zoukankan      html  css  js  c++  java

  • 互联网攻击无时无刻不在啊

    一直都不怎么关心服务器安全性的问题,这该是运维的事情,最近公司不少阿里云上的服务器遭到攻击,从丢病毒文件到更改mysql max_allowed_packet都有,今天有台测试服务器不停地异常,下午又有几次进程悄无声息的被停了,检查rsyslog日志的时候发现,不停地有被攻击,部分如下:

    Dec 7 16:27:49 iZ23nn1p4mjZ sshd[30720]: Invalid user david from 120.25.215.142
    Dec 7 16:27:49 iZ23nn1p4mjZ sshd[30721]: input_userauth_request: invalid user david
    Dec 7 16:27:49 iZ23nn1p4mjZ sshd[30720]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 16:27:49 iZ23nn1p4mjZ sshd[30720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 16:27:49 iZ23nn1p4mjZ sshd[30720]: pam_succeed_if(sshd:auth): error retrieving information about user david
    Dec 7 16:27:51 iZ23nn1p4mjZ sshd[30720]: Failed password for invalid user david from 120.25.215.142 port 41438 ssh2

    Dec 7 16:31:41 iZ23nn1p4mjZ sshd[30801]: Invalid user content from 120.25.215.142
    Dec 7 16:31:41 iZ23nn1p4mjZ sshd[30802]: input_userauth_request: invalid user content
    Dec 7 16:31:41 iZ23nn1p4mjZ sshd[30801]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 16:31:41 iZ23nn1p4mjZ sshd[30801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 16:31:41 iZ23nn1p4mjZ sshd[30801]: pam_succeed_if(sshd:auth): error retrieving information about user content
    Dec 7 16:31:43 iZ23nn1p4mjZ sshd[30801]: Failed password for invalid user content from 120.25.215.142 port 42729 ssh2
    Dec 7 16:31:43 iZ23nn1p4mjZ sshd[30802]: Received disconnect from 120.25.215.142: 11: Bye Bye

    Dec 7 16:33:38 iZ23nn1p4mjZ sshd[30834]: Invalid user r00t from 120.25.215.142
    Dec 7 16:33:38 iZ23nn1p4mjZ sshd[30835]: input_userauth_request: invalid user r00t
    Dec 7 16:33:38 iZ23nn1p4mjZ sshd[30834]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 16:33:38 iZ23nn1p4mjZ sshd[30834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 16:33:38 iZ23nn1p4mjZ sshd[30834]: pam_succeed_if(sshd:auth): error retrieving information about user r00t
    Dec 7 16:33:40 iZ23nn1p4mjZ sshd[30834]: Failed password for invalid user r00t from 120.25.215.142 port 57491 ssh2

    Dec 7 16:49:07 iZ23nn1p4mjZ sshd[32168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142 user=root
    Dec 7 16:49:09 iZ23nn1p4mjZ sshd[32168]: Failed password for root from 120.25.215.142 port 34422 ssh2

    Dec 7 16:23:56 iZ23nn1p4mjZ sshd[30542]: Invalid user oracle from 120.25.215.142
    Dec 7 16:23:56 iZ23nn1p4mjZ sshd[30543]: input_userauth_request: invalid user oracle
    Dec 7 16:23:56 iZ23nn1p4mjZ sshd[30542]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 16:23:56 iZ23nn1p4mjZ sshd[30542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 16:23:56 iZ23nn1p4mjZ sshd[30542]: pam_succeed_if(sshd:auth): error retrieving information about user oracle
    Dec 7 16:23:58 iZ23nn1p4mjZ sshd[30542]: Failed password for invalid user oracle from 120.25.215.142 port 40147 ssh2
    Dec 7 16:23:58 iZ23nn1p4mjZ sshd[30543]: Received disconnect from 120.25.215.142: 11: Bye Bye

    Dec 7 15:25:45 iZ23nn1p4mjZ sshd[27218]: input_userauth_request: invalid user nagios
    Dec 7 15:25:45 iZ23nn1p4mjZ sshd[27217]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 15:25:45 iZ23nn1p4mjZ sshd[27217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 15:25:45 iZ23nn1p4mjZ sshd[27217]: pam_succeed_if(sshd:auth): error retrieving information about user nagios
    Dec 7 15:25:47 iZ23nn1p4mjZ sshd[27217]: Failed password for invalid user nagios from 120.25.215.142 port 49015 ssh2
    Dec 7 15:25:47 iZ23nn1p4mjZ sshd[27218]: Received disconnect from 120.25.215.142: 11: Bye Bye
    Dec 7 15:27:43 iZ23nn1p4mjZ sshd[27244]: Invalid user postgres from 120.25.215.142
    Dec 7 15:27:43 iZ23nn1p4mjZ sshd[27245]: input_userauth_request: invalid user postgres
    Dec 7 15:27:43 iZ23nn1p4mjZ sshd[27244]: pam_unix(sshd:auth): check pass; user unknown
    Dec 7 15:27:43 iZ23nn1p4mjZ sshd[27244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.25.215.142
    Dec 7 15:27:43 iZ23nn1p4mjZ sshd[27244]: pam_succeed_if(sshd:auth): error retrieving information about user postgres
    Dec 7 15:27:45 iZ23nn1p4mjZ sshd[27244]: Failed password for invalid user postgres from 120.25.215.142 port 35544 ssh2

    公司还不少服务器时弱密码的,看来得好好设置服务器策略至少第一步要求强密码并记录所有用户执行的所有命令了。
  • 相关阅读:
    OpenJudge 2738 浮点数加法
    OpenJudge 2809 计算2的N次方
    OpenJudge / Poj 1003 Hangover
    OpenJudge 2706 麦森数
    模板:大整数除法
    OpenJudge 2737 大整数除法
    模板:大整数减法
    ES Field Collapsing 字段折叠使用详解
    ES aggregation详解
    一个一站式流式处理云平台解决方案
  • 原文地址:https://www.cnblogs.com/zhjh256/p/6141881.html
Copyright © 2011-2022 走看看