 1048576

May 25 06:48:11 BFG-c2d DMI 2.4 present.

any recommendations? i think first i'll change my ssh port, lol. my passwords are pretty good, i'm not worried, i just don't know why my computer rebooted   :Question: 

----------

## lghman

Like you said, first I would change the ssh port, and then I would install something like fail2ban or denyhosts, which would drop his connection after the first x amount of invalid login attempts.  

Wow!  First post back here in a long time!

----------

## eccerr0r

all bets are off when overclocking, you'll need to make sure that the machine is stable otherwise before assuming someone hacked into your machine and reboots it.

These annoying ssh attempts affect my machine as well, seems like everyone's getting them  :Sad: 

----------

## bunder

 *eccerr0r wrote:*   

> These annoying ssh attempts affect my machine as well, seems like everyone's getting them 

 

more than twice a day.   :Crying or Very sad: 

----------

## Cyker

I set up a script with SEC to monitor my sshd logs but you can do this with denyhosts or pretty much anything that can process logs.

All you really need are 3 rules:

1) If you see "Did not receive identification string from xyz", hosts.deny/blacklist xyz immediately

2) If you see an "Invalid user ??? from xyz", hosts.deny/blacklist xyz immediately

3) If you get more than 3-5 password failures in 60 seconds then hosts.deny/blacklist the source immediately

That'll make you virtually impervious unless you have a static IP  :Wink: 

----------

## eccerr0r

Sometimes I wonder if I auto-blacklist all people sending bruteforce attempts to my machine - currently I'm manually blacklisting.

Eventually the list of machines will be tens of thousands of entries long.  I wonder at what point will it actually slow down my machine while doing lookups for known bad machines.

I've gotten a large sampling of machines now, the pool of exploited machines is *huge* ... I am definately starting to get some repeat offenders but the sheer number of them is staggering.  My current estimates of these exploit machines (I've gotten on the order of 1000 unique machines)  if they're all in the same pool - measures in at least 10s of thousands of machines used to exploit.  This is so sad...

----------

## Napalm Llama

I'm curious as to whether these machines are cracked *nix, or just Windows drones.  Obviously there are massive Windows botnets out there, but if these crackers/script kiddies are interested in SSH, (not so common in Microsoft land, to my knowledge), maybe their botnets are made up of comprised *nix machines, too?  Scary...

----------

## pteppic

 *bunder wrote:*   

>  *eccerr0r wrote:*   These annoying ssh attempts affect my machine as well, seems like everyone's getting them  
> 
> more than twice a day.  

 30 a week on average here and that's only the ones that get an iptables -j REJECT after 6 wrong tries.

----------

## lghman

Are any of you running on non-standard ports?  I am and I don't get nearly that amount of hits.

Napalm Llama:  I would guess that they are more than likely just windows drones.  We should try some backwards recon on these boxes that hit us and find out for sure.  I just can't imagine that many *Nix machines being involved in this, just considering the sheer statistics of Windows v. *Nix boxes out there.  But I could be wrong, happened before.    :Very Happy: 

----------

## pteppic

Well, feel free to investigate these ones, they get emailed to me, and are no more than 8 days old

```
[cat ~/.maildir/.Logs.SSH_Blacklist/cur/*|grep -E "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" -o|sort -u

125.215.219.124

148.222.150.1

192.107.75.26

192.168.1.254

200.30.94.11

203.88.121.64

206.113.206.224

208.116.56.20

210.251.103.243

210.83.183.14

211.198.225.182

211.22.128.71

211.227.238.127

212.8.104.42

218.104.244.186

219.136.240.129

222.90.234.68

59.124.40.120

61.64.243.194

62.193.224.155

66.70.70.20

67.106.132.197

67.43.112.19

84.246.4.133

84.41.191.121

85.207.105.100

85.221.166.59

86.109.164.206

88.198.33.173

88.84.142.219
```

If your IP is on that list,  STOP IT!!

----------

## ningo

These are Drones probing various Subnets on the Internets. Sadly, these belong to the ambient noise nowadays. It's save to ignore them as long as you don't have a password one can look up in a dictionary or is shorter than 5 letters.

----------

## Napalm Llama

 *pteppic wrote:*   

> 192.168.1.254

 

Are you sure about this one?  If so, I'd be worried...

----------

## pteppic

 *Napalm Llama wrote:*   

>  *pteppic wrote:*   192.168.1.254 
> 
> Are you sure about this one?  If so, I'd be worried...

 It's in the sent from header of the emails I grepped, not an issue, it's the LAN IP of the machine being attacked.

----------

## lghman

 *ningo wrote:*   

> These are Drones probing various Subnets on the Internets. Sadly, these belong to the ambient noise nowadays. It's save to ignore them as long as you don't have a password one can look up in a dictionary or is shorter than 5 letters.

 

You mean my password should be longer than 5 letters???   :Shocked:   :Laughing: 

I'll play with some of those ip's later tonight and see what I get.  I agree with ningo though, I wouldn't worry about it.

Napalm Llama:  Nice catch, I barely looked at that list!    :Very Happy: 

----------

