Compromised computer with Microsoft IP address 138.91.146.9

SSH attacks are incredibly common, and usually originate from foreign countries and random compromised systems on the Internet and I don't pay much attention to them. This attack, however, originated from a Microsoft IP address. That means it's a server
or employee machine at Microsoft that is infected/compromised. I thought it was worth spending a minute to report it so that the machine in question can be located and cleaned up before any harm is done.
Here are the relevant SSH logs:
Jan 01 03:24:01 [sshd] Did not receive identification string from 138.91.146.9
Jan 01 03:24:01 [sshd] SSH: Server;Ltype: Version;Remote: 138.91.146.9-1024;Protocol: 2.0;Client: Granados-1.0
Jan 01 03:24:01 [sshd] SSH: Server;Ltype: Kex;Remote: 138.91.146.9-1024;Enc: aes128-cbc;MAC: hmac-sha1;Comp: none [preauth]
Jan 01 03:24:03 [sshd] SSH: Server;Ltype: Authname;Remote: 138.91.146.9-1024;Name: admin [preauth]
Jan 01 03:24:09 [sshd] Invalid user admin from 138.91.146.9
Jan 01 03:24:09 [sshd] input_userauth_request: invalid user admin [preauth]
Jan 01 03:24:11 [sshd] Connection closed by 138.91.146.9 [preauth]
Jan 01 03:24:12 [sshd] SSH: Server;Ltype: Version;Remote: 138.91.146.9-1025;Protocol: 2.0;Client: Granados-1.0
Jan 01 03:24:12 [sshd] SSH: Server;Ltype: Kex;Remote: 138.91.146.9-1025;Enc: aes128-cbc;MAC: hmac-sha1;Comp: none [preauth]
Jan 01 03:24:14 [sshd] SSH: Server;Ltype: Authname;Remote: 138.91.146.9-1025;Name: root [preauth]
Jan 01 03:24:19 [sshd] Connection closed by 138.91.146.9 [preauth]
Jan 01 03:24:20 [sshd] SSH: Server;Ltype: Version;Remote: 138.91.146.9-1026;Protocol: 2.0;Client: Granados-1.0
Jan 01 03:24:20 [sshd] SSH: Server;Ltype: Kex;Remote: 138.91.146.9-1026;Enc: aes128-cbc;MAC: hmac-sha1;Comp: none [preauth]
Jan 01 03:24:23 [sshd] SSH: Server;Ltype: Authname;Remote: 138.91.146.9-1026;Name: guest [preauth]
Jan 01 03:24:28 [sshd] Invalid user guest from 138.91.146.9
Jan 01 03:24:28 [sshd] input_userauth_request: invalid user guest [preauth]
Jan 01 03:24:29 [sshd] fatal: Read from socket failed: Connection reset by peer [preauth]
Jan 01 03:24:31 [sshd] SSH: Server;Ltype: Version;Remote: 138.91.146.9-1026;Protocol: 2.0;Client: Granados-1.0
Jan 01 03:24:31 [sshd] SSH: Server;Ltype: Kex;Remote: 138.91.146.9-1026;Enc: aes128-cbc;MAC: hmac-sha1;Comp: none [preauth]
Jan 01 03:24:34 [sshd] SSH: Server;Ltype: Authname;Remote: 138.91.146.9-1026;Name: uucp [preauth]
Jan 01 03:24:40 [sshd] fatal: Read from socket failed: Connection reset by peer [preauth]
Jan 01 03:24:41 [sshd] SSH: Server;Ltype: Version;Remote: 138.91.146.9-1026;Protocol: 2.0;Client: Granados-1.0
Jan 01 03:24:41 [sshd] SSH: Server;Ltype: Kex;Remote: 138.91.146.9-1026;Enc: aes128-cbc;MAC: hmac-sha1;Comp: none [preauth]
Jan 01 03:24:43 [sshd] SSH: Server;Ltype: Authname;Remote: 138.91.146.9-1026;Name: support [preauth]
Jan 01 03:24:48 [sshd] Invalid user support from 138.91.146.9
Jan 01 03:24:48 [sshd] input_userauth_request: invalid user support [preauth]
Jan 01 03:24:49 [sshd] fatal: Read from socket failed: Connection reset by peer [preauth]
Jan 01 03:24:51 [sshd] SSH: Server;Ltype: Version;Remote: 138.91.146.9-1026;Protocol: 2.0;Client: Granados-1.0
Jan 01 03:24:51 [sshd] SSH: Server;Ltype: Kex;Remote: 138.91.146.9-1026;Enc: aes128-cbc;MAC: hmac-sha1;Comp: none [preauth]
Jan 01 03:24:53 [sshd] SSH: Server;Ltype: Authname;Remote: 138.91.146.9-1026;Name: upnt [preauth]
Jan 01 03:24:58 [sshd] Invalid user upnt from 138.91.146.9
Jan 01 03:24:58 [sshd] input_userauth_request: invalid user upnt [preauth]

Unfortunately your post is off topic here, in the TechNet Site Feedback forum, because it is not Feedback about the TechNet Website or Subscription.  This is a standard response I’ve written up in advance to help many people (thousands, really.)
who post their question in this forum in error, but please don’t ignore it.  The links I share below I’ve collected to help you get right where you need to go with your issue.
For technical issues with Microsoft products that you would run into as an
end user of those products, one great source of info and help is
http://answers.microsoft.com, which has sections for Windows, Hotmail, Office, IE, and other products. Office related forums are also here:
http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx
For Technical issues with Microsoft products that you might have as an
IT professional (like technical installation issues, or other IT issues), you should head to the TechNet Discussion forums at
http://social.technet.microsoft.com/forums/en-us, and search for your product name.
For issues with products you might have as a Developer (like how to talk to APIs, what version of software do what, or other developer issues), you should head to the MSDN discussion forums at
http://social.msdn.microsoft.com/forums/en-us, and search for your product or issue.
If you’re asking a question particularly about one of the Microsoft Dynamics products, a great place to start is here:
http://community.dynamics.com/
If you really think your issue is related to the subscription or the TechNet Website, and I screwed up, I apologize!  Please repost your question to the discussion forum and include much more detail about your problem, that could include screenshots
of the issue (do not include subscription information or product keys in your screenshots!), and/or links to the problem you’re seeing. 
If you really had no idea where to post this question but you still posted it here, you still shouldn’t have because we have a forum just for you!  It’s called the Where is the forum for…? forum and it’s here:
http://social.msdn.microsoft.com/forums/en-us/whatforum/
Moving to off topic. 
Thanks, Mike
MSDN and TechNet Subscriptions Support <br/> Read the Subscriptions <a href="http://blogs.msdn.com/msdnsubscriptions">Blog! </a>

Similar Messages

  • I purchased music on my computer with old email address, same computer new email address, but I get play music becasue it tells me computer not authorized...how do you authorize???

    I purchased music on my computer with old email address, same computer new email address, but I get play music becasue it tells me computer not authorized...how do you authorize???

    I have almost the exact same problem. I have a bunch of music, ringtones, TV shows, movies... stuff that I purchased that I can't authorize. All of these items were purchased with the same account I'm still using now. The difference is that I've changed my email address. I don't have the original email address from when I made those purchases and I'm unable to authorize them. I can see that when I view info on one of these purchases the "Account Name: " has my old email address... not my iTunes or Apple account. So, if I'm authorizing my iTunes using my new email none of these older purchases will work.
    I'm really curious how to fix this. I've got quite a few purchases from years back that I'd like access to, but I can't authorize using my new email/iTunes or my old email (the one used for the original purchases).
    Take a look at the info and tell me if you see "Account Name:" on one of your purchases. And is that associated to your old email address? There has to be a way to fix this or 'transfer' older purchases, especially if it's all under the same real 'account'.

  • I want to authorize a second computer with same email address ?

    I want to authorize this computer but adobe says a previous computer is registered with this email address and is not allowed.
    Can I cancel the earlier authorization or is there another way I can have adobe

    Billscott which specific Adobe software or service is your inquiry in relation too?  Please see Activation & deactivation help - http://helpx.adobe.com/x-productkb/policy-pricing/activation-deactivation-products.html for more information regarding activation.

  • Cant use purchased items on new computer with new email address

    i bought a new laptop then changed isp from aol to bt then backed up my itunes from old laptop to disc ,tried to put music from discs onto new laptop with new email address and my purchased items are on itunes but cant use them as a message appears saying that i cant play music due to computer not being autherised but when i go to autherise computer in itunes the message your computer is autherised appears ......... please help

    I have almost the exact same problem. I have a bunch of music, ringtones, TV shows, movies... stuff that I purchased that I can't authorize. All of these items were purchased with the same account I'm still using now. The difference is that I've changed my email address. I don't have the original email address from when I made those purchases and I'm unable to authorize them. I can see that when I view info on one of these purchases the "Account Name: " has my old email address... not my iTunes or Apple account. So, if I'm authorizing my iTunes using my new email none of these older purchases will work.
    I'm really curious how to fix this. I've got quite a few purchases from years back that I'd like access to, but I can't authorize using my new email/iTunes or my old email (the one used for the original purchases).
    Take a look at the info and tell me if you see "Account Name:" on one of your purchases. And is that associated to your old email address? There has to be a way to fix this or 'transfer' older purchases, especially if it's all under the same real 'account'.

  • Authorizing computer with old email address.

    I was trying to put some songs from my computer onto my Itouch. There were some of them that said they weren't available until I authorized my computer. It then listed an old email address that is not my current email address. (My computer is authorized on my current email address.) I can't seem to get around this problem with the songs being associated with an old, defunct, email addy. What to do?

    I have almost the exact same problem. I have a bunch of music, ringtones, TV shows, movies... stuff that I purchased that I can't authorize. All of these items were purchased with the same account I'm still using now. The difference is that I've changed my email address. I don't have the original email address from when I made those purchases and I'm unable to authorize them. I can see that when I view info on one of these purchases the "Account Name: " has my old email address... not my iTunes or Apple account. So, if I'm authorizing my iTunes using my new email none of these older purchases will work.
    I'm really curious how to fix this. I've got quite a few purchases from years back that I'd like access to, but I can't authorize using my new email/iTunes or my old email (the one used for the original purchases).
    Take a look at the info and tell me if you see "Account Name:" on one of your purchases. And is that associated to your old email address? There has to be a way to fix this or 'transfer' older purchases, especially if it's all under the same real 'account'.

  • I recently purchased an older model computer with Microsoft Me from 2000. It doesn't have a web browser and I would like to download Firefox. Where do I find the download compatible with Windows Me and how do I download it?

    I have looked in your web site product downloads and I am unable to find a web browser download that is compatible with Windows Me from 2000. What am I missing? Is there a web browser download that is even compatible? It is just a second computer for my grandsons to use and do homework on, but I am unable to get up the internet.

    Firefox 2.0.0.20 is the last ever version of Firefox for Win98 / SE / ME.
    Get it from here:
    ftp://ftp.mozilla.org/pub/firefox/releases/2.0.0.20/win32/en-US/

  • Linking ipad, icloud, iphone and computer with changed email address and password?

    I changed my email address and password on Apple and am now having trouble getting my ipad, iphone, icloud and computer to accept changes. What should I do? Thanks.

    Hello gmille1,
    It sounds like you no longer have access to the email address that is also your Apple ID and you cannot remember the password for it. According to the following article you may be able to reset the password either by answering your security questions or sending a password reset email to your rescue email address if you had one setup.
    If you forgot your Apple ID password
    Answer your security questions
    Select “Answer security questions,” then select Next.
    Select your birth date, then select Next.
    Answer your security questions.
    Set a new password and select Reset Password.
    Use email authentication
    Select “Email authentication,” then select Next. Apple will send the email to your primary or rescue email address.
    Open the email and select the link to change your password.
    When the My Apple ID page opens, set a new password and select Reset Password.
    Use these steps if you didn't get the email or can't find it.
    Thank you for using Apple Support Communities.
    Take care,
    Sterling

  • Can  you download itunes 2x on the same computer with different email address

    can you have 2 accounts for itunes on the same computer

    If you mean iTunes Store accounts, yes, you can authorize your system to up to five different accounts.
    Regards.

  • How to make a spreadsheet column-formula with relative cell addresses?

    I'm trying to make a spreadsheet compute with relative cell addresses. I tried what's on the help page, and it doesn't work.
    What I’m attempting is to make one column contain the differences of another column, like,
    Gn=Fn-F(n-1)
    to apply to the entire G column, without typing (or even pasting) 100s of individual formulas. As an added bonus, I'd like for the invalid cell address resulting from n=1, to be defaulted to 0.
    How to do this???

    Another way to move the relative formula to other cells:
    Select the cell with the formula, use the little handle in the center of the side (it appears when you move your pointer there).  In the picture it is in the center of the bottom side.  Drag that handle downward, this copies the formula into the cells you include in the drag.  You can also do this upward, leftward, rightward by selecting one of the other sides.

  • Computer names persistently associated with a MAC address causing problems

    Our WDS server will assign out a computer name like CompanyName###  This is great.
    The problem is sometimes WDS will assign a computer name that is getting associated with the MAC address somehow--I assume this is what's happening--and kick a computer off the domain that now has that computer name. 
    Is there some way I can disable the association of computer names with MAC addresses, or persistent computer names?

    Hi,
    How did you define your naming policy in WDS or in your answer file?
    3.1.1.4 Machine Naming Policy
    http://msdn.microsoft.com/en-us/library/dd871418.aspx
    Please also check this hotfix:
    Windows Deployment Services generates duplicate client computer names when the %MAC variable is used
    http://support.microsoft.com/kb/957051
    Hope this helps.

  • Can I have 2 accounts, one on each computer, with the same e-mail address?

    I have a video ipod and an itunes account on my computer. I would like to set up the other computer with itunes as well. It would be used with a shuffle only. The computers share an e-mail address. Can I just download itunes on that computer and set up another account there, or will that cause problems? I do not want to risk the current library on my current account.
    dell   Windows XP  

    I'm beginning to understand what you are driving at now. iTunes (the program) and iTunes (the account) are only peripherally related to each other. If I so chose, I could install and use iTunes (the program) without ever creating an iTunes account. I'd install the program, rip CDs (or if I wanted to raise the pirate flag, download music illegally) and import those songs into my iTunes library. Then I'd listen to the music and sync my iPod.
    My iTunes account serves only two purposes - to buy and download music from the iTunes store and to limit my use of the songs that I buy to only 5 computers. (An observation, not a complaint, mind.) The iTunes account has nothing to do with keeping my iTunes (the program) library in sync.
    With a single exception what songs my wife and I keep on our individual computers has nothing to do with our iTunes account. This is especially the case since the vast majority of our music comes from CDs we owned long before Apple invented the iPod and even now we buy CDs rather than download. So two external drives connected to my home desktop is the repository for all our music and our other computers contain only a subset thereof. If I rip a CD on my desktop and want those songs on my work computer I either have to take the CD into work and rip it there or copy the mp3 files and take them into work. The same would be true for music I buy at the iTunes store. I'd buy them using one computer and then manually transfer them to all the computers I've authorized for playback.
    Should one computer go belly up, it would have no affect on our other computers. As I said, with one exception, the iTunes library isn't tied to our iTunes account. That one exception is the authorization to play music we've bought from the iTunes store on up to 5 computers. If some disaster struck one of my computers, depending on the severity of the disaster, I'd either deauthorize that single computer or if the computer were totally unusable go to Apple's website and deauthorize all my computers.
    Hope this helps, and keep asking if it doesn't. Marking a thread answered doesn't kill the thread or stop those who are subscribed to it from getting notified about activity.

  • I have never been able to use the Macmail feature.  Running OSX 10.4.11, and the problems appear to be related to the fact that I originally registered my computer with apple, I subsequently changed my e-mail address.  Have since upgraded the e-mail addre

    I have never been able to use the Macmail feature.  Running OSX 10.4.11, and the problems appear to be related to the fact that when I originally registered my computer with apple, I used an old e-mail address which is now defunct.  Have since upgraded the e-mail address in account manger, but it still locks me out and rejects my user name and password when I try to log in.  It seems it established an account for me automatically when I first fired the beast up, but now the Macmail program is uncooperative with me.  Any assistance would be much appreciated, Thanks

    Hi rbcjoker76, and a warm welcome to the forums!
    Sounds like some needed System Fonts wre replaced by bad ones. Y also have Font Book in Applications for validating fonts & checking for duplicates.
    Required Fonts from 10.3, much the same in 10.4...
    http://support.apple.com/kb/HT2444?viewlocale=en_US
    You may have to get Pacifist...
    http://www.charlessoft.com/
    then intall the Fonts what you need from your Install Disk.
    Or do a relatively painless Archive & Install, which gives you a new/old OS, but can preserve all your files, pics, music, settings, etc., as long as you have plenty of free disk space and no Disk corruption, and is relatively quick & painless...
    http://docs.info.apple.com/article.html?artnum=107120
    Just be sure to select Preserve Users & Settings.

  • I uninstalled itunes for windows 7 and tried to install itunes 10.5 and it won't work.  I deleted all existing apple programs from my computer but when I try to install again it says so long error involved with microsoft?I uninstalled itunes for windows 7

    help ,me

    Did you try anything suggested in the last thread you posted?
    Views
    Replies
    Last Post
    I uninstalled itunes for windows 7 and tried to install itunes 10.5 and it won't work.  I deleted all existing apple programs from my computer but when I try to install again it says so long error involved with microsoft?I uninstalled itunes for windows 7

  • I am unable to play certain songs since itunes wants me to authorize the computer with an old email address I had when I first bought the song. a

    I am unable to play certain songs since itunes wants me to authorize the computer with an old email address I had when I first bought the songs. I don't remember that password and when I use my present Apple id and password it doesn't authorize the computer to play those songs. How do I get these songs authorized since there are a lot of them?

    Purchases are always tied to the account from which they were purchased.
    iTunes Store: Retrieving and changing passwords (Apple ID)

  • A number of peoples names associated with an email address have been changed to "Apple Computer Inc." in Mail  Anyone else experiencing this?

    When I type in a letter in the "To" box, let's say 'a', a number of my contact come up with "Apple Computer Inc" as the name associated with an email address.  In the past, the person's name was listed i.e Joe Smith <[email protected]>.  Now it looks like this Apple Computer Inc.<[email protected]>  Anyone else experienceing this?

    Hello DSH3
    Check out your contacts to ensure they are correct. If they are then check out the article below to see if it pulling data from the Previous Recipients or Address History
    iCloud: Troubleshooting iCloud Reminders and Tasks
    http://support.apple.com/kb/TA22337
    Thanks for using Apple Support Communities.
    Regards,
    -Norm G.

Maybe you are looking for

  • Convert from PSE10 to Lightroom - metadata concerns

    After one too many frustrations with PSE, I've been looking for an alternative program.  I don't care about editing - metadata (Organizer type features) are my focus.  I looked at a few non-Adobe programs - a big problem with them is I can't import m

  • 'Drafts' mailbox does not appear automatically

    I am a new user of the Mail app. I have asked a similar question in another category of these Discussions, but have not had a useful answer, so I am trying here. If I start typing a new e-mail message and then 'Save' it, a 'Drafts' mailbox almost nev

  • REFRESH_TABLE_DISPLAY giving dump

    class : CL_GUI_ALV_GRID  is used to to produce alv grid when i tried to refresh using REFRESH_TABLE_DISPLAY method i am getting a dump Exception condition "DP_ERROR_GET_DATA" raised Dump is coming from fun module DP_CONTROL_GET_TABLE   IF NOT SELFCRE

  • LiveOffice don't refreshes the data

    Hello, I have several reports (crystal and xcelsius) which use LiveOffice connections to import the data from the crystal reports. That works fine at first.. For instance my crystal report has 3 optional parameters -> plant, date and cw. The User can

  • Enhacement Territory management with field Sales Office

    Hi, If i want to assign attribute for "sales office" to territory management. Which field and data element I need to use for modifiy table "CRMM_TERRATRIB". Do I need a "BAdI: Implement Business Logic for Additional Attributes"? Thanks in advance. Ly