222.186.15.26 是什么鬼,一直在 SSH 我的 VPS,十几万次尝试了

2018-03-19 15:17:23 +08:00
 xzc0001

买了台辣鸡 vps 放着没用,今天登上一看吓一跳,有十几万次失败尝试,全是来自这个镇江的 IP。

Mar 18 06:27:17 localhost sshd[20352]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.26 user=root Mar 18 06:27:17 localhost sshd[20352]: PAM service(sshd) ignoring max retries; 6 > 3 Mar 18 06:27:20 localhost sshd[25594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.26 user=root Mar 18 06:27:22 localhost sshd[25594]: Failed password for root from 222.186.15.26 port 50728 ssh2 Mar 18 06:27:25 localhost sshd[25594]: Failed password for root from 222.186.15.26 port 50728 ssh2 Mar 18 06:27:27 localhost sshd[25594]: Failed password for root from 222.186.15.26 port 50728 ssh2 Mar 18 06:27:29 localhost sshd[25594]: Failed password for root from 222.186.15.26 port 50728 ssh2 Mar 18 06:27:32 localhost sshd[25594]: Failed password for root from 222.186.15.26 port 50728 ssh2 Mar 18 06:27:35 localhost sshd[25594]: Failed password for root from 222.186.15.26 port 50728 ssh2 Mar 18 06:27:35 localhost sshd[25594]: Disconnecting: Too many authentication failures for root [preauth] Mar 18 06:27:35 localhost sshd[25594]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.26 user=root Mar 18 06:27:35 localhost sshd[25594]: PAM service(sshd) ignoring max retries; 6 > 3 Mar 18 06:27:37 localhost sshd[30963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.26 user=root Mar 18 06:27:39 localhost sshd[30963]: Failed password for root from 222.186.15.26 port 56540 ssh2 Mar 18 06:27:42 localhost sshd[30963]: Failed password for root from 222.186.15.26 port 56540 ssh2 Mar 18 06:27:45 localhost sshd[30963]: Failed password for root from 222.186.15.26 port 56540 ssh2 Mar 18 06:27:48 localhost sshd[30963]: Failed password for root from 222.186.15.26 port 56540 ssh2 Mar 18 06:27:50 localhost sshd[30963]: Failed password for root from 222.186.15.26 port 56540 ssh2 Mar 18 06:27:52 localhost sshd[30963]: Failed password for root from 222.186.15.26 port 56540 ssh2 Mar 18 06:27:52 localhost sshd[30963]: Disconnecting: Too many authentication failures for root [preauth] Mar 18 06:27:52 localhost sshd[30963]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.26 user=root

随便 Copy 了一段出来。另外还有一个台湾友人(61.216.16.24)

536 次点击
所在节点    VPS
3 条回复
kozora
2018-03-20 14:06:29 +08:00
fail2ban 请
msg7086
2018-03-21 00:30:06 +08:00
才 2 个 IP 扫你?有点少啊。
cq65617875
2018-03-26 10:39:55 +08:00
感觉扫 SSH 的还没扫 SIP 的多
开个蜜罐 5060 天天 LOG 大小都让你震惊

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/439395

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX