服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 服务器攻击,如何解决它
Intereting Posts
从EPEL在Amazon EC2上安装 docker容器上的nginx反向代理上的502错误代码 为了使用IE下载软件*到服务器,我必须信任哪些站点? 使用pgpool或pgbouncer进行Postgresql复制 WordPress的XML-RPC不能共享主机? 禁用绝对path在PHP错误 如何跟踪超级用户的活动 尝试SSH远程Ubuntu服务器时,获取“ssh_exchange_identification:read:由对等方重置连接” 泛泰UML290 Verizon驱动程序 一个三层交换机必须有一个IP地址? 哪些手机使用IP DECT基地? 如何通过FTP使用rsync 执行php脚本的Cronjob问题 什么是收集文件系统使用统计信息的好工具? 确保cronjob正在工作!

服务器攻击,如何解决它

看起来像服务器被攻击。 /var/log/auth.log的内容如下。 它试图与所有这些用户名ssh,我怎么能closures它。 服务器是Ubuntu。 

Feb 22 16:29:15 server sshd[23413]: Failed password for invalid user mirror from 220.132.192.220 port 43881 ssh2 Feb 22 16:29:15 server sshd[23414]: Failed password for invalid user justice from 220.132.192.220 port 43882 ssh2 Feb 22 16:29:15 server sshd[23416]: Failed password for invalid user london from 220.132.192.220 port 43885 ssh2 Feb 22 16:29:15 server sshd[23415]: Failed password for invalid user justice from 220.132.192.220 port 43884 ssh2 Feb 22 16:29:17 server sshd[23421]: Invalid user oxford from 203.66.115.43 Feb 22 16:29:17 server sshd[23421]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:17 server sshd[23421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 Feb 22 16:29:17 server sshd[23422]: Invalid user london from 203.66.115.43 Feb 22 16:29:17 server sshd[23422]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:17 server sshd[23422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 Feb 22 16:29:17 server sshd[23424]: Invalid user london from 203.66.115.43 Feb 22 16:29:17 server sshd[23424]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:17 server sshd[23424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 Feb 22 16:29:17 server sshd[23423]: Invalid user mirror from 203.66.115.43 Feb 22 16:29:17 server sshd[23423]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:17 server sshd[23423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 Feb 22 16:29:19 server sshd[23421]: Failed password for invalid user oxford from 203.66.115.43 port 43959 ssh2 Feb 22 16:29:19 server sshd[23422]: Failed password for invalid user london from 203.66.115.43 port 43962 ssh2 Feb 22 16:29:19 server sshd[23424]: Failed password for invalid user london from 203.66.115.43 port 43967 ssh2 Feb 22 16:29:19 server sshd[23423]: Failed password for invalid user mirror from 203.66.115.43 port 43964 ssh2 Feb 22 16:29:20 server sshd[23429]: Invalid user pacific from 220.132.192.220 Feb 22 16:29:20 server sshd[23429]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:21 server sshd[23429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 Feb 22 16:29:21 server sshd[23430]: Invalid user mirror from 220.132.192.220 Feb 22 16:29:21 server sshd[23430]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:21 server sshd[23430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 Feb 22 16:29:21 server sshd[23432]: Invalid user oxford from 220.132.192.220 Feb 22 16:29:21 server sshd[23431]: Invalid user mirror from 220.132.192.220 Feb 22 16:29:21 server sshd[23432]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:21 server sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 Feb 22 16:29:21 server sshd[23431]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:21 server sshd[23431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 Feb 22 16:29:22 server sshd[23429]: Failed password for invalid user pacific from 220.132.192.220 port 44073 ssh2 Feb 22 16:29:22 server sshd[23430]: Failed password for invalid user mirror from 220.132.192.220 port 44078 ssh2 Feb 22 16:29:23 server sshd[23432]: Failed password for invalid user oxford from 220.132.192.220 port 44082 ssh2 Feb 22 16:29:23 server sshd[23431]: Failed password for invalid user mirror from 220.132.192.220 port 44079 ssh2 Feb 22 16:29:24 server sshd[23437]: Invalid user pizza from 202.39.75.16 Feb 22 16:29:24 server sshd[23437]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:24 server sshd[23437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 Feb 22 16:29:24 server sshd[23438]: Invalid user oxford from 202.39.75.16 Feb 22 16:29:24 server sshd[23438]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:24 server sshd[23438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 Feb 22 16:29:24 server sshd[23441]: Invalid user oxford from 202.39.75.16 Feb 22 16:29:24 server sshd[23441]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:24 server sshd[23441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 Feb 22 16:29:24 server sshd[23440]: Invalid user pacific from 202.39.75.16 Feb 22 16:29:24 server sshd[23440]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:24 server sshd[23440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 Feb 22 16:29:26 server sshd[23437]: Failed password for invalid user pizza from 202.39.75.16 port 44173 ssh2 Feb 22 16:29:27 server sshd[23438]: Failed password for invalid user oxford from 202.39.75.16 port 44184 ssh2 Feb 22 16:29:27 server sshd[23441]: Failed password for invalid user oxford from 202.39.75.16 port 44186 ssh2 Feb 22 16:29:27 server sshd[23440]: Failed password for invalid user pacific from 202.39.75.16 port 44185 ssh2 Feb 22 16:29:28 server sshd[23445]: Invalid user quality from 220.132.192.198 Feb 22 16:29:28 server sshd[23445]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:28 server sshd[23445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.198 Feb 22 16:29:29 server sshd[23446]: Invalid user pacific from 220.132.192.198 Feb 22 16:29:29 server sshd[23446]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:29 server sshd[23446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.198 Feb 22 16:29:29 server sshd[23448]: Invalid user pacific from 220.132.192.198 Feb 22 16:29:29 server sshd[23448]: pam_unix(sshd:auth): check pass; user unknown Feb 22 16:29:29 server sshd[23448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.198 Feb 22 16:29:29 server sshd[23450]: Invalid user pizza from 220.132.192.198 Feb 22 16:29:29 server sshd[23450]: pam_unix(sshd:auth): check pass; user unknown

被提了几次我相信:

在Linux Ubuntu上保护SSH

数百个失败的sshlogin

BTW这些尝试是非常普遍的,通常是自动化的脚本。

安装denyhosts

apt-get install denyhosts

拒绝主机是一个守护进程,监视你的服务器日志(通常是/var/log/secure )是否存在可疑的访问模式,如果发现,将好奇的访问者的IP地址添加到/etc/hosts.deny导致sshd直接阻止它们。

它也有一个模式,允许它交换本地阻止列表与其他机器的列表,在某种程度上,众包已知的不良IP地址。 类似于RBL列表为SMTP工作的方式。

我还build议你在你的ssh守护进程上禁用keyboard-interactive身份validation,以防止有人意外创build一个testing用户帐户,并带有一个易于猜测的密码。

  • 将SSH更改为其他端口
  • 阻止IP地址很短的时间,他们可能会放弃