vps服务器差点被入侵

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=root
Failed password for root from 61.160.207.240 port 52296 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user oracle from 61.160.207.240
input_userauth_request: invalid user oracle
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user oracle
Failed password for invalid user oracle from 61.160.207.240 port 53392 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=adm
Failed password for adm from 61.160.207.240 port 43603 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=adm
Failed password for adm from 61.160.207.240 port 44703 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=adm
Failed password for adm from 61.160.207.240 port 45640 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user testuser
Failed password for invalid user testuser from 61.160.207.240 port 50198 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user testuser from 61.160.207.240
input_userauth_request: invalid user testuser
input_userauth_request: invalid user linux
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user linux
Failed password for invalid user linux from 61.160.207.240 port 54636 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user info from 61.160.207.240
input_userauth_request: invalid user info
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user info
Failed password for invalid user info from 61.160.207.240 port 59143 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user alex from 61.160.207.240
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user alex
Failed password for invalid user alex from 61.160.207.240 port 34503 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user jack from 61.160.207.240
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user jack
Failed password for invalid user jack from 61.160.207.240 port 35282 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user jack from 61.160.207.240
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user john
Failed password for invalid user john from 61.160.207.240 port 39991 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user john from 61.160.207.240
input_userauth_request: invalid user john
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user roy
Failed password for invalid user roy from 61.160.207.240 port 43520 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user roy from 61.160.207.240
input_userauth_request: invalid user roy
input_userauth_request: invalid user source
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user source
Failed password for invalid user source from 61.160.207.240 port 45495 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user sales
Failed password for invalid user sales from 61.160.207.240 port 46570 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user sales from 61.160.207.240
input_userauth_request: invalid user sales
input_userauth_request: invalid user test
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user test
Failed password for invalid user test from 61.160.207.240 port 49939 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user tester from 61.160.207.240
input_userauth_request: invalid user tester
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user tester
Failed password for invalid user tester from 61.160.207.240 port 51042 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user testing from 61.160.207.240
input_userauth_request: invalid user testing
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user testing
Failed password for invalid user testing from 61.160.207.240 port 52126 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user mysql from 61.160.207.240
input_userauth_request: invalid user mysql
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user mysql
Failed password for invalid user mysql from 61.160.207.240 port 53138 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 46965 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 47261 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 47605 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 47927 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 48289 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 48585 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 48925 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 49203 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 49564 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 49869 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye

翻了下/var/log/secure，发现来自江苏省常州市 电信的61.160.207.240估计是个惯犯，而来自土耳其的94.102.5.250一直试图攻破root密码，还好我在sshd_config中将root远程登录关闭了。

今天登录查看日志后，立马又将root密码改复杂了，另外将远程登录的用户名和密码也改复杂了，又查了下vps开启的服务和端口，发现大部分都管闭了，只运行了一些必要的服务。之后又将系统更新到最新。

大家还有什么经验要分享的吗？