Dear Sir or Madam,
the IP address ‘95.181.153.79’, which belongs to your address space, has been used
for network abuse against one of our monitored systems (IP: 85.25.7.16). The entire
log of malicious behavior is attached to this email (timezone is UTC+0200).
Log excerpt:
Jul 20 13:19:07 entry sshd[10524]: Disconnected from authenticating user root 95.181.153.79 port 41076 [preauth]
Jul 20 13:19:07 entry sshd[10524]: Received disconnect from 95.181.153.79 port 41076:11: Bye Bye [preauth]
Jul 20 13:19:06 entry sshd[10524]: Failed password for root from 95.181.153.79 port 41076 ssh2
Jul 20 13:19:05 entry sshd[10524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.181.153.79 user=root
Jul 20 13:16:49 entry sshd[10515]: Disconnected from authenticating user root 95.181.153.79 port 60894 [preauth]
In consequence of this attack your IP address has been temporarily blacklisted and
reported to public blacklists (source: https://darklist.de/?ip=95.181.153.79). After
solving this task you may request removal from blacklist by replying to this email
and naming the actions taken to prevent further attacks.
An increasing number of hostile IP addresses from your network will result in your
entire IP address space being blacklisted. You will receive a separate email in
this case.
If you dont want to receive any more blacklist reports or want us to use a different
way of reporting, e.g. API, please reply to this email and provide the necessary
information. Additionally we provide API access to unlist blacklisted IP addresses.
Come back to us if you are interested in getting an API key.
Yours faithfully,
Robert Krause
Darklist.de
