我已经卸载了所有 ftp 程序,除了运行 psa-proftpd 的 plesk。使用 yum(Centos 5 服务器)删除时,似乎卸载了很多 plesk 包。也许我反应过度了,所以我来这里是为了听听大家对这些日志显示的内容的看法。这是让我担心的系统消息日志:
Jan 12 05:08:27 server1 xinetd[10239]: START: smtp pid=28459 from=180.246.57.51
Jan 12 05:08:31 server1 xinetd[10239]: EXIT: smtp status=0 pid=28459 duration=4(sec)
Jan 12 05:48:49 server1 xinetd[10239]: START: smtp pid=12157 from=67.212.234.107
Jan 12 05:48:53 server1 xinetd[10239]: EXIT: smtp status=0 pid=12157 duration=4(sec)
Jan 12 07:26:24 server1 xinetd[10239]: START: smtp pid=18076 from=127.0.0.1
Jan 12 07:26:24 server1 xinetd[10239]: EXIT: smtp status=0 pid=18076 duration=0(sec)
Jan 12 07:54:20 server1 xinetd[10239]: START: smtp pid=3805 from=209.85.214.196
Jan 12 07:54:22 server1 xinetd[10239]: START: smtp pid=3822 from=127.0.0.1
Jan 12 07:54:22 server1 xinetd[10239]: EXIT: smtp status=0 pid=3822 duration=0(sec)
Jan 12 07:54:51 server1 xinetd[10239]: EXIT: smtp status=0 pid=3805 duration=31(sec)
Jan 12 16:17:31 server1 xinetd[10239]: START: ftp pid=24476 from=122.195.23.132
Jan 12 16:17:31 server1 proftpd[24476]: 207.55.244.72 (122.195.23.132[122.195.23.132]) - FTP session opened.
Jan 12 16:17:32 server1 proftpd[24476]: 207.55.244.72 (122.195.23.132[122.195.23.132]) - Preparing to chroot to directory '/var/www/vhosts/centerondisability.org/web_users/test'
Jan 12 16:17:35 server1 xinetd[10239]: EXIT: ftp status=0 pid=24476 duration=4(sec)
Jan 12 21:37:42 server1 xinetd[10239]: START: smtp pid=27839 from=200.86.88.101
Jan 12 21:37:46 server1 xinetd[10239]: EXIT: smtp status=1 pid=27839 duration=4(sec)
Jan 13 00:06:29 server1 xinetd[10239]: START: smtp pid=21939 from=182.177.193.108
Jan 13 00:06:33 server1 xinetd[10239]: EXIT: smtp status=1 pid=21939 duration=4(sec)
Jan 13 04:53:48 server1 statistics: Unable to get dir size of /var/lib/mysql/test
Jan 13 04:53:48 server1 statistics: Unable to get database status for "test": Unknown database 'test'
Jan 13 13:38:41 server1 xinetd[10239]: START: smtp pid=21828 from=190.11.80.187
Jan 13 13:38:49 server1 xinetd[10239]: EXIT: smtp status=0 pid=21828 duration=8(sec)
Jan 13 15:47:04 server1 xinetd[10239]: START: smtp pid=16102 from=72.18.226.236
Jan 13 15:47:07 server1 xinetd[10239]: EXIT: smtp status=0 pid=16102 duration=3(sec)
Jan 13 15:47:44 server1 xinetd[10239]: START: ftp pid=18085 from=67.205.103.181
Jan 13 15:47:44 server1 proftpd[18085]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session opened.
Jan 13 15:47:44 server1 proftpd[18085]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session closed.
Jan 13 15:47:44 server1 xinetd[10239]: EXIT: ftp status=0 pid=18085 duration=0(sec)
Jan 13 15:47:44 server1 xinetd[10239]: START: ftp pid=18093 from=67.205.103.181
Jan 13 15:47:44 server1 proftpd[18093]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session opened.
Jan 13 15:47:44 server1 proftpd[18093]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session closed.
Jan 13 15:47:44 server1 xinetd[10239]: EXIT: ftp status=0 pid=18093 duration=0(sec)
Jan 13 17:55:59 server1 xinetd[10239]: START: smtp pid=21697 from=127.0.0.1
Jan 13 17:55:59 server1 xinetd[10239]: EXIT: smtp status=0 pid=21697 duration=0(sec)
Jan 13 19:58:20 server1 xinetd[10239]: START: smtp pid=9543 from=127.0.0.1
Jan 13 19:58:20 server1 xinetd[10239]: EXIT: smtp status=0 pid=9543 duration=0(sec)
Jan 14 04:53:55 server1 statistics: Unable to get dir size of /var/lib/mysql/test
Jan 14 04:53:55 server1 statistics: Unable to get database status for "test": Unknown database 'test'
Jan 14 05:08:29 server1 xinetd[10239]: START: ftp pid=3482 from=208.98.22.226
Jan 14 05:08:29 server1 proftpd[3482]: 207.55.244.72 (208.98.22.226[208.98.22.226]) - FTP session opened.
Jan 14 05:08:30 server1 xinetd[10239]: EXIT: ftp status=0 pid=3482 duration=1(sec)
Jan 14 05:08:30 server1 xinetd[10239]: START: ftp pid=3486 from=208.98.22.226
Jan 14 05:08:30 server1 proftpd[3486]: 207.55.244.72 (208.98.22.226[208.98.22.226]) - FTP session opened.
Jan 14 05:08:30 server1 xinetd[10239]: EXIT: ftp status=0 pid=3486 duration=0(sec)
Jan 14 05:08:30 server1 xinetd[10239]: START: ftp pid=3488 from=208.98.22.226
我们不使用 FTP 做任何事情。只使用 ssh。我该怎么办?我是否会冒着破坏 Plesk 的风险,而访问它的非技术用户只是 SOL(我的理想),或者还有其他方法可以终止这些访问尝试?
答案1
最简单的方法就是编辑服务器上的防火墙规则/etc/sysconfig/iptables
并关闭外部 IP 对端口 20 和 21 的访问,这不会破坏 plesk,您也不会再看到那些讨厌的尝试。