Amazon Linux 入侵尝试

tag-icon tag-icon linux security amazon-ec2
Amazon Linux 入侵尝试

我查看了 /var/log/secure 并注意到以下情况:

Dec  9 06:03:20 ip-10-58-218-177 sshd[3794]: Did not receive identification string from 177.99.169.130
Dec  9 06:46:12 ip-10-58-218-177 sshd[3897]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:12 ip-10-58-218-177 sshd[3897]: Invalid user admin from 177.99.169.130
Dec  9 06:46:12 ip-10-58-218-177 sshd[3897]: input_userauth_request: invalid user admin [preauth]
Dec  9 06:46:13 ip-10-58-218-177 sshd[3897]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:14 ip-10-58-218-177 sshd[3899]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:15 ip-10-58-218-177 sshd[3899]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:16 ip-10-58-218-177 sshd[3901]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:16 ip-10-58-218-177 sshd[3901]: Invalid user user from 177.99.169.130
Dec  9 06:46:16 ip-10-58-218-177 sshd[3901]: input_userauth_request: invalid user user [preauth]
Dec  9 06:46:17 ip-10-58-218-177 sshd[3901]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:19 ip-10-58-218-177 sshd[3903]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:19 ip-10-58-218-177 sshd[3903]: Invalid user guest from 177.99.169.130
Dec  9 06:46:19 ip-10-58-218-177 sshd[3903]: input_userauth_request: invalid user guest [preauth]
Dec  9 06:46:19 ip-10-58-218-177 sshd[3903]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:21 ip-10-58-218-177 sshd[3905]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:21 ip-10-58-218-177 sshd[3905]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:23 ip-10-58-218-177 sshd[3907]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:23 ip-10-58-218-177 sshd[3907]: Invalid user xbian from 177.99.169.130
Dec  9 06:46:23 ip-10-58-218-177 sshd[3907]: input_userauth_request: invalid user xbian [preauth]
Dec  9 06:46:23 ip-10-58-218-177 sshd[3907]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]
Dec  9 06:46:25 ip-10-58-218-177 sshd[3909]: reverse mapping checking getaddrinfo for grupoazul130.static.host.gvt.net.br [177.99.169.130] failed - POSSIBLE BREAK-IN ATTEMPT!
Dec  9 06:46:25 ip-10-58-218-177 sshd[3909]: Invalid user D-Link from 177.99.169.130
Dec  9 06:46:25 ip-10-58-218-177 sshd[3909]: input_userauth_request: invalid user D-Link [preauth]
Dec  9 06:46:25 ip-10-58-218-177 sshd[3909]: Received disconnect from 177.99.169.130: 11: Bye Bye [preauth]

这意味着什么?我应该担心吗?

答案1

这就是通常的随机扫描,试图找到默认用户名和密码。这通常不会成为问题,但如果你担心,失败2ban,正确配置应该可以阻止暴力破解。默认的 ssh 规则应该足够好了。

相关内容