vps服务器差点被入侵

2013-07-08 08:48:07 +08:00
 jamesxu
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=root
Failed password for root from 61.160.207.240 port 52296 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user oracle from 61.160.207.240
input_userauth_request: invalid user oracle
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user oracle
Failed password for invalid user oracle from 61.160.207.240 port 53392 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=adm
Failed password for adm from 61.160.207.240 port 43603 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=adm
Failed password for adm from 61.160.207.240 port 44703 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240 user=adm
Failed password for adm from 61.160.207.240 port 45640 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user testuser
Failed password for invalid user testuser from 61.160.207.240 port 50198 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user testuser from 61.160.207.240
input_userauth_request: invalid user testuser
input_userauth_request: invalid user linux
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user linux
Failed password for invalid user linux from 61.160.207.240 port 54636 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user info from 61.160.207.240
input_userauth_request: invalid user info
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user info
Failed password for invalid user info from 61.160.207.240 port 59143 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user alex from 61.160.207.240
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user alex
Failed password for invalid user alex from 61.160.207.240 port 34503 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user jack from 61.160.207.240
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user jack
Failed password for invalid user jack from 61.160.207.240 port 35282 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user jack from 61.160.207.240
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user john
Failed password for invalid user john from 61.160.207.240 port 39991 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user john from 61.160.207.240
input_userauth_request: invalid user john
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user roy
Failed password for invalid user roy from 61.160.207.240 port 43520 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user roy from 61.160.207.240
input_userauth_request: invalid user roy
input_userauth_request: invalid user source
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user source
Failed password for invalid user source from 61.160.207.240 port 45495 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user sales
Failed password for invalid user sales from 61.160.207.240 port 46570 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user sales from 61.160.207.240
input_userauth_request: invalid user sales
input_userauth_request: invalid user test
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user test
Failed password for invalid user test from 61.160.207.240 port 49939 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user tester from 61.160.207.240
input_userauth_request: invalid user tester
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user tester
Failed password for invalid user tester from 61.160.207.240 port 51042 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user testing from 61.160.207.240
input_userauth_request: invalid user testing
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user testing
Failed password for invalid user testing from 61.160.207.240 port 52126 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
Invalid user mysql from 61.160.207.240
input_userauth_request: invalid user mysql
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.207.240
pam_succeed_if(sshd:auth): error retrieving information about user mysql
Failed password for invalid user mysql from 61.160.207.240 port 53138 ssh2
Received disconnect from 61.160.207.240: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 46965 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 47261 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 47605 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 47927 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 48289 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 48585 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 48925 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 49203 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 49564 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=250fy4ouo.ni.net.tr user=root
Failed password for root from 94.102.5.250 port 49869 ssh2
Received disconnect from 94.102.5.250: 11: Bye Bye

翻了下/var/log/secure,发现来自江苏省常州市 电信的61.160.207.240估计是个惯犯,而来自土耳其的94.102.5.250一直试图攻破root密码,还好我在sshd_config中将root远程登录关闭了。

今天登录查看日志后,立马又将root密码改复杂了,另外将远程登录的用户名和密码也改复杂了,又查了下vps开启的服务和端口,发现大部分都管闭了,只运行了一些必要的服务。之后又将系统更新到最新。

大家还有什么经验要分享的吗?
4270 次点击
所在节点    Linode
53 条回复
janxin
2013-07-09 17:56:44 +08:00
建立信任关系,禁用SSH密码登陆
Showfom
2013-07-09 22:10:39 +08:00
@ivanlw 已经恢复
Showfom
2013-07-09 22:12:38 +08:00
@juicy 不,概率很高,要是不防护的话,一个10位的密码,没多少天就可以干掉
juicy
2013-07-09 23:40:19 +08:00
@Showfom 是嘛。。。有什么好的防护措施防止暴力破解么?
Showfom
2013-07-10 17:19:49 +08:00
@juicy 禁止密码登陆就是了。
juicy
2013-07-10 17:34:01 +08:00
@Showfom 私要似乎也就是几百位的密码,如果暴力破解私钥怎么防?
Showfom
2013-07-10 17:35:20 +08:00
@juicy 私匙再加个密码。。。
Showfom
2013-07-10 17:36:12 +08:00
@juicy 直接关了 SSH 外网连接,只限制成用内网连接,或者干脆用 KVM IPMI 之类的= =
ety001
2013-07-10 22:43:49 +08:00
撸主大惊小怪了
vibbow
2013-07-11 00:05:08 +08:00
@Showfom 这等于把密码安全性从SSH转移到了KVM,没有实际意义啊。
PrideChung
2013-07-11 01:35:22 +08:00
@juicy 用fail2ban解决暴力破解,你设定成登陆失败3次封锁该IP小时,按RSA的加密等级他得算上好久。
Showfom
2013-07-13 00:46:57 +08:00
@vibbow 那就用内网才能登陆 SSH 好了,或者指定 IP 才能登陆。。。安全性就变成 VPN 的了。
twd2
2013-07-13 02:05:23 +08:00
关闭ssh, 使用串口

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/75094

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX