Gitea 实例正在遭受暴力攻击

Gitea 实例正在遭受暴力攻击

就在我写下这段文字的时候,我的 Gitea 实例正在遭受暴力破解:

gitea  | Invalid user yinsen from 94.23.30.184 port 55154
gitea  | Connection closed by invalid user yinsen 94.23.30.184 port 55154 [preauth]
gitea  | Invalid user zhaoyy from 94.23.30.184 port 42294
gitea  | Connection closed by invalid user zhaoyy 94.23.30.184 port 42294 [preauth]
gitea  | Invalid user yangtingy from 94.23.30.184 port 57666
gitea  | Connection closed by invalid user yangtingy 94.23.30.184 port 57666 [preauth]
gitea  | Invalid user haoxiaoshuai from 94.23.30.184 port 44806
gitea  | Connection closed by invalid user haoxiaoshuai 94.23.30.184 port 44806 [preauth]
gitea  | Invalid user adminuser from 94.23.30.184 port 60178
gitea  | Connection closed by invalid user adminuser 94.23.30.184 port 60178 [preauth]
gitea  | Invalid user adminuser from 94.23.30.184 port 47320
gitea  | Connection closed by invalid user adminuser 94.23.30.184 port 47320 [preauth]
gitea  | Invalid user wangjue from 94.23.30.184 port 34458
gitea  | Connection closed by invalid user wangjue 94.23.30.184 port 34458 [preauth]
gitea  | Invalid user jmms from 94.23.30.184 port 49830
gitea  | Connection closed by invalid user jmms 94.23.30.184 port 49830 [preauth]
gitea  | Invalid user user42 from 94.23.30.184 port 36970
gitea  | Connection closed by invalid user user42 94.23.30.184 port 36970 [preauth]
gitea  | Invalid user huwanfeng from 94.23.30.184 port 52340
gitea  | Connection closed by invalid user huwanfeng 94.23.30.184 port 52340 [preauth]
gitea  | Invalid user lidongbo from 94.23.30.184 port 39480
gitea  | Connection closed by invalid user lidongbo 94.23.30.184 port 39480 [preauth]
gitea  | Invalid user market from 94.23.30.184 port 54852
gitea  | Connection closed by invalid user market 94.23.30.184 port 54852 [preauth]
gitea  | 2023/04/10 10:05:18 [6433c33e] router: completed GET /robots.txt for 172.24.0.37:59646, 200 OK in 0.3ms @ web/web.go:162(web.Routes)
gitea  | Invalid user ldbc from 94.23.30.184 port 41992
gitea  | Connection closed by invalid user ldbc 94.23.30.184 port 41992 [preauth]
gitea  | Invalid user lsp from 94.23.30.184 port 57364
gitea  | Connection closed by invalid user lsp 94.23.30.184 port 57364 [preauth]
gitea  | Invalid user lihan from 94.23.30.184 port 44504
gitea  | Connection closed by invalid user lihan 94.23.30.184 port 44504 [preauth]
gitea  | Invalid user xingxiaoyang from 94.23.30.184 port 59876
gitea  | Connection closed by invalid user xingxiaoyang 94.23.30.184 port 59876 [preauth]
gitea  | Invalid user kishida from 94.23.30.184 port 47016
gitea  | Connection closed by invalid user kishida 94.23.30.184 port 47016 [preauth]
gitea  | Invalid user lrj from 94.23.30.184 port 34156
gitea  | Connection closed by invalid user lrj 94.23.30.184 port 34156 [preauth]
gitea  | Invalid user mgr from 94.23.30.184 port 49528
gitea  | Connection closed by invalid user mgr 94.23.30.184 port 49528 [preauth]
gitea  | Invalid user xiaojiwei from 94.23.30.184 port 36668
gitea  | Connection closed by invalid user xiaojiwei 94.23.30.184 port 36668 [preauth]
gitea  | Invalid user tim from 94.23.30.184 port 52040
gitea  | Connection closed by invalid user tim 94.23.30.184 port 52040 [preauth]
gitea  | Invalid user wxccvt from 94.23.30.184 port 39180
gitea  | Connection closed by invalid user wxccvt 94.23.30.184 port 39180 [preauth]
gitea  | Invalid user wangyanzhao from 94.23.30.184 port 54552
gitea  | Connection closed by invalid user wangyanzhao 94.23.30.184 port 54552 [preauth]
gitea  | Invalid user huangxuanxuan from 94.23.30.184 port 41692
gitea  | Connection closed by invalid user huangxuanxuan 94.23.30.184 port 41692 [preauth]
gitea  | Invalid user centos from 94.23.30.184 port 57064
gitea  | Connection closed by invalid user centos 94.23.30.184 port 57064 [preauth]
gitea  | Invalid user gvtiib from 94.23.30.184 port 44204
gitea  | Connection closed by invalid user gvtiib 94.23.30.184 port 44204 [preauth]
gitea  | Invalid user keras from 94.23.30.184 port 59576
gitea  | Connection closed by invalid user keras 94.23.30.184 port 59576 [preauth]
gitea  | Invalid user cyh from 94.23.30.184 port 46716
gitea  | Connection closed by invalid user cyh 94.23.30.184 port 46716 [preauth]
gitea  | Invalid user jp from 94.23.30.184 port 33856
gitea  | Connection closed by invalid user jp 94.23.30.184 port 33856 [preauth]
gitea  | Invalid user tengwen from 94.23.30.184 port 49228
gitea  | Connection closed by invalid user tengwen 94.23.30.184 port 49228 [preauth]
gitea  | User nobody not allowed because account is locked
gitea  | Connection closed by invalid user nobody 94.23.30.184 port 36368 [preauth]
gitea  | Invalid user user06 from 94.23.30.184 port 51740
gitea  | Connection closed by invalid user user06 94.23.30.184 port 51740 [preauth]

这些消息大约每 6~7 秒弹出一次。我在重新启动 Gitea docker 容器后偶然遇到了这个问题。

我已经设置了sudo ufw deny from 94.23.30.184 to any,但请求仍然继续通过。

  1. 为什么即使将 ufw 设置为拒绝来自此 IP 的任何访问后,请求仍然不断涌来?
  2. 我如何回溯 IP 来找出谁想要暴力攻击我的 Gitea 实例?
  3. 我该怎么做才能保护我的服务器免受此类攻击?

相关内容