New problem solver
•
3 Messages
Where to report comcast business static IP's that have been compromised?
I'm working on securing a website on digital ocean and I noticed a series of hacking attempts from 5 comcast business addresses (they are repeatedly trying to log into root on my website)
Unless someone is hacking from a business account, then some compters at these sites are compromised.
these addresses were attempting to ssh into my website:
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75-148-216-82-houston.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75-148-216-82-houston.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-199-75-189-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-196-50-33-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-199-75-189-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-196-24-137-static.hfc.comcastbusiness.net
reverse mapping checking getaddrinfo for 50-246-164-77-static.hfc.comcastbusiness.net [50.246.164.77] failed - POSSIBLE BREAK-IN ATTEMPT!
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-196-24-137-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23-24-30-117-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-204-187-14-static.hfc.comcastbusiness.net
reverse mapping checking getaddrinfo for 50-246-164-77-static.hfc.comcastbusiness.net [50.246.164.77] failed - POSSIBLE BREAK-IN ATTEMPT!
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-196-24-137-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-196-50-33-static.hfc.comcastbusiness.net user=root
Accepted Solution
kelly7552
New problem solver
•
3 Messages
10 years ago
Actually,
These reports are from auth.log on an unaffiliated site on Digital Ocean. My question is where to report comcast business users who are trying to hack me. I am a comcast business user, myself. Is there something like and abuse email at comcast business?
Bill Kelly
0
0
Accepted Solution
VBSSP-RICH
Advocate
•
1.4K Messages
10 years ago
Yes you can use any of these to report any abuse whatsoever 877.807.6580 abuse@comcast.net Cips_AbuseAdmin@cable.comcast.com
0
VBSSP-RICH
Advocate
•
1.4K Messages
10 years ago
Hello kelly7662 and welcome,
You post definitely seems to report that someone is trying to log into your host but it seems to have adequate security to not allow this "hacker" to log in. It would be interesting to know where you are getting these reports from - your UniX or ssh errlog? If I were you I would try to block this URLs within the Comcast Gateway Firewall under We Site Blocking just to make absolutely sure of containment.
Hope this helps you out.
0
0