SSH break-in attempts from within Spotify Stockholm office network

Reply

SSH break-in attempts from within Spotify Stockholm office network

kahara
Newbie

Being unaware of this forum, I first posted the following to Getsatisfaction:

 

https://getsatisfaction.com/spotify/topics/ssh_break_in_attempts_from_within_spotify_stockholm_offic...

 

I could not find any kind of proper contact on your website to take this matter to, so here goes my question, which really isn't related to the Spotify product: 

I have a Unix box facing the public internet with port 22 (SSH) open. Last night someone with IP address 194.236.60.83 (83.60.236.194.office.spotify.net – looks like this is your Stockholm office) tried to log in to said box's root account, until being automatically banned after too many attempts. Now, this sort of thing is normal in teh internets and if the perpetrator wasn't from your network I wouldn't really care. But as a paying customer I'm concerned that a) you have hired some very stupid people, or b) some machine inside your network is compromised. 

See for yourself: 

Feb 8 21:54:12 salasana sshd[5646]: Failed password for root from 194.236.60.83 port 44685 ssh2 
Feb 8 21:54:15 salasana sshd[5649]: Failed password for root from 194.236.60.83 port 44876 ssh2 
Feb 8 21:54:17 salasana sshd[5651]: Failed password for root from 194.236.60.83 port 45091 ssh2 
Feb 8 21:54:19 salasana sshd[5653]: Failed password for root from 194.236.60.83 port 45269 ssh2 
Feb 8 21:54:21 salasana sshd[5655]: Failed password for root from 194.236.60.83 port 45460 ssh2 
Feb 8 21:54:23 salasana sshd[5657]: Failed password for root from 194.236.60.83 port 45663 ssh2 
Feb 8 21:54:24 salasana sshd[5659]: Invalid user ben from 194.236.60.83 
Feb 8 21:54:26 salasana sshd[5659]: Failed password for invalid user ben from 194.236.60.83 port 45857 ssh2 
Feb 8 21:54:26 salasana sshd[5661]: Invalid user ben from 194.236.60.83 
Feb 8 21:54:28 salasana sshd[5661]: Failed password for invalid user ben from 194.236.60.83 port 46067 ssh2 
Feb 8 21:54:29 salasana sshd[5664]: Invalid user ben from 194.236.60.83 
Feb 8 21:54:31 salasana sshd[5664]: Failed password for invalid user ben from 194.236.60.83 port 46276 ssh2 
Feb 8 21:54:31 salasana sshd[5666]: Invalid user ben from 194.236.60.83 
Feb 8 21:54:33 salasana sshd[5666]: Failed password for invalid user ben from 194.236.60.83 port 46478 ssh2 
Feb 8 21:54:33 salasana sshd[5668]: Invalid user ben from 194.236.60.83 
Feb 8 21:54:35 salasana sshd[5668]: Failed password for invalid user ben from 194.236.60.83 port 46684 ssh2 
Feb 8 21:54:35 salasana sshd[5676]: refused connect from 194.236.60.83 (194.236.60.83)

0 Replies
SUGGESTED POSTS