Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Need information.

juanjuan Member
edited November 2012 in Help

I just found this on my auth.log dated Oct 1:

!(http://picpaste.com/attempt1-ywvZoQFs.jpg)

I'm not sure why it has 5 digits of IP? Because normally i have this:

!(http://picpaste.com/attempt-F1zpNjW7.jpg)

4 digits on IP.

Can someone enlighten me? Thanks in advance.

Comments

  • klikliklikli Member

    It's rDNS I think

  • juanjuan Member

    Oh i missed the - instead of .

    But shouldn't rDNS show the domain also?

  • rds100rds100 Member

    The domain is "1984.is"

  • XSXXSX Member, Host Rep

    I also think it is rdns
    The recommended install denyhosts protect your sshd

  • MrDOSMrDOS Member

    Or fail2ban. Either way, life (or at least log parsing) will become easier if you outright block the source of repeated failed login attempts.

  • juanjuan Member

    Oh okay, got it now. Missed the .is, I'm currently re-creating my security. Thanks!

  • AsimAsim Member

    Some hosts allows anything as rDNS :)
    I found some IP having rDNS entry as "troll.face" lol

  • rds100rds100 Member

    @Asim yes, but decent software verifies that there is a matching forward DNS for the rDNS, otherwise just the IP would be put in logs instead of the name.

  • kbeeziekbeezie Member
    edited November 2012

    I've noticed some providers will actually set up a fake rDNS for their customers such as IP-Address.Sprint.Mobile.com etc to mimic coming from a mobile device. (I guess intended for something like Facebook spam/login/etc).

  • rskrsk Member, Host Rep

    @rds100 said: @Asim yes, but decent software verifies that there is a matching forward DNS for the rDNS, otherwise just the IP would be put in logs instead of the name.

    @rds100 - I've used many control panels for dedicated server, all of them allowed anything to be set without verification. However, the only one that actually checked is OVH's control panel - it verifies.

  • joepie91joepie91 Member

    @rds100 said: The domain is "1984.is"

    Sounds like a TOR node.

  • SpencerSpencer Member

    http://1984.is/ that is a webhosting company

  • tommytommy Member

    contact 1984.is tell them

Sign In or Register to comment.