我每天都有一个4〜5MB的日志! 有人喜欢砍我的smtp:
.... --------------------- sasl auth daemon Begin ------------------------ SASL Authentications failed 3965 Time(s) Service smtp (pam) - 3965 Time(s): Realm - 3959 Time(s): User: account - PAM auth error - 346 Time(s): User: admin - PAM auth error - 346 Time(s): User: admin1 - PAM auth error - 147 Time(s): User: chris - PAM auth error - 346 Time(s): User: contact - PAM auth error - 6 Time(s): User: fax - PAM auth error - 346 Time(s): User: info1 - PAM auth error - 346 Time(s): User: master - PAM auth error - 346 Time(s): User: noname - PAM auth error - 346 Time(s): User: pamela - PAM auth error - 346 Time(s): User: scanner - PAM auth error - 346 Time(s): User: test1 - PAM auth error - 346 Time(s): User: user1 - PAM auth error - 346 Time(s): Realm xxxxx.com - 6 Time(s): User: [email protected] - PAM auth error - 6 Time(s): **Unmatched Entries** pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= pam_unix(smtp:auth): check pass; user unknown ..... 我应该改变什么参数来防止这个蛮力的smtp? 我想我应该改一个号码,但不知道哪一个。
“如何处理暴力攻击”的规范答案就是使用fail2ban 。 如果您正在使用某种虚拟主机控制面板,则可能已经find与fail2ban相关的选项。