RIPE DB FAIL2BAN
Is there anything to know about this fail2ban notification? I ask because all my other notifications don’t have this RIPE DB query notification, so i’m wondering if this is something the hacker tried to access?
Hi, The IP 188.8.131.52 has just been banned by Fail2Ban after 2 attempts against sshd. Here is more information about 184.108.40.206 : % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '220.127.116.11 - 18.104.22.168' % Abuse contact for '22.214.171.124 - 126.96.36.199' is 'email@example.com' inetnum: 188.8.131.52 - 184.108.40.206 netname: PLANET-TELECOM-NET country: CZ org: ORG-PTL7-RIPE admin-c: PTN21-RIPE tech-c: PTN21-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: MNT-PLANET-TELECOM mnt-routes: MNT-PLANET-TELECOM mnt-domains: MNT-PLANET-TELECOM mnt-routes: MNT-3W-INFRA created: 2007-09-18T09:04:58Z last-modified: 2016-06-03T13:03:33Z source: RIPE sponsoring-org: ORG-NA225-RIPE organisation: ORG-PTL7-RIPE org-name: Planet Telecom Ltd. org-type: OTHER address: Sokolovska 395, 186 00 Praha 8, Prague, Czech Republic abuse-c: PTN21-RIPE mnt-ref: MNT-PLANET-TELECOM mnt-by: MNT-PLANET-TELECOM created: 2007-09-15T14:57:20Z last-modified: 2016-03-23T09:42:12Z source: RIPE # Filtered role: Planet Telecom NOC address: Sokolovska 395 address: 186 00 Praha 8 abuse-mailbox: firstname.lastname@example.org address: Prague address: Czech Republic phone: +420234262111 nic-hdl: PTN21-RIPE mnt-by: MNT-PLANET-TELECOM created: 2016-03-15T20:48:44Z last-modified: 2016-03-23T09:42:33Z source: RIPE # Filtered % Information related to '220.127.116.11/24AS43715' route: 18.104.22.168/24 origin: AS43715 mnt-by: MNT-PLANET-TELECOM created: 2016-03-23T09:37:31Z last-modified: 2016-03-23T09:37:31Z source: RIPE % This query was served by the RIPE Database Query Service version 1.88.1 (HEREFORD) Lines containing IP:22.214.171.124 in /var/log/auth.log May 18 22:55:29 droplet-1 sshd: Invalid user 0 from 126.96.36.199 May 18 22:55:29 droplet-1 sshd: Connection closed by 188.8.131.52 port 53193 [preauth] May 18 22:55:31 droplet-1 sshd: Invalid user 0000 from 184.108.40.206 May 18 22:55:31 droplet-1 sshd: Connection closed by 220.127.116.11 port 36185 [preauth] Regards, Fail2Ban
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.