那些遇到过的问题

服务器攻击,如何修复

5 ubuntu

服务器好像被攻击了。/var/log/auth.log 的内容如下。它试图使用所有这些用户名进行 ssh,我该如何关闭它。服务器是 Ubuntu。

    Feb 22 16:29:15 server sshd[23413]: Failed password for invalid user mirror from 220.132.192.220 port 43881 ssh2
Feb 22 16:29:15 server sshd[23414]: Failed password for invalid user justice from 220.132.192.220 port 43882 ssh2
Feb 22 16:29:15 server sshd[23416]: Failed password for invalid user london from 220.132.192.220 port 43885 ssh2
Feb 22 16:29:15 server sshd[23415]: Failed password for invalid user justice from 220.132.192.220 port 43884 ssh2
Feb 22 16:29:17 server sshd[23421]: Invalid user oxford from 203.66.115.43
Feb 22 16:29:17 server sshd[23421]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:17 server sshd[23421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 
Feb 22 16:29:17 server sshd[23422]: Invalid user london from 203.66.115.43
Feb 22 16:29:17 server sshd[23422]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:17 server sshd[23422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 
Feb 22 16:29:17 server sshd[23424]: Invalid user london from 203.66.115.43
Feb 22 16:29:17 server sshd[23424]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:17 server sshd[23424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 
Feb 22 16:29:17 server sshd[23423]: Invalid user mirror from 203.66.115.43
Feb 22 16:29:17 server sshd[23423]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:17 server sshd[23423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 
Feb 22 16:29:19 server sshd[23421]: Failed password for invalid user oxford from 203.66.115.43 port 43959 ssh2
Feb 22 16:29:19 server sshd[23422]: Failed password for invalid user london from 203.66.115.43 port 43962 ssh2
Feb 22 16:29:19 server sshd[23424]: Failed password for invalid user london from 203.66.115.43 port 43967 ssh2
Feb 22 16:29:19 server sshd[23423]: Failed password for invalid user mirror from 203.66.115.43 port 43964 ssh2
Feb 22 16:29:20 server sshd[23429]: Invalid user pacific from 220.132.192.220
Feb 22 16:29:20 server sshd[23429]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:21 server sshd[23429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 
Feb 22 16:29:21 server sshd[23430]: Invalid user mirror from 220.132.192.220
Feb 22 16:29:21 server sshd[23430]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:21 server sshd[23430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 
Feb 22 16:29:21 server sshd[23432]: Invalid user oxford from 220.132.192.220
Feb 22 16:29:21 server sshd[23431]: Invalid user mirror from 220.132.192.220
Feb 22 16:29:21 server sshd[23432]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:21 server sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 
Feb 22 16:29:21 server sshd[23431]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:21 server sshd[23431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 
Feb 22 16:29:22 server sshd[23429]: Failed password for invalid user pacific from 220.132.192.220 port 44073 ssh2
Feb 22 16:29:22 server sshd[23430]: Failed password for invalid user mirror from 220.132.192.220 port 44078 ssh2
Feb 22 16:29:23 server sshd[23432]: Failed password for invalid user oxford from 220.132.192.220 port 44082 ssh2
Feb 22 16:29:23 server sshd[23431]: Failed password for invalid user mirror from 220.132.192.220 port 44079 ssh2
Feb 22 16:29:24 server sshd[23437]: Invalid user pizza from 202.39.75.16
Feb 22 16:29:24 server sshd[23437]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:24 server sshd[23437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 
Feb 22 16:29:24 server sshd[23438]: Invalid user oxford from 202.39.75.16
Feb 22 16:29:24 server sshd[23438]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:24 server sshd[23438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 
Feb 22 16:29:24 server sshd[23441]: Invalid user oxford from 202.39.75.16
Feb 22 16:29:24 server sshd[23441]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:24 server sshd[23441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 
Feb 22 16:29:24 server sshd[23440]: Invalid user pacific from 202.39.75.16
Feb 22 16:29:24 server sshd[23440]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:24 server sshd[23440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 
Feb 22 16:29:26 server sshd[23437]: Failed password for invalid user pizza from 202.39.75.16 port 44173 ssh2
Feb 22 16:29:27 server sshd[23438]: Failed password for invalid user oxford from 202.39.75.16 port 44184 ssh2
Feb 22 16:29:27 server sshd[23441]: Failed password for invalid user oxford from 202.39.75.16 port 44186 ssh2
Feb 22 16:29:27 server sshd[23440]: Failed password for invalid user pacific from 202.39.75.16 port 44185 ssh2
Feb 22 16:29:28 server sshd[23445]: Invalid user quality from 220.132.192.198
Feb 22 16:29:28 server sshd[23445]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:28 server sshd[23445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.198 
Feb 22 16:29:29 server sshd[23446]: Invalid user pacific from 220.132.192.198
Feb 22 16:29:29 server sshd[23446]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:29 server sshd[23446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.198 
Feb 22 16:29:29 server sshd[23448]: Invalid user pacific from 220.132.192.198
Feb 22 16:29:29 server sshd[23448]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:29 server sshd[23448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.198 
Feb 22 16:29:29 server sshd[23450]: Invalid user pizza from 220.132.192.198
Feb 22 16:29:29 server sshd[23450]: pam_unix(sshd:auth): check pass; user unknown
Run Code Online (Sandbox Code Playgroud)

小智 8

被提起过几次我相信:

在 Linux Ubuntu 上保护 SSH

数百次失败的 ssh 登录

顺便说一句,这些尝试非常常见,通常是自动化脚本。

Dav*_*ney 8

安装denyhosts.

apt-get install denyhosts

拒绝的主机是手表您的服务器日志,通常一个守护进程/var/log/secure,对于可疑的访问模式,如果找到,增加了好奇的游客的IP地址,/etc/hosts.deny从而导致sshd以彻底阻止他们。

它还有一种模式,允许它与来自其他机器的列表交换本地阻止列表,在某种程度上,众包已知的坏 IP 地址。类似于 RBL 列表为 SMTP 工作的方式。

我还建议您keyboard-interactive在 ssh 守护程序上禁用身份验证,以防止有人使用易于猜测的密码意外创建测试用户帐户。

归档时间:

查看次数:

2351 次

最近记录:

15 年,7 月 前
相关归档
将 msysgit 中的 rsync 用于二进制文件 28
更改为 hosts.allow 后如何重新启动 10
建议测试“pam.d/common-*”文件更改的方法 8
使用 TC 限制/节流每个用户的 OpenVPN 带宽 8
对于服务器来说,Debian 真的比 Ubuntu LTS 更稳定吗? 6
如何让 mdadm 自动组装我的 raid 阵列? 5
Icinga - 分布式环境中非常高的检查延迟 5
Ubuntu:防止 X 启动(将桌面变成服务器) 3
多个网卡,控制我的流量去哪里 1
/etc/hosts 将域重定向到 localhost/directory 1
难疑归档
如何为 ApplicationPoolIdentity 帐户分配权限 273
谁能准确解释一下 IOWait 是什么? 238
您可以在新的 Windows 10 (Ubuntu) bash 用户空间上本地运行 Docker 吗? 127
Linux 中是否有等效于 /dev/null 的目录? 93
每次执行proxy_pass时如何强制nginx解析DNS(动态主机名)? 81
为什么我有 uWSGI 还需要 nginx 75
如何从命令行检查 RHEL 或 CentOS 是否需要重新启动? 61
在 Windows Server 2012 中查看登录用户的最佳方式是什么? 61
终止公司 IT 管理员关系 60
如何确定 Linux 上 ext3 分区的块大小? 55