SSH attacks

Submitted by tarvid on Fri, 09/23/2016 - 10:10

Yesterday's was from 218.93.211.112. That is somewhere in CHINANET jiangsu province network. That address runs an amazing amount of stuff

tarvid@tarvid-OptiPlex-7010:~$ nmap 218.93.211.112

Starting Nmap 7.01 ( https://nmap.org ) at 2016-09-23 09:59 EDT
Nmap scan report for 218.93.211.112
Host is up (0.27s latency).
Not shown: 966 closed ports
PORT      STATE    SERVICE
21/tcp    open     ftp
23/tcp    open     telnet
80/tcp    open     http
110/tcp   open     pop3
111/tcp   open     rpcbind
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
443/tcp   open     https
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
901/tcp   filtered samba-swat218.93.211.112218.93.211.112
995/tcp   open     pop3s
1025/tcp  open     NFS-or-IIS
1026/tcp  open     LSA-or-nterm
3000/tcp  open     ppp
3005/tcp  open     deslogin
3128/tcp  filtered squid-http
4444/tcp  filtered krb524
4900/tcp  open     hfcs
5000/tcp  open     upnp
5004/tcp  open     avt-profile-1
5030/tcp  open     surfpass
5100/tcp  open     admd
5500/tcp  open     hotline218.93.211.112
6000/tcp  open     X11
6004/tcp  open     X11:4
6005/tcp  open     X11:5
6129/tcp  filtered unknown
6667/tcp  filtered irc
7000/tcp  open     afs3-fileserver
7004/tcp  open     afs3-kaserver
7100/tcp  open     font-service
7200/tcp  open     fodms
50000/tcp open     ibm-db2

The web server is not informative. In English -

 

 

under construction

 

The site you want to view does not currently have a default page. Possible of being upgraded and configured.

Please visit this site again later. If you are still having problems, please contact the site administrator.


If you are a site administrator and feel you have received this message in error, please refer to the IIS Help "Enabling and Disabling Dynamic Content."

To access IIS Help
  1. Click Start, then click Run.
  2. In the Open text box, type inetmgr. Will appear IIS Manager.
  3. From the Help menu, click Help Topics.
  4. Click Internet Information Services.

I have no idea who "sponsors" this server. It looks compromised.. IIS is the Microsoft Internet Information Services.