腾讯云主机登录日志里有很多不明 IP 试图登录是啥情况

2019-12-30 10:15:01 +08:00
 yyh325

Dec 30 10:10:31 VM_0_12_centos sshd[30507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.196.81.5 user=root Dec 30 10:10:31 VM_0_12_centos sshd[30507]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" Dec 30 10:10:33 VM_0_12_centos sshd[30507]: Failed password for root from 116.196.81.5 port 52750 ssh2 Dec 30 10:10:33 VM_0_12_centos sshd[30507]: Received disconnect from 116.196.81.5 port 52750:11: Bye Bye [preauth] Dec 30 10:10:33 VM_0_12_centos sshd[30507]: Disconnected from 116.196.81.5 port 52750 [preauth] Dec 30 10:10:33 VM_0_12_centos sshd[30509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.195 user=root Dec 30 10:10:33 VM_0_12_centos sshd[30509]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" Dec 30 10:10:36 VM_0_12_centos sshd[30509]: Failed password for root from 218.92.0.195 port 63674 ssh2 Dec 30 10:10:36 VM_0_12_centos sshd[30509]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" Dec 30 10:10:38 VM_0_12_centos sshd[30515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.170.139.243 user=sshd Dec 30 10:10:38 VM_0_12_centos sshd[30515]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd" Dec 30 10:10:38 VM_0_12_centos sshd[30509]: Failed password for root from 218.92.0.195 port 63674 ssh2 Dec 30 10:10:38 VM_0_12_centos sshd[30509]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" Dec 30 10:10:40 VM_0_12_centos sshd[30515]: Failed password for sshd from 93.170.139.243 port 56436 ssh2 Dec 30 10:10:40 VM_0_12_centos sshd[30509]: Failed password for root from 218.92.0.195 port 63674 ssh2 Dec 30 10:10:40 VM_0_12_centos sshd[30509]: Received disconnect from 218.92.0.195 port 63674:11: [preauth] Dec 30 10:10:40 VM_0_12_centos sshd[30509]: Disconnected from 218.92.0.195 port 63674 [preauth] Dec 30 10:10:40 VM_0_12_centos sshd[30509]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.195 user=root Dec 30 10:10:40 VM_0_12_centos sshd[30515]: Received disconnect from 93.170.139.243 port 56436:11: Bye Bye [preauth] Dec 30 10:10:40 VM_0_12_centos sshd[30515]: Disconnected from 93.170.139.243 port 56436 [preauth] Dec 30 10:10:44 VM_0_12_centos sshd[30529]: Invalid user hxg from 106.13.3.214 port 42070 Dec 30 10:10:44 VM_0_12_centos sshd[30529]: input_userauth_request: invalid user hxg [preauth] Dec 30 10:10:44 VM_0_12_centos sshd[30529]: pam_unix(sshd:auth): check pass; user unknown Dec 30 10:10:44 VM_0_12_centos sshd[30529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.3.214 Dec 30 10:10:46 VM_0_12_centos sshd[30529]: Failed password for invalid user hxg from 106.13.3.214 port 42070 ssh2 Dec 30 10:10:46 VM_0_12_centos sshd[30529]: Received disconnect from 106.13.3.214 port 42070:11: Bye Bye [preauth] Dec 30 10:10:46 VM_0_12_centos sshd[30529]: Disconnected from 106.13.3.214 port 42070 [preauth]

3817 次点击
所在节点    程序员
13 条回复
yyh325
2019-12-30 10:15:34 +08:00
用 xshell 登录偶尔卡的不行,控制台登录就很流畅,和这个有关系吗
renmu
2019-12-30 10:41:28 +08:00
有人想爆破你,换个 ssh 端口
tianxianggezhu
2019-12-30 10:44:15 +08:00
有很多人攻击的,可以装个保护性软件,你会发现你的服务器每天受到了全球各地至少几百次的攻击
tyzrj766
2019-12-30 10:45:41 +08:00
扫端口的,开 22 端口,热门的 IP 段和主机,几天就能攒下几万个
yyh325
2019-12-30 10:48:45 +08:00
好,明白了,多谢老哥们
stiekel
2019-12-30 11:19:57 +08:00
这个正常,云厂商的 IP 段,都会被不停的扫常用端口,是 22 就会用密码本来尝试登陆。这个不是针对你,人家是全都扫。
换端口就安静了。
flynaj
2019-12-30 11:31:15 +08:00
该一下端口,清净,默认端口无数的机器在扫描。
Les1ie
2019-12-30 14:40:03 +08:00
apt install fail2ban
瞬间清净了
annielong
2019-12-30 18:15:26 +08:00
弱密码扫描,很正常,当初内网的弱密码用友数据库,刚开外网不到 5 分钟,就被改了密码
opengps
2019-12-30 18:31:10 +08:00
公网环境就是这么恶劣,各种扫描器自动探测自动穷举爆破
JamesR
2019-12-30 19:01:40 +08:00
正常,机子到手就要改端口。
leeton
2019-12-30 19:11:49 +08:00
我的 win 主机都换端口了
zuoakang
2019-12-30 21:41:14 +08:00
这个是 last 命令查看的吗

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/633461

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX