来自222.60.84.225的攻击
12的时候,发现无法发表评论。以ssh远程登录服务器,发现10:57分服务器重新启动过,并且对数据库的访问出现问题。查服务器日志,发现今天受攻击的次数大大超出以往,尤其是来自222.60.84.225的攻击,简直非常疯狂,大约是那个初中生所为。
从 11:24:20到12:24:28,仅仅一个小时,222.60.84.225试图攻击本站1232次之多。这种低级攻击非常无聊,每天都有,不过试了几次不行,都退出了。这么执着的,本站是第一次发现。其实,防御很简单。我只用一分钟:vi /etc/ssh/sshd_config,将ssh登录失败重试次数限制为2。另外的做法是,限制ssh连接的ip。平时,我在校时,一般禁止校外ip以ssh连接服务器,仅许可我自己校内网管机登录。现在,我在关中休假,自然只能开校外ip访问,本来想限定ip段访问。但家中的adsl上网活动的是动态分配的ip,虽然通常在某一个网段,但有时也更换成完全不同的网段。
Jul 23 12:22:48 dev sshd(pam_unix)[5892]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:22:51 dev sshd(pam_unix)[5894]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:22:53 dev sshd(pam_unix)[5896]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:22:56 dev sshd(pam_unix)[5898]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:22:59 dev sshd(pam_unix)[5900]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:02 dev sshd(pam_unix)[5902]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:05 dev sshd(pam_unix)[5904]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:08 dev sshd(pam_unix)[5906]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:10 dev sshd(pam_unix)[5908]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:13 dev sshd(pam_unix)[5910]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:16 dev sshd(pam_unix)[5917]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:19 dev sshd(pam_unix)[5920]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:22 dev sshd(pam_unix)[5922]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:25 dev sshd(pam_unix)[5924]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225 u
ser=sshd
Jul 23 12:23:28 dev sshd(pam_unix)[5926]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:30 dev sshd(pam_unix)[5929]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:33 dev sshd(pam_unix)[5931]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:36 dev sshd(pam_unix)[5933]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:39 dev sshd(pam_unix)[5935]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:42 dev sshd(pam_unix)[5937]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:45 dev sshd(pam_unix)[5939]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:47 dev sshd(pam_unix)[5941]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:50 dev sshd(pam_unix)[5943]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:53 dev sshd(pam_unix)[5945]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:56 dev sshd(pam_unix)[5948]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:59 dev sshd(pam_unix)[5950]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:02 dev sshd(pam_unix)[5952]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:05 dev sshd(pam_unix)[5954]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:08 dev sshd(pam_unix)[5957]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:10 dev sshd(pam_unix)[5959]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:13 dev sshd(pam_unix)[5961]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:16 dev sshd(pam_unix)[5963]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:19 dev sshd(pam_unix)[5965]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:22 dev sshd(pam_unix)[5967]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:25 dev sshd(pam_unix)[5969]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:28 dev sshd(pam_unix)[5971]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
1232,1 底端
简单处理之后,问题消失,只不过uncoment了一条配置规则。
从 11:24:20到12:24:28,仅仅一个小时,222.60.84.225试图攻击本站1232次之多。这种低级攻击非常无聊,每天都有,不过试了几次不行,都退出了。这么执着的,本站是第一次发现。其实,防御很简单。我只用一分钟:vi /etc/ssh/sshd_config,将ssh登录失败重试次数限制为2。另外的做法是,限制ssh连接的ip。平时,我在校时,一般禁止校外ip以ssh连接服务器,仅许可我自己校内网管机登录。现在,我在关中休假,自然只能开校外ip访问,本来想限定ip段访问。但家中的adsl上网活动的是动态分配的ip,虽然通常在某一个网段,但有时也更换成完全不同的网段。
Jul 23 12:22:48 dev sshd(pam_unix)[5892]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:22:51 dev sshd(pam_unix)[5894]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:22:53 dev sshd(pam_unix)[5896]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:22:56 dev sshd(pam_unix)[5898]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:22:59 dev sshd(pam_unix)[5900]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:02 dev sshd(pam_unix)[5902]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:05 dev sshd(pam_unix)[5904]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:08 dev sshd(pam_unix)[5906]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:10 dev sshd(pam_unix)[5908]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:13 dev sshd(pam_unix)[5910]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:16 dev sshd(pam_unix)[5917]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:19 dev sshd(pam_unix)[5920]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:22 dev sshd(pam_unix)[5922]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:25 dev sshd(pam_unix)[5924]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225 u
ser=sshd
Jul 23 12:23:28 dev sshd(pam_unix)[5926]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:30 dev sshd(pam_unix)[5929]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:33 dev sshd(pam_unix)[5931]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:36 dev sshd(pam_unix)[5933]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:39 dev sshd(pam_unix)[5935]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:42 dev sshd(pam_unix)[5937]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:45 dev sshd(pam_unix)[5939]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:47 dev sshd(pam_unix)[5941]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:50 dev sshd(pam_unix)[5943]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:53 dev sshd(pam_unix)[5945]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:56 dev sshd(pam_unix)[5948]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:23:59 dev sshd(pam_unix)[5950]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:02 dev sshd(pam_unix)[5952]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:05 dev sshd(pam_unix)[5954]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:08 dev sshd(pam_unix)[5957]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:10 dev sshd(pam_unix)[5959]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:13 dev sshd(pam_unix)[5961]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:16 dev sshd(pam_unix)[5963]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:19 dev sshd(pam_unix)[5965]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:22 dev sshd(pam_unix)[5967]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:25 dev sshd(pam_unix)[5969]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
Jul 23 12:24:28 dev sshd(pam_unix)[5971]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.60.84.225
1232,1 底端
简单处理之后,问题消失,只不过uncoment了一条配置规则。
hofman
2006-07-23 12:38:11
评论:3
阅读:509
引用:0
aaa
@2006-09-07 22:51:53 aaa
用ssh的密钥机制更安全,不用密码
@2006-07-23 13:15:57 weiking
哈哈,他点儿不正啊,遇到了hofman。
不过这个孩子也真够执琢的。
不过这个孩子也真够执琢的。
密码
@2006-07-23 13:08:54 hofman
休假前,我特地将本站服务器的管理员密码修改了,其强度远远超出了我这么年所使用过的任何其他密码,长度到达17位,其中特殊字符也有3位。这种强度,别说如此低效率的远程弱密码攻击,就是下载到本机,用最好的双核cpu的个人电脑,估计也得一年以上。