• 互联网攻击无时无刻不在啊

    一直都不怎么关心服务器安全性的问题,这该是运维的事情,最近公司不少阿里云上的服务器遭到攻击,从丢病毒文件到更改mysql max_allowed_packet都有,今天有台测试服务器不停地异常,下午又有几次进程悄无声息的被停了,检查rsyslog日志的时候发现,不停地有被攻击,部分如下:

    Dec 7 16:27:49 iZ23nn1p4mjZ sshd[30720]: Invalid user david from 120.25.215.142
    Dec 7 16:27:49 iZ23nn1p4mjZ sshd[30721]: input_userauth_request: invalid user david
    Dec 7 16:27:49 iZ23nn1p4mjZ sshd[30720]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 16:27:49 iZ23nn1p4mjZ sshd[30720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 16:27:49 iZ23nn1p4mjZ sshd[30720]: pam_succeed_if(sshd:auth): error retrieving information about user david
    Dec 7 16:27:51 iZ23nn1p4mjZ sshd[30720]: Failed password for invalid user david from 120.25.215.142 port 41438 ssh2

    Dec 7 16:31:41 iZ23nn1p4mjZ sshd[30801]: Invalid user content from 120.25.215.142
    Dec 7 16:31:41 iZ23nn1p4mjZ sshd[30802]: input_userauth_request: invalid user content
    Dec 7 16:31:41 iZ23nn1p4mjZ sshd[30801]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 16:31:41 iZ23nn1p4mjZ sshd[30801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 16:31:41 iZ23nn1p4mjZ sshd[30801]: pam_succeed_if(sshd:auth): error retrieving information about user content
    Dec 7 16:31:43 iZ23nn1p4mjZ sshd[30801]: Failed password for invalid user content from 120.25.215.142 port 42729 ssh2
    Dec 7 16:31:43 iZ23nn1p4mjZ sshd[30802]: Received disconnect from 120.25.215.142: 11: Bye Bye

    Dec 7 16:33:38 iZ23nn1p4mjZ sshd[30834]: Invalid user r00t from 120.25.215.142
    Dec 7 16:33:38 iZ23nn1p4mjZ sshd[30835]: input_userauth_request: invalid user r00t
    Dec 7 16:33:38 iZ23nn1p4mjZ sshd[30834]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 16:33:38 iZ23nn1p4mjZ sshd[30834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 16:33:38 iZ23nn1p4mjZ sshd[30834]: pam_succeed_if(sshd:auth): error retrieving information about user r00t
    Dec 7 16:33:40 iZ23nn1p4mjZ sshd[30834]: Failed password for invalid user r00t from 120.25.215.142 port 57491 ssh2

    Dec 7 16:49:07 iZ23nn1p4mjZ sshd[32168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142 user=root
    Dec 7 16:49:09 iZ23nn1p4mjZ sshd[32168]: Failed password for root from 120.25.215.142 port 34422 ssh2

    Dec 7 16:23:56 iZ23nn1p4mjZ sshd[30542]: Invalid user oracle from 120.25.215.142
    Dec 7 16:23:56 iZ23nn1p4mjZ sshd[30543]: input_userauth_request: invalid user oracle
    Dec 7 16:23:56 iZ23nn1p4mjZ sshd[30542]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 16:23:56 iZ23nn1p4mjZ sshd[30542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 16:23:56 iZ23nn1p4mjZ sshd[30542]: pam_succeed_if(sshd:auth): error retrieving information about user oracle
    Dec 7 16:23:58 iZ23nn1p4mjZ sshd[30542]: Failed password for invalid user oracle from 120.25.215.142 port 40147 ssh2
    Dec 7 16:23:58 iZ23nn1p4mjZ sshd[30543]: Received disconnect from 120.25.215.142: 11: Bye Bye

    Dec 7 15:25:45 iZ23nn1p4mjZ sshd[27218]: input_userauth_request: invalid user nagios
    Dec 7 15:25:45 iZ23nn1p4mjZ sshd[27217]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 15:25:45 iZ23nn1p4mjZ sshd[27217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 15:25:45 iZ23nn1p4mjZ sshd[27217]: pam_succeed_if(sshd:auth): error retrieving information about user nagios
    Dec 7 15:25:47 iZ23nn1p4mjZ sshd[27217]: Failed password for invalid user nagios from 120.25.215.142 port 49015 ssh2
    Dec 7 15:25:47 iZ23nn1p4mjZ sshd[27218]: Received disconnect from 120.25.215.142: 11: Bye Bye
    Dec 7 15:27:43 iZ23nn1p4mjZ sshd[27244]: Invalid user postgres from 120.25.215.142
    Dec 7 15:27:43 iZ23nn1p4mjZ sshd[27245]: input_userauth_request: invalid user postgres
    Dec 7 15:27:43 iZ23nn1p4mjZ sshd[27244]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 15:27:43 iZ23nn1p4mjZ sshd[27244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 15:27:43 iZ23nn1p4mjZ sshd[27244]: pam_succeed_if(sshd:auth): error retrieving information about user postgres
    Dec 7 15:27:45 iZ23nn1p4mjZ sshd[27244]: Failed password for invalid user postgres from 120.25.215.142 port 35544 ssh2

    公司还不少服务器时弱密码的,看来得好好设置服务器策略至少第一步要求强密码并记录所有用户执行的所有命令了。
  • 相关阅读:
    JavaAPI基础(1)
    类与对象、封装、构造方法
    Java语言基础
    Request请求的应用
    Response的应用
    java生成动态验证码
    Servlet的配置
    常见的状态码。。
    简单学习【1】——打包JS
    NodeJS2-2环境&调试----引用系统内置模块,引用第三方模块
  • 原文地址:https://www.cnblogs.com/zhjh256/p/6141881.html
Copyright © 2020-2023  润新知