csf/lfd 参数可以防止 smtp 攻击吗?

csf/lfd 参数可以防止 smtp 攻击吗?

我每天都会有 4~5MB 的类似这样的日志监控!有人喜欢破解我的 smtp:

....
--------------------- sasl auth daemon Begin ------------------------ 


 SASL Authentications failed 3965 Time(s)
 Service smtp (pam) - 3965 Time(s):
    Realm  - 3959 Time(s):
       User: account - PAM auth error - 346 Time(s):
       User: admin - PAM auth error - 346 Time(s):
       User: admin1 - PAM auth error - 147 Time(s):
       User: chris - PAM auth error - 346 Time(s):
       User: contact - PAM auth error - 6 Time(s):
       User: fax - PAM auth error - 346 Time(s):
       User: info1 - PAM auth error - 346 Time(s):
       User: master - PAM auth error - 346 Time(s):
       User: noname - PAM auth error - 346 Time(s):
       User: pamela - PAM auth error - 346 Time(s):
       User: scanner - PAM auth error - 346 Time(s):
       User: test1 - PAM auth error - 346 Time(s):
       User: user1 - PAM auth error - 346 Time(s):
    Realm xxxxx.com - 6 Time(s):
       User: [email protected] - PAM auth error - 6 Time(s):


 **Unmatched Entries**

 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
 pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
 pam_unix(smtp:auth): check pass; user unknown
.....

我应该更改哪些参数来防止对 smtp 进行这种暴力攻击?我想我应该更改一个数字,但不知道是哪一个。

答案1

对于“如何应对暴力攻击”的典型答案是使用失败2ban。如果您正在使用某种网络托管控制面板,您可能会发现那里已经存在与 fail2ban 相关的选项。

相关内容