不看不知道,一看吓一跳啊,DO 5 刀的 server 从创建开始就一直受到 SSH 攻击

2014-11-02 18:42:38 +08:00
 cbsw
平时也不干啥,主要搭个梯子,挂个博客,偶尔会在上面测试一下自己写的小网站,所以平时也没怎么管理维护。今天心血来潮去查看了一下日志 journalctl ,尼玛,全部被 SSH 攻击塞满了,从今年5月份到现在有 2249190 行日志了,几乎全部都是 pam_tally(sshd:auth): Tally overflowed for user root, authentication failure 之类的日志,有同一个 IP 尝试各种端口和密码的,还有尝试以非 root 用户登录的

各位V友难道都是只通过 ssh-key 访问 VPS 吗?这样有时需要在其它电脑上登录一下 VPS 就很不方便啊
3047 次点击
所在节点    VPS
52 条回复
wzxjohn
2014-11-02 18:46:46 +08:00
装fail2ban或者denyhosts吧。太正常了。。。
我的vps如果把denyhosts的邮件汇报打开那我的邮箱就要爆炸了。
wzxjohn
2014-11-02 18:47:15 +08:00
顺便一说与DO无关,哪的机器都一样。
halczy
2014-11-02 18:48:14 +08:00
@wzxjohn 感觉DO的IP段会比较容易被扫描吧.
liuyi_beta
2014-11-02 18:48:38 +08:00
基本上只要开了22端口,立马就有各种猜口令的。建议楼主改一下ssh server的默认端口,改到一个不常见的高端口就好了。
belin520
2014-11-02 18:50:03 +08:00
改端口、禁止root、禁止密码走公钥登录
zlbruce
2014-11-02 18:50:43 +08:00
我已经换成key登录了
anyfc
2014-11-02 18:55:24 +08:00
早就换成key登录了
blijf
2014-11-02 18:55:53 +08:00
密码再屌安全防御再好不如换个端口O_o
nealfeng
2014-11-02 18:57:38 +08:00
不看不知道,一看吓一条,我的vps竟然也有人试ssh的root密码,看日志里的ip是122.225.97.81,竟然是国内的ip。。。就在刚才18:33分开始,持续了3分钟。。。
cbsw
2014-11-02 19:01:07 +08:00
@liuyi_beta @blijf 都是尝试其它端口访问的,22 端口倒没看到
jakwings
2014-11-02 19:02:16 +08:00
太正常了。Wordpress 都有无差别攻击,才不管你有没有安装。不用 key 也可以啊,禁用 root 登录,起个奇葩点的用户名,基本上扫不到。
hjc4869
2014-11-02 19:06:19 +08:00
只监听内网,连ssh前先连vpn。
anyfc
2014-11-02 19:09:00 +08:00
@nealfeng 刚看了azureuser上搭建的vps,发现122.225.97.94这个ip一直的尝试ssh登陆。。。难道是同一个工作室的?
lsylsy2
2014-11-02 19:10:29 +08:00
@anyfc 您查询的IP: [122.225.97.94]IP详细地址: [中国浙江省湖州市电信]
要么是肉鸡,要么是某个管的不严的小IDC
nealfeng
2014-11-02 19:15:02 +08:00
@anyfc 竟然如此这么接近!!!!

@lsylsy2 IDC干这个干啥啊。
Gamon
2014-11-02 19:15:39 +08:00
不看不知道,一看吓一跳。。刚刚去看下我的,N条记录·····
lenovo
2014-11-02 19:22:28 +08:00
192.126.120.74 我的日志全是这个IP
lenovo
2014-11-02 19:38:52 +08:00
把全部auth.log拉下来看了一下,居然有将近250个IP记录
1.34.156.193
1.84.152.163
1.93.29.150
1.93.30.194
1.93.34.221
1.93.34.233
1.93.34.237
1.93.129.93
14.161.6.70
23.100.8.140
23.100.58.8
23.102.177.146
23.239.17.35
23.253.64.125
31.222.158.15
36.44.88.167
36.44.91.115
36.44.93.74
36.44.95.128
36.45.172.219
36.46.40.152
36.46.210.147
41.231.53.25
42.62.17.250
46.99.139.34
50.30.32.19
58.18.172.171
58.68.151.25
58.241.61.162
59.53.94.9
60.173.9.247
60.173.10.177
60.173.26.53
60.190.71.52
60.190.108.43
60.211.213.66
61.147.80.6
61.160.213.180
61.160.247.180
61.166.189.69
61.174.50.134
61.174.51.212
61.174.51.214
61.174.51.215
61.174.51.218
61.174.51.220
61.174.51.223
61.174.51.224
61.174.51.225
61.234.104.167
61.234.146.22
62.75.146.48
62.146.32.41
62.210.84.17
66.255.131.164
74.62.75.163
75.148.216.82
76.72.170.167
80.82.64.177
80.233.141.226
82.116.29.10
82.213.78.2
82.221.105.6
85.10.198.165
85.25.43.94
85.92.73.16
87.106.21.63
88.135.1.99
88.198.21.2
91.103.118.63
91.184.22.180
91.204.122.181
91.220.131.33
93.50.186.75
93.174.93.116
93.183.204.25
94.102.49.168
95.142.163.236
95.183.244.244
103.23.244.22
103.241.144.197
104.130.132.166
104.131.21.21
104.131.69.131
104.131.119.141
104.131.181.240
104.131.187.53
104.131.188.75
107.150.6.29
108.64.58.79
112.216.92.44
113.107.233.165
113.142.37.210
113.200.114.230
114.108.175.149
115.29.211.99
115.239.248.85
116.113.96.171
117.21.173.179
117.22.185.49
117.27.158.69
117.27.158.71
117.27.158.72
117.27.158.76
118.98.43.33
118.244.165.112
119.147.216.123
122.70.133.245
122.225.36.132
122.225.97.66
122.225.97.71
122.225.97.75
122.225.97.77
122.225.97.78
122.225.97.79
122.225.97.82
122.225.97.83
122.225.97.85
122.225.97.88
122.225.97.103
122.225.97.104
122.225.97.105
122.225.97.107
122.225.97.108
122.225.97.109
122.225.97.111
122.225.97.112
122.225.97.115
122.225.97.125
122.225.109.98
122.225.109.100
122.225.109.104
122.225.109.105
122.225.109.107
122.225.109.108
122.225.109.109
122.225.109.111
122.225.109.113
122.225.109.114
122.225.109.117
122.225.109.195
122.225.109.198
122.225.109.200
122.225.109.204
122.225.109.207
122.225.109.208
122.225.109.209
122.225.109.210
122.225.109.211
122.225.109.214
122.225.109.215
122.225.109.217
123.57.7.240
123.57.8.1
123.125.219.130
123.176.102.141
124.93.230.131
128.199.135.25
128.199.143.61
128.199.208.152
128.199.217.243
128.199.249.13
134.50.174.61
137.117.185.103
176.9.47.247
178.62.144.103
182.79.234.11
183.60.202.2
183.63.52.30
183.110.253.233
183.136.213.120
184.154.100.154
185.25.48.29
188.93.212.165
188.127.249.37
188.246.204.145
189.1.169.141
192.3.116.25
192.126.120.49
192.126.120.74
192.126.120.87
192.126.120.92
192.169.234.101
193.107.17.72
195.94.234.86
195.154.77.176
196.2.99.116
196.201.7.3
198.15.108.50
198.20.70.114
198.27.108.132
198.27.108.138
198.27.108.140
198.101.151.121
199.180.115.87
201.199.8.238
202.121.49.52
202.170.136.247
203.142.80.179
203.157.152.9
203.188.246.102
209.239.114.179
210.14.152.5
210.51.13.230
211.49.170.76
211.100.61.23
211.103.250.102
211.109.1.231
211.147.242.113
211.255.130.236
211.255.130.237
212.51.174.61
212.83.176.8
212.129.49.248
213.171.190.210
214.51.174.61
215.51.174.61
217.106.32.195
218.2.0.121
218.2.0.123
218.2.0.125
218.51.174.61
218.80.240.16
218.106.254.121
220.51.174.61
220.177.198.31
221.194.47.232
221.239.0.182
222.60.95.243
222.186.34.117
222.186.34.123
222.186.34.202
222.186.34.237
222.186.56.42
222.186.56.45
222.186.57.235
222.219.187.9
223.4.31.104
223.51.174.61
224.51.174.61
225.51.174.61
247.47.9.176
TrustyWolf
2014-11-02 19:44:31 +08:00
咱DO的新加坡Droplet一开始也遭受了SSH攻击,换了一个端口妥妥的~
ray1980
2014-11-02 19:50:13 +08:00
从没看过log,不知道看哪个文件,也看不懂,看的话估计也要吓一跳

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/143428

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX