https://www.googletagmanager.com/ns.html?id=GTM-NNF3VL8

Security Email Report Template

Email should be sent to security@csusb.edu

From: John Q. Analyst 
Subject: SSH scan from 139.182.x.y
To: security@csusb.edu


139.182.x.y hit almost 18,000 University addresses this morning with
an SSH scan.  You probably were compromised with some sort of worm.
Here is an excerpt from one systems log:

All times in PST (GMT -0800).

Feb 31 08:50:57 research sshd[68209]: Failed password for root from
139.182.x.y port 50111 ssh1
Feb 31 08:51:01 research sshd[68215]: Failed password for root from
139.182.x.y port 50336 ssh1
Feb 31 08:51:05 research sshd[68228]: Failed password for root from
139.182.x.y port 50513 ssh1
Feb 31 08:51:08 research sshd[68235]: Failed password for root from
139.182.x.y port 50721 ssh1
Feb 31 08:51:08 research sshd[68237]: Failed password for root from
139.182.x.y port 50838 ssh1


If you require add'l info, just let me know!
-JA

--
John Q. Analyst
Extra Watchful University
Institutional Security Office
(999)555-1212