One of the things a webmaster has to deal with is hacking and defacement.
Until today I was a virgin in that respect. But no longer!
This morning one of the webservers I use was hacked and defaced. After I called this in to our IT department they quickly took down the machine in order to restore, secure and analyse. The system is still down as I'm writing this.
This is a major annoyance to me.
Luckily Ambrosia has just released the updated OS X compatible version of Apeiron
so I can play my frustration away.
But before I indulge I decided to take a look into my own logfiles to see how my system is doing as this system is online 24/7.
My systemlog makes for some interesting reading today:
Nov 30 13:26:30 oook xinetd: service ssh, IPV6_ADDRFORM setsockopt() failed: Protocol not available (errno = 42)
Nov 30 13:26:30 oook xinetd: START: ssh pid=14337 from=22.214.171.124
Nov 30 13:26:30 oook sshd: reverse mapping checking getaddrinfo for happy4friends.de failed - POSSIBLE BREAKIN ATTEMPT!
Nov 30 18:20:53 oook xinetd: service ssh, IPV6_ADDRFORM setsockopt() failed: Protocol not available (errno = 42)
Nov 30 18:20:53 oook xinetd: START: ssh pid=1482 from=126.96.36.199
Nov 30 18:20:56 oook sshd: Illegal user patrick from 188.8.131.52
Nov 30 18:20:56 oook sshd: reverse mapping checking getaddrinfo for angel238-130-158-212-plzen.bluetone.cz failed - POSSIBLE BREAKIN ATTEMPT!
The attemps begin at around midday today and so far I have logged over 80 attempts.
Now if you'll excuse me I've got some bugs to squash.
[Update: 22:04] Hahaha! Eat this suckers. Game 6:
Ambrosia Highscores site.