全球主机交流论坛

标题: 无意中发现这些数据，是不是有人在暴力破解 [打印本页]

---

作者: leeger    时间: 2017-8-10 14:40
标题: 无意中发现这些数据，是不是有人在暴力破解
20o的母鸡，才用proxmox。今天在syslog里面发现下图数据，发现一直有 182.100.67.119 （国内的ip）IP的机器连接ssh，但都失败了····
是不是这个ip在猜我的SSH密码？
(, 下载次数: 0)

上传

点击文件名下载附件

现在是不是需要修改母鸡的ssh端口了？谢谢！~~~~

dadiao们快来啊！

---

作者: 流河旱树    时间: 2017-8-10 14:41
应该是有人在尝试登录root

---

作者: hipopboy    时间: 2017-8-10 14:42
是的，改端口。

---

作者: leeger    时间: 2017-8-10 14:43

hipopboy 发表于 2017-8-10 14:42
是的，改端口。

这个root是不是proxmox的root？

还是母鸡ssh的root？？

---

作者: matt7751    时间: 2017-8-10 14:44
上次有人破解我的小鸡   我改了用户名
问下大佬   这样他会不会继续傻不拉几的试密码

---

作者: Emkqson    时间: 2017-8-10 14:48
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: 橙影    时间: 2017-8-10 14:49
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: leopard    时间: 2017-8-10 14:55
我的也有人不断尝试
Aug 10 14:53:04 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:06 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:14 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:15 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:16 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:18 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:19 sd-83572 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:22 sd-83572 sshd[1425]: Failed password for invalid user  from 193.201.224.199 port 34255 ssh2
Aug 10 14:53:22 sd-83572 sshd[1425]: error: maximum authentication attempts exceeded for invalid user  from 193.201.224.199 port 34255 ssh2 [preauth]
Aug 10 14:53:22 sd-83572 sshd[1425]: Disconnecting: Too many authentication failures [preauth]
Aug 10 14:53:22 sd-83572 sshd[1425]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.199
Aug 10 14:53:22 sd-83572 sshd[1425]: PAM service(sshd) ignoring max retries; 6 > 3
Aug 10 14:53:43 sd-83572 sshd[1564]: Invalid user  from 193.201.224.199 port 40892
Aug 10 14:53:43 sd-83572 sshd[1564]: input_userauth_request: invalid user  [preauth]
Aug 10 14:53:45 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:45 sd-83572 sshd[1564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.199
Aug 10 14:53:47 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:53:48 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:50 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:53:55 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:53:57 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:53:59 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:54:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
Aug 10 14:54:01 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:54:01 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:54:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.
Aug 10 14:54:03 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:54:04 sd-83572 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 14:54:06 sd-83572 sshd[1564]: Failed password for invalid user  from 193.201.224.199 port 40892 ssh2
Aug 10 14:54:06 sd-83572 sshd[1564]: error: maximum authentication attempts exceeded for invalid user  from 193.201.224.199 port 40892 ssh2 [preauth]
Aug 10 14:54:06 sd-83572 sshd[1564]: Disconnecting: Too many authentication failures [preauth]
Aug 10 14:54:06 sd-83572 sshd[1564]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.199
Aug 10 14:54:06 sd-83572 sshd[1564]: PAM service(sshd) ignoring max retries; 6 > 3

---

作者: leeger    时间: 2017-8-10 15:06
修改后，消停了~~~~

我设置的密码自己都记不住，不是超算怎么破啊？？

---

作者: qfdk    时间: 2017-8-10 15:34
话说一直有人在破解 不行上个3ban 脚本

---

作者: leopard    时间: 2017-8-10 15:48
安装了DenyHosts，立即见效

1. Aug 10 15:42:49 sd-83572 sshd[8934]: refused connect from 193.201.224.199 (193.201.224.199)
   
2. Aug 10 15:42:57 sd-83572 sshd[8955]: refused connect from 193.201.224.199 (193.201.224.199)
   
3. Aug 10 15:43:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
   
4. Aug 10 15:43:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.
   
5. Aug 10 15:43:08 sd-83572 sshd[8983]: refused connect from 193.201.224.199 (193.201.224.199)
   
6. Aug 10 15:43:20 sd-83572 sshd[9008]: refused connect from 193.201.224.199 (193.201.224.199)
   
7. Aug 10 15:43:30 sd-83572 sshd[9031]: refused connect from 193.201.224.199 (193.201.224.199)
   
8. Aug 10 15:43:36 sd-83572 sshd[9050]: refused connect from 193.201.224.199 (193.201.224.199)
   
9. Aug 10 15:43:55 sd-83572 sshd[9099]: refused connect from 193.201.224.199 (193.201.224.199)
   
10. Aug 10 15:44:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
    
11. Aug 10 15:44:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.
    
12. Aug 10 15:44:03 sd-83572 sshd[9118]: refused connect from 193.201.224.199 (193.201.224.199)
    
13. Aug 10 15:44:16 sd-83572 sshd[9150]: refused connect from 193.201.224.199 (193.201.224.199)
    
14. Aug 10 15:44:27 sd-83572 sshd[9179]: refused connect from 193.201.224.199 (193.201.224.199)
    
15. Aug 10 15:44:36 sd-83572 sshd[9201]: refused connect from 193.201.224.199 (193.201.224.199)
    
16. Aug 10 15:44:49 sd-83572 sshd[9237]: refused connect from 193.201.224.199 (193.201.224.199)
    
17. Aug 10 15:44:57 sd-83572 sshd[9258]: refused connect from 193.201.224.199 (193.201.224.199)
    
18. Aug 10 15:45:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
    
19. Aug 10 15:45:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.
    
20. Aug 10 15:46:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
    
21. Aug 10 15:46:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.
    
22. Aug 10 15:47:00 sd-83572 systemd[1]: Starting Proxmox VE replication runner...
    
23. Aug 10 15:47:01 sd-83572 systemd[1]: Started Proxmox VE replication runner.

复制代码

---

作者: Himly    时间: 2017-8-10 21:36
还能改端口？又学会了一招

---

作者: iggfree    时间: 2017-8-10 21:45
防破解：
yum install denyhosts
service denyhosts start

---

作者: caibrid    时间: 2017-8-10 22:03
我也来水下，楼主可以用fail2ban防暴力破解，比denyhosts更加有效。

---

欢迎光临 全球主机交流论坛 (https://loc.010206.xyz/)

Powered by Discuz! X3.4