Bored Chinese

Since putting fail2ban in place, nearly all of the brute force password attacks have been out of China, a handful from Viet Nam.

Hi,

The IP 58.215.172.27 has just been banned by Fail2Ban after
5 attempts against SSH.


Here are more information about 58.215.172.27:

[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '58.208.0.0 - 58.223.255.255'

inetnum:        58.208.0.0 - 58.223.255.255
netname:        CHINANET-JS
descr:          CHINANET jiangsu province network
descr:          China Telecom
descr:          A12,Xin-Jie-Kou-Wai Street
descr:          Beijing 100088
country:        CN
admin-c:        CH93-AP
tech-c:         CJ186-AP
mnt-by:         APNIC-HM
mnt-lower:      MAINT-CHINANET-JS
mnt-routes:     MAINT-CHINANET-JS
remarks:        -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:        This object can only be updated by APNIC hostmasters.
remarks:        To update this object, please contact APNIC
remarks:        hostmasters and include your organisation's account
remarks:        name in the subject line.
remarks:        -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
status:         ALLOCATED PORTABLE
changed:        hm-changed@apnic.net 20050624
source:         APNIC

role:           CHINANET JIANGSU
address:        260 Zhongyang Road,Nanjing 210037
country:        CN
phone:          +86-25-86588231
phone:          +86-25-86588745
fax-no:         +86-25-86588104
e-mail:         ip@jsinfo.net
remarks:        send anti-spam reports to spam@jsinfo.net
remarks:        send abuse reports to abuse@jsinfo.net
remarks:        times in GMT+8
admin-c:        CH360-AP
tech-c:         CS306-AP
tech-c:         CN142-AP
nic-hdl:        CJ186-AP
remarks:        www.jsinfo.net
notify:         ip@jsinfo.net
mnt-by:         MAINT-CHINANET-JS
changed:        dns@jsinfo.net 20090831
changed:        ip@jsinfo.net 20090831
changed:        hm-changed@apnic.net 20090901
source:         APNIC
changed:        hm-changed@apnic.net 20111114

person:         Chinanet Hostmaster
nic-hdl:        CH93-AP
e-mail:         anti-spam@ns.chinanet.cn.net
address:        No.31 ,jingrong street,beijing
address:        100032
phone:          +86-10-58501724
fax-no:         +86-10-58501724
country:        CN
changed:        dingsy@cndata.com 20070416
changed:        zhengzm@gsta.com 20140227
mnt-by:         MAINT-CHINANET
source:         APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS1)

Regards,

Fail2Ban

Virus Warning!

There is a new virus propagating that until just now, clam-av was unaware of, and as a result there may be copies in your INBOX.

If you have an e-mail with an attachment eskimo.com.zip, DO NOT OPEN THE ZIP ATTACHMENT.

Two of three servers now have updated clam-AV database and will no longer accept this virus but I am having problems with a third server that is so choked with viruses I can’t get command line responses to update clam-AV.

This has caused outgoing mail to get stuck in queue, presently the two servers that are working are cleared and I am working on getting this one to update and clear itself.

Maintenance Outage 5/10/14 00:05-02:00

I will be rebooting and taking machines down for imaging tonight shortly after midnight.  I should be finished by approximately 2AM.

This is necessary to install kernel upgrades that fix a possible privilege escalation exploit in the kernel as well as to image the machines after adding fail2ban so that if a restoration is necessary at some point, that will get included in the restoration.

In short, these outages will enable us to make some improvements in site security as well as to backup some recently put in place.