我试图调试我的 apache 服务器并使用 journalctl,其中列出了大量外国地址,例如中文和俄罗斯 - 它们也位于 vino-server 旁边,我认为这是我的 VNC 服务器,如果被黑客入侵会很危险。
这些地址应该存在吗?我该如何摆脱它们?
以下是一些输出:
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 210.51.2.210
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 66.136.241.35.bc.googleusercontent.com
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 dsl-189-151-234-109-dyn.prod-infinitum.com.mx
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 210.51.2.210
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 66.136.241.35.bc.googleusercontent.com
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 190.235.68.236
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 210.51.2.210
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 66.136.241.35.bc.googleusercontent.com
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 dsl-189-151-234-109-dyn.prod-infinitum.com.mx
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 new.dskazan.ru
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 210.51.2.210
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 190.235.68.236
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 66.136.241.35.bc.googleusercontent.com
Aug 08 11:30:38 Media-Server vino-server[4414]: 08/08/2019 11:30:38 663.gra1.ovh.abcd.network
Aug 08 11:30:39 Media-Server vino-server[4414]: Deferring authentication of '66.136.241.35.bc.googleusercontent.com' for 5 seconds
Aug 08 11:30:44 Media-Server vino-server[4414]: VNC authentication failure from '66.136.241.35.bc.googleusercontent.com'```
答案1
欢迎来到奇妙的互联网世界,在这里俄罗斯、法国和墨西哥的 Bot Maffia 总是可以使用另一个被黑的服务器。(据我检查,这 3 个国家只是 3 个不同的主机名)
没有办法“摆脱”这些,但你可以通过以下方式保护自己:
- 让 VNC vino 通过 SSH 隧道运行
- 强化你的服务器
- 使用强而长的密码
- 启用自动安全更新
- 在固件(UEFI/BIOS)中禁用所有不需要的硬件(USB 端口、FireWire、WiFi 等)
- 不要安装不需要的软件
- 删除不使用的软件
- 制作系统备份
- ETC...
上面是一个非详尽的列表,但应该可以让您以不同的方式思考您的服务器,因为“被黑客入侵”只是如今宇宙互联网背景辐射的一部分。