一些发动 ssh 攻击的 IP, 或者是肉鸡,以供各位观赏

2015-09-27 00:23:32 +08:00
 paperpeper

频繁发动 SSH 攻击的 IP :
'222.186.26.174',
'5.153.45.166', ---超频繁
'61.244.49.137',
'65.181.124.194',
'89.248.168.148',
'93.174.93.20',
'93.174.93.239',
‘ 94.102.49.105',

IP :
'103.27.27.36',
'109.198.89.138',
'109.206.110.182',
'113.16.198.91',
'115.192.254.60',
'115.196.212.222',
'115.204.116.111',
'115.211.124.13',
'116.54.200.75',
'119.120.131.169',
'122.234.78.194',
'122.243.188.48',
'123.194.228.7',
'123.246.65.254',
'123.96.138.216',
'125.107.139.88',
'125.121.148.164',
'125.69.14.84',
'131.100.240.2',
'134.3.167.24',
'138.188.18.168',
'138.219.54.164',
'14.102.4.94',
'14.114.130.39',
'168.167.133.22',
'171.221.248.58',
'177.11.44.73',
'177.155.209.223',
'177.155.222.206',
'177.91.57.156',
'178.234.75.75',
'178.234.80.10',
'178.251.42.124',
'183.103.186.115',
'183.129.154.42',
'183.154.64.175',
'187.102.25.228',
'187.111.55.175',
'187.111.56.143',
'187.63.160.1',
'188.26.248.162',
'188.60.122.13',
'193.43.234.249',
'199.48.164.30',
'211.181.166.246',
'216.134.234.218',
'216.36.186.252',
'218.72.108.132',
'222.186.26.174',
'222.209.56.59',
'31.204.150.106',
'37.76.170.125',
'42.203.43.118',
'43.229.53.15',
'43.252.242.4',
'46.48.180.11',
'5.139.150.237',
'5.139.36.239',
'5.139.61.161',
'5.153.45.166',
'58.30.243.89',
'60.176.2.154',
'60.182.212.178',
'61.153.122.139',
'61.244.49.137',
'65.181.124.194',
'77.120.133.250',
'78.98.127.45',
'84.197.167.42',
'86.77.221.29',
'89.204.81.71',
'89.248.168.148',
'93.174.93.20',
'93.174.93.239',
'94.102.49.105'

4784 次点击
所在节点    信息安全
19 条回复
feather12315
2015-09-27 00:47:00 +08:00
楼主目的邪恶
alect
2015-09-27 00:49:29 +08:00
昨天刚被破了 ssh 。。。几个小时带宽占尽,跑了 1TB 多的流量。。
xrui
2015-09-27 00:49:49 +08:00
我 fail2ban 和 denyhosts 的 log 怎么也得上千条了
paperpeper
2015-09-27 01:57:45 +08:00
@feather12315 哈哈,以供赏玩
paperpeper
2015-09-27 01:58:01 +08:00
@alect 这是最恶心的
xmoon
2015-09-27 02:04:38 +08:00
我现在主力的 vps 不用 22 买来到现在 密码加密 至今没人扫
paperpeper
2015-09-27 02:19:25 +08:00
@xmoon 不用 22 ,其他端口不是也会被扫描到吗?
kslr
2015-09-27 03:21:17 +08:00
@paperpeper 大部分都是批量撒网
xierch
2015-09-27 03:58:36 +08:00
我的 fail2ban 日志也不短 _(:з」∠)_
lavadore
2015-09-27 04:38:59 +08:00
@paperpeper 大部分都是只扫 22 的,除非有人针对你一台机器扫
kiritoalex
2015-09-27 05:47:12 +08:00
其实可以分为某 墙和黑客部署的服务器
我当时部署捕蝇草时发现中国 IP 居多,也难怪被美国所诟病,不知道的还真的以为 xxxxxxxxi
Jocktaa
2015-09-27 08:25:47 +08:00
端口改掉 使用证书登陆
shenqi
2015-09-27 08:32:28 +08:00
看了下,没我的 ip ,放心了。
Bardon
2015-09-27 08:36:04 +08:00
就是肉鸡,批量扫 ip 用的
一般开 22 端口的, 24 小时, ip 就达到一个数量级了,改端口能避免
Starduster
2015-09-27 09:00:37 +08:00
直接禁止密码鉴定,挥刀自宫解千愁(大雾)


@kiritoalex 捕蝇草是怎么个玩法啊
kiritoalex
2015-09-27 09:30:49 +08:00
@Starduster https://www.91ri.org/12248.html
htfy96
2015-09-27 11:28:12 +08:00
https://www.badips.com/get/list/ssh/5
xiaozhizhu1997
2015-09-27 11:32:47 +08:00
@kiritoalex 国内有的机房对这种行为管得很宽,比如 222.186.x.x 的镇江电信
lenovo
2015-10-06 22:01:11 +08:00
把我 3 台 VPS 的 SSH log 统计了一下
https://github.com/CNMan/ssh/blob/master/IP_location.csv

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/223956

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX