Return-Path: <autogenerated@abuse.customer-config.de>
X-Original-To: autogenerated@blocklist.de
Delivered-To: autogenerated@blocklist.de
Received: by server5.customer-config.de (Postfix, from userid 0)
	id DADB43A88D0; Thu, 11 Mar 2010 18:00:22 +0100 (CET)
To: "Abuse-Team of IP: 85.25.xxx.xx" <autogenerated@blocklist.de>
Subject: abuse report about 85.25.xxx.xx - Mar  3 2010 02:13:35 +0100 [noreply] service: ssh
MIME-Version: 1.0
Reply-To: "Abuse-Team" <abuse-team@customer-config.de>
From: "Abuse-Team (auto-generated)" <autogenerated@abuse.customer-config.de>
Sender: abuse-team@customer-config.de
Errors-To: autogenerated@abuse.customer-config.de
Auto-Submitted: auto-generated
X-ARF: yes
Subject: abuse report about 85.25.xxx.xx - Feb 20 2010 02:18:29 +0100 [noreply] service: ssh
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; charset=utf8;
	boundary=Abuse-bfbb0f920793ac03cb8634bde14d8a1e;
Message-Id: <20100311170022.DADB43A88D0@blocklist.de>
Date: Thu, 11 Mar 2010 18:00:22 +0100 (CET)


--Abuse-bfbb0f920793ac03cb8634bde14d8a1e
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf-8;


Hello Abuse-Team,

your Server with the IP: 85.25.xxx.xx has attacked one of our Server on the Service: "ssh"
on Time: Mar  3 2010 02:13:35 +0100. The IP has blocked now automatically.
To block a IP, it needs 3 failed Logins or one match for "invalid user"!
Please check the Machine behind the IP 85.25.xxx.xx (static-ip-xx-xx-xxx-xx.inaddr.xxx.de) and fix the Problem.

In the Attachment of the Mail you find the Original Protocols of our System.
This Mail is generated in X-ARF!
You found more Information about x-arf under http://www.x-arf.org/specification.html 


We found your Address in the Contact-Database abusix.org. Should the data is incorrect, then please contact Abusix among: 
http://abusix.org/services/abuse-contact-db

The Message was sended automatically, please answer us for Questions.


....footer with pgp-signature and more stuff....


--Abuse-bfbb0f920793ac03cb8634bde14d8a1e
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf-8; name="report.txt";

---
Reported-From: autogenerated@abuse.customer-config.de
Category: abuse
Report-Type: login-attack
Service: ssh
Version: 0.1
User-Agent: blocklist.de V0.1
Date: Mar  3 2010 02:13:35 +0100
Source-Type: ip-address
Source: 85.25.xxx.xx
Port: 22
Report-ID: 12675788150797@blocklist.de
Schema-URL: http://www.x-arf.org/schema/abuse_login-attack_0.1.1.json
Attachment: text/plain


--Abuse-bfbb0f920793ac03cb8634bde14d8a1e
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf8; name="logfile.log";

Lines containing IP:85.25.xxx.xx in /var/log/auth.log

Mar  3 01:21:36 server4 sshd[2790]: Connection from 85.25.xxx.xx port 36615
Mar  3 01:21:36 server4 sshd[2790]: Did not receive identification string from 85.25.xxx.xx
Mar  3 01:22:00 server4 sshd[2791]: Connection from 85.25.xxx.xx port 26699
Mar  3 01:22:00 server4 sshd[2792]: Connection from 85.25.xxx.xx port 16222
Mar  3 01:22:00 server4 sshd[2791]: Did not receive identification string from 85.25.xxx.xx
Mar  3 01:22:00 server4 sshd[2792]: Did not receive identification string from 85.25.xxx.xx
Mar  3 02:13:25 server4 sshd[2796]: Connection from 85.25.xxx.xx port 36251
Mar  3 02:13:26 server4 sshd[2796]: User root from static-ip-xx-xxx-xx-xxx.inaddr.xxxxxx.de not allowed because not listed in AllowUsers
Mar  3 02:13:26 server4 sshd[2796]: debug1: PAM: setting PAM_RHOST to "static-ip-xx-xxx-xx-xxx.inaddr.xxxxxx.de"
Mar  3 02:13:26 server4 sshd[2796]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-ip-xx-xxx-xx-xxx.inaddr.xxxxxx.de  user=root
Mar  3 02:13:28 server4 sshd[2796]: Failed password for invalid user root from 85.25.xxx.xx port 36251 ssh2
Mar  3 02:13:28 server4 sshd[2798]: Connection from 85.25.xxx.xx port 36408
Mar  3 02:13:31 server4 sshd[2798]: User root from static-ip-xx-xxx-xx-xxx.inaddr.xxxxxx.de not allowed because not listed in AllowUsers
Mar  3 02:13:31 server4 sshd[2798]: debug1: PAM: setting PAM_RHOST to "static-ip-xx-xxx-xx-xxx.inaddr.xxxxxx.de"
Mar  3 02:13:31 server4 sshd[2798]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-ip-xx-xxx-xx-xxx.inaddr.xxxxxx.de  user=root
Mar  3 02:13:33 server4 sshd[2798]: Failed password for invalid user root from 85.25.xxx.xx port 36408 ssh2
Mar  3 02:13:33 server4 sshd[2800]: Connection from 85.25.xxx.xx port 36706
Mar  3 02:13:35 server4 sshd[2800]: User root from static-ip-xx-xxx-xx-xxx.inaddr.xxxxxx.de not allowed because not listed in AllowUsers
Mar  3 02:13:35 server4 sshd[2800]: debug1: PAM: setting PAM_RHOST to "static-ip-xx-xxx-xx-xxx.inaddr.xxxxxx.de"
Mar  3 02:13:35 server4 sshd[2800]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-ip-xx-xxx-xx-xxx.inaddr.xxxxxx.de  user=root


--Abuse-bfbb0f920793ac03cb8634bde14d8a1e--