我每天都会有 4~5MB 的类似这样的日志监控!有人喜欢破解我的 smtp:
....
--------------------- sasl auth daemon Begin ------------------------
SASL Authentications failed 3965 Time(s)
Service smtp (pam) - 3965 Time(s):
Realm - 3959 Time(s):
User: account - PAM auth error - 346 Time(s):
User: admin - PAM auth error - 346 Time(s):
User: admin1 - PAM auth error - 147 Time(s):
User: chris - PAM auth error - 346 Time(s):
User: contact - PAM auth error - 6 Time(s):
User: fax - PAM auth error - 346 Time(s):
User: info1 - PAM auth error - 346 Time(s):
User: master - PAM auth error - 346 Time(s):
User: noname - PAM auth error - 346 Time(s):
User: pamela - PAM auth error - 346 Time(s):
User: scanner - PAM auth error - 346 Time(s):
User: test1 - PAM auth error - 346 Time(s):
User: user1 - PAM auth error - 346 Time(s):
Realm xxxxx.com - 6 Time(s):
User: [email protected] - PAM auth error - 6 Time(s):
**Unmatched Entries**
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
.....
我应该更改哪些参数来防止对 smtp 进行这种暴力攻击?我想我应该更改一个数字,但不知道是哪一个。
答案1
对于“如何应对暴力攻击”的典型答案是使用失败2ban。如果您正在使用某种网络托管控制面板,您可能会发现那里已经存在与 fail2ban 相关的选项。