Journalctl shows lots of foreign addresses, what are they and what do they mean?

Question

I was trying to debug my apache server and used journalctl, a huge list of foreign addreses such as Chinese and Russian are listed - they are also next to vino-server which I assume is my VNC server and would be dangerous if it was hacked.

Are these addresses meant to be there, how do I get rid of them?

This is some of the output:

Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      210.51.2.210
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      66.136.241.35.bc.googleusercontent.com
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      dsl-189-151-234-109-dyn.prod-infinitum.com.mx
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      210.51.2.210
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      66.136.241.35.bc.googleusercontent.com
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      190.235.68.236
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      210.51.2.210
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      66.136.241.35.bc.googleusercontent.com
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      dsl-189-151-234-109-dyn.prod-infinitum.com.mx
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      210.51.2.210
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      190.235.68.236
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      66.136.241.35.bc.googleusercontent.com
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38      663.gra1.ovh.abcd.network
Aug 08 11:30:39 Media-Server vino-server[4414]: Deferring authentication of '66.136.241.35.bc.googleusercontent.com' for 5 seconds
Aug 08 11:30:44 Media-Server vino-server[4414]: VNC authentication failure from '66.136.241.35.bc.googleusercontent.com'```

"how do I get rid of them?" Not by asking us. Those are external sites trying to access your machine. All Ubuntu can do is log the attempt. Ask your provider if they can block them for ddossing. — Rinzwind, Aug 08 '19 at 10:51

Fabby · Answer 1 · 2019-08-08T17:38:17.127

Welcome to the wonderful world of the Internet where the Russian, French and Mexican Bot Maffia can always use yet another hacked server. (those 3 countries were just 3 different hostname I checked)

There is no way to "get rid" of these, but you can protect yourself by:

Let VNC vino run over an SSH tunnel
Hardening your server
Use strong and long passwords
Turn on Automatic security updates
disable all the hardware you don't need (USB ports, FireWire, WiFi, ...) in the firmware (UEFI/BIOS)
Don't install software you don't need
Remove software you don't use
Make System Backups
etc...

The above is a non-exhaustive list but should get you on your way of thinking differently about your server as "being hacked" is just part of the ~~Cosmic~~ Internet Background Radiation nowadays.

Journalctl shows lots of foreign addresses, what are they and what do they mean?

1 Answers1