这是一个创建于 4695 天前的主题,其中的信息可能已经有所发展或是发生改变。
/var/log/auth.log, 3小时400+条.
1 Jan 14 11:57:30 localhost sshd[2119]: Failed password for root from 94.73.154.122 port 48812 ssh2
2 Jan 14 11:57:46 localhost sshd[2191]: Failed password for root from 94.73.154.122 port 51478 ssh2
3 Jan 14 11:57:57 localhost sshd[2194]: Failed password for root from 94.73.154.122 port 55988 ssh2
4 Jan 14 11:59:06 localhost sshd[2436]: Failed password for root from 94.73.154.122 port 41081 ssh2
5 Jan 14 11:59:33 localhost sshd[4980]: Failed password for root from 94.73.154.122 port 46411 ssh2
6 Jan 14 11:59:48 localhost sshd[7284]: Failed password for root from 94.73.154.122 port 49076 ssh2
7 Jan 14 12:00:42 localhost sshd[7287]: Failed password for root from 94.73.154.122 port 59744 ssh2
8 Jan 14 12:00:54 localhost sshd[7290]: Failed password for root from 94.73.154.122 port 34176 ssh2
9 Jan 14 12:01:50 localhost sshd[7588]: Failed password for root from 94.73.154.122 port 44836 ssh2
10 Jan 14 12:02:03 localhost sshd[7590]: Failed password for root from 94.73.154.122 port 47501 ssh2
11 Jan 14 12:02:17 localhost sshd[7593]: Failed password for root from 94.73.154.122 port 50166 ssh2
12 Jan 14 12:03:01 localhost sshd[7595]: Failed password for root from 94.73.154.122 port 53611 ssh2
13 Jan 14 12:03:11 localhost sshd[7597]: Failed password for root from 94.73.154.122 port 56277 ssh2
14 Jan 14 12:03:28 localhost sshd[7599]: Failed password for root from 94.73.154.122 port 58944 ssh2
15 Jan 14 12:04:34 localhost sshd[7624]: Failed password for root from 94.73.154.122 port 44039 ssh2
16 Jan 14 12:05:15 localhost sshd[7857]: Failed password for root from 94.73.154.122 port 52036 ssh2
17 Jan 14 12:05:47 localhost sshd[7862]: Failed password for root from 94.73.154.122 port 57366 ssh2
18 Jan 14 12:06:13 localhost sshd[8437]: Failed password for root from 94.73.154.122 port 34463 ssh2
6 条回复 • 1970-01-01 08:00:00 +08:00
|
|
1
GordianZ 2012-01-15 04:16:39 +08:00
嗯,基本上就是穷举。可以设置失败N次屏蔽IP的~
|
|
|
2
013231 2012-01-15 04:31:25 +08:00 via iPad
@ GordianZ 怎么设置? 话说,对于暴力破解,这速度也太慢了吧,就算是手动输入用户名和密码也比这快呀。而且这个vps才买2天,上面什么都没装呢,怎么就被人盯上了?
|
|
|
4
9hills 2012-01-15 09:03:16 +08:00 via Android
用密钥而不是密码
|
|
|
5
lyxint 2012-01-15 10:21:13 +08:00
屏蔽root登录.
|
|
|
6
rhwood 2012-01-15 11:34:52 +08:00
这个是很正常的,安装防火墙csf 一般平均2小时至少会屏蔽一个恶意ip
|