V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
013231
V2EX  ›  问与答

这样的日志是什么意思? 有人试图暴力破解我的密码?

  •  
  •   013231 · 2012-01-15 04:04:52 +08:00 · 4194 次点击
    这是一个创建于 4725 天前的主题,其中的信息可能已经有所发展或是发生改变。
    /var/log/auth.log, 3小时400+条.


    1 Jan 14 11:57:30 localhost sshd[2119]: Failed password for root from 94.73.154.122 port 48812 ssh2
    2 Jan 14 11:57:46 localhost sshd[2191]: Failed password for root from 94.73.154.122 port 51478 ssh2
    3 Jan 14 11:57:57 localhost sshd[2194]: Failed password for root from 94.73.154.122 port 55988 ssh2
    4 Jan 14 11:59:06 localhost sshd[2436]: Failed password for root from 94.73.154.122 port 41081 ssh2
    5 Jan 14 11:59:33 localhost sshd[4980]: Failed password for root from 94.73.154.122 port 46411 ssh2
    6 Jan 14 11:59:48 localhost sshd[7284]: Failed password for root from 94.73.154.122 port 49076 ssh2
    7 Jan 14 12:00:42 localhost sshd[7287]: Failed password for root from 94.73.154.122 port 59744 ssh2
    8 Jan 14 12:00:54 localhost sshd[7290]: Failed password for root from 94.73.154.122 port 34176 ssh2
    9 Jan 14 12:01:50 localhost sshd[7588]: Failed password for root from 94.73.154.122 port 44836 ssh2
    10 Jan 14 12:02:03 localhost sshd[7590]: Failed password for root from 94.73.154.122 port 47501 ssh2
    11 Jan 14 12:02:17 localhost sshd[7593]: Failed password for root from 94.73.154.122 port 50166 ssh2
    12 Jan 14 12:03:01 localhost sshd[7595]: Failed password for root from 94.73.154.122 port 53611 ssh2
    13 Jan 14 12:03:11 localhost sshd[7597]: Failed password for root from 94.73.154.122 port 56277 ssh2
    14 Jan 14 12:03:28 localhost sshd[7599]: Failed password for root from 94.73.154.122 port 58944 ssh2
    15 Jan 14 12:04:34 localhost sshd[7624]: Failed password for root from 94.73.154.122 port 44039 ssh2
    16 Jan 14 12:05:15 localhost sshd[7857]: Failed password for root from 94.73.154.122 port 52036 ssh2
    17 Jan 14 12:05:47 localhost sshd[7862]: Failed password for root from 94.73.154.122 port 57366 ssh2
    18 Jan 14 12:06:13 localhost sshd[8437]: Failed password for root from 94.73.154.122 port 34463 ssh2
    6 条回复    1970-01-01 08:00:00 +08:00
    GordianZ
        1
    GordianZ  
    MOD
       2012-01-15 04:16:39 +08:00
    嗯,基本上就是穷举。可以设置失败N次屏蔽IP的~
    013231
        2
    013231  
    OP
       2012-01-15 04:31:25 +08:00 via iPad
    @GordianZ 怎么设置?
    话说,对于暴力破解,这速度也太慢了吧,就算是手动输入用户名和密码也比这快呀。而且这个vps才买2天,上面什么都没装呢,怎么就被人盯上了?
    GordianZ
        3
    GordianZ  
    MOD
       2012-01-15 07:50:42 +08:00
    @013231 说不定分配给你的IP之前有人网站被破解过,然后重新尝试来着。
    屏蔽有很多东西可以弄,例如fail2ban:
    http://www.fail2ban.org/
    9hills
        4
    9hills  
       2012-01-15 09:03:16 +08:00 via Android
    用密钥而不是密码
    lyxint
        5
    lyxint  
       2012-01-15 10:21:13 +08:00
    屏蔽root登录.
    rhwood
        6
    rhwood  
       2012-01-15 11:34:52 +08:00
    这个是很正常的,安装防火墙csf
    一般平均2小时至少会屏蔽一个恶意ip
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1117 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 21ms · UTC 17:58 · PVG 01:58 · LAX 09:58 · JFK 12:58
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.