Saturday, October 16, 2010

Who's trying to hack my Linux server today?

My Linux security logs have recorded thousands of attempts to crack my passwords and take over my system. This morning for example, somebody from the IP address 219.235.4.123 tried 83 different username/password combinations in just 12 seconds. Conclusions:

1) Obviously, this was an automated attack. Nobody types that fast.

2) The IP address (219.235.4.123) is located in China. Owner of the domain is Shanghai QjanWan Network Co, Ltd. located at No 2601 (2), Songhuajiang Load, Shanghai , China, Shanghai B&T Network and Telecom Inc

3) Email address of the domain contact, Gu Honghai, is hhgu@hotmail.com (yeah right, a hotmail account for a legitimate business).

Yes, I could launch a counter attack at that domain, take it over, and do some pretty awful things to everyone who has ever touched that system. Then I could wait for a knock on my door and be perp walked to a waiting squad car. I'm not inclined to do that.

So instead, I'm going to send Gu Honghai an email and see what kind of response I get. Oh, and also copy the FBI to see how they respond. Stay tuned.