服务器被攻击,如何解决

tag-icon tag-icon ubuntu
服务器被攻击,如何解决

看起来服务器受到了攻击。/var/log/auth.log 的内容如下。它试图用所有这些用户名进行 ssh,我该如何关闭它。服务器是 Ubuntu。

    Feb 22 16:29:15 server sshd[23413]: Failed password for invalid user mirror from 220.132.192.220 port 43881 ssh2
Feb 22 16:29:15 server sshd[23414]: Failed password for invalid user justice from 220.132.192.220 port 43882 ssh2
Feb 22 16:29:15 server sshd[23416]: Failed password for invalid user london from 220.132.192.220 port 43885 ssh2
Feb 22 16:29:15 server sshd[23415]: Failed password for invalid user justice from 220.132.192.220 port 43884 ssh2
Feb 22 16:29:17 server sshd[23421]: Invalid user oxford from 203.66.115.43
Feb 22 16:29:17 server sshd[23421]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:17 server sshd[23421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 
Feb 22 16:29:17 server sshd[23422]: Invalid user london from 203.66.115.43
Feb 22 16:29:17 server sshd[23422]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:17 server sshd[23422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 
Feb 22 16:29:17 server sshd[23424]: Invalid user london from 203.66.115.43
Feb 22 16:29:17 server sshd[23424]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:17 server sshd[23424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 
Feb 22 16:29:17 server sshd[23423]: Invalid user mirror from 203.66.115.43
Feb 22 16:29:17 server sshd[23423]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:17 server sshd[23423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.115.43 
Feb 22 16:29:19 server sshd[23421]: Failed password for invalid user oxford from 203.66.115.43 port 43959 ssh2
Feb 22 16:29:19 server sshd[23422]: Failed password for invalid user london from 203.66.115.43 port 43962 ssh2
Feb 22 16:29:19 server sshd[23424]: Failed password for invalid user london from 203.66.115.43 port 43967 ssh2
Feb 22 16:29:19 server sshd[23423]: Failed password for invalid user mirror from 203.66.115.43 port 43964 ssh2
Feb 22 16:29:20 server sshd[23429]: Invalid user pacific from 220.132.192.220
Feb 22 16:29:20 server sshd[23429]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:21 server sshd[23429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 
Feb 22 16:29:21 server sshd[23430]: Invalid user mirror from 220.132.192.220
Feb 22 16:29:21 server sshd[23430]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:21 server sshd[23430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 
Feb 22 16:29:21 server sshd[23432]: Invalid user oxford from 220.132.192.220
Feb 22 16:29:21 server sshd[23431]: Invalid user mirror from 220.132.192.220
Feb 22 16:29:21 server sshd[23432]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:21 server sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 
Feb 22 16:29:21 server sshd[23431]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:21 server sshd[23431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.220 
Feb 22 16:29:22 server sshd[23429]: Failed password for invalid user pacific from 220.132.192.220 port 44073 ssh2
Feb 22 16:29:22 server sshd[23430]: Failed password for invalid user mirror from 220.132.192.220 port 44078 ssh2
Feb 22 16:29:23 server sshd[23432]: Failed password for invalid user oxford from 220.132.192.220 port 44082 ssh2
Feb 22 16:29:23 server sshd[23431]: Failed password for invalid user mirror from 220.132.192.220 port 44079 ssh2
Feb 22 16:29:24 server sshd[23437]: Invalid user pizza from 202.39.75.16
Feb 22 16:29:24 server sshd[23437]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:24 server sshd[23437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 
Feb 22 16:29:24 server sshd[23438]: Invalid user oxford from 202.39.75.16
Feb 22 16:29:24 server sshd[23438]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:24 server sshd[23438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 
Feb 22 16:29:24 server sshd[23441]: Invalid user oxford from 202.39.75.16
Feb 22 16:29:24 server sshd[23441]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:24 server sshd[23441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 
Feb 22 16:29:24 server sshd[23440]: Invalid user pacific from 202.39.75.16
Feb 22 16:29:24 server sshd[23440]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:24 server sshd[23440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.39.75.16 
Feb 22 16:29:26 server sshd[23437]: Failed password for invalid user pizza from 202.39.75.16 port 44173 ssh2
Feb 22 16:29:27 server sshd[23438]: Failed password for invalid user oxford from 202.39.75.16 port 44184 ssh2
Feb 22 16:29:27 server sshd[23441]: Failed password for invalid user oxford from 202.39.75.16 port 44186 ssh2
Feb 22 16:29:27 server sshd[23440]: Failed password for invalid user pacific from 202.39.75.16 port 44185 ssh2
Feb 22 16:29:28 server sshd[23445]: Invalid user quality from 220.132.192.198
Feb 22 16:29:28 server sshd[23445]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:28 server sshd[23445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.198 
Feb 22 16:29:29 server sshd[23446]: Invalid user pacific from 220.132.192.198
Feb 22 16:29:29 server sshd[23446]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:29 server sshd[23446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.198 
Feb 22 16:29:29 server sshd[23448]: Invalid user pacific from 220.132.192.198
Feb 22 16:29:29 server sshd[23448]: pam_unix(sshd:auth): check pass; user unknown
Feb 22 16:29:29 server sshd[23448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.192.198 
Feb 22 16:29:29 server sshd[23450]: Invalid user pizza from 220.132.192.198
Feb 22 16:29:29 server sshd[23450]: pam_unix(sshd:auth): check pass; user unknown

答案1

我相信已经被提起过几次了:

在 Linux Ubuntu 上保护 SSH

数百次 ssh 登录失败

顺便说一句,这些尝试非常常见,通常是自动脚本。

答案2

安装denyhosts

apt-get install denyhosts

Deny hosts 是一个守护进程,用于监视服务器日志,一般来说/var/log/secure可疑的访问模式,如果发现,则添加好奇访问者的 IP 地址,从而/etc/hosts.deny直接sshd阻止他们。

它还具有一种模式,允许它用其他机器的列表交换本地阻止列表,以某种方式众包已知的不良 IP 地址。类似于 RBL 列表对 SMTP 的工作方式。

我还建议您禁用keyboard-interactivessh 守护程序上的身份验证,以防止有人意外创建具有容易猜到的密码的测试用户帐户。

答案3

  • 将 SSH 更改为其他端口
  • 短暂屏蔽 IP 地址,他们可能会放弃

相关内容