Question

Strange connections outgoing SSH connections (to China!?) after startup/git install

Posted August 26, 2013 5.4k views
I just started a ubuntu 12 droplet, installed a private git server per the tutorial, did a netstat. and got: tcp 0 0 192.241.251.230:ssh :12683 ESTABLISHED tcp 0 0 192.241.251.230:ssh 218.89.168.144:13254 ESTABLISHED tcp 0 352 192.241.251.230:ssh **MYIP**.:2454 ESTABLISHED tcp 0 0 192.241.251.230:ssh 218.89.168.144:10474 ESTABLISHED 219.89.168.144 is owned by CHINANET-SCIDC-AS-AP CHINANET SiChuan Telecom Internet Data Center What gives?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
5 answers
Is it a new droplet? Does anyone else have access to your droplet/digitalocean account/email account?
Brand new droplet. Account set up ~1 hour ago. droplet < 30 mins old at this point. Nothing else done on droplet except apt-get update; install git (per tutorial) and set up private git server (per tutorial) and a few pings and traceroutes.

I'm wondering if this is a virtualization problem (previous user). The SSH connections disappeared after a minute or two. Or possibly apt-get install git-core pulled down something from this IP address.
Could have been an incoming attack in progress. http://www.blocklist.de/fr/view.html?ip=218.89.168.144
reports the IP address as being used for SSH probes. Unfortunately I've no way to edit the typo in the title - it should have read "Strange SSH connections (to China) after startup/git install. It looks from the netstat that they were incoming.
It's a possible SSH attack attempt. You shouldn't worry about it -- just make sure you don't use a weak password :] (or not use passwords at all and set up SSH keys).
by Etel Sverdlov
SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.

I met the same problem, I don’t know what is that.
lsof -i gives me:

sshd      26054       root    3u  IPv4 4317876      0t0  TCP atlas:ssh->126.30.65.218.broad.xy.jx.dynamic.163data.com.cn:58888 (ESTABLISHED)
sshd      26055       sshd    3u  IPv4 4317876      0t0  TCP atlas:ssh->126.30.65.218.broad.xy.jx.dynamic.163data.com.cn:58888 (ESTABLISHED)

Changes root password for security

Submit an Answer