我在 Ubuntu 20.04 上有一个邮件服务器。昨天我设置了 UFW 防火墙,如下所示:
root@vmi514622:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp LIMIT IN Anywhere
80/tcp ALLOW IN Anywhere # accept Apache
443/tcp ALLOW IN Anywhere # accept HTTPS connections
1194/udp ALLOW IN Anywhere # OpenVPN server
Anywhere DENY IN 49.88.112.75
465/tcp ALLOW IN Anywhere
587/tcp ALLOW IN Anywhere
22/tcp (v6) LIMIT IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6) # accept Apache
443/tcp (v6) ALLOW IN Anywhere (v6) # accept HTTPS connections
1194/udp (v6) ALLOW IN Anywhere (v6) # OpenVPN server
465/tcp (v6) ALLOW IN Anywhere (v6)
587/tcp (v6) ALLOW IN Anywhere (v6)
今天我收到一封电子邮件,其中的日志显示了数百次以 root 身份登录的尝试:
################### Logwatch 7.5.2 (07/22/19) ####################
Processing Initiated: Tue Mar 2 06:25:06 2021
Date Range Processed: yesterday
( 2021-Mar-01 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: vmi514622.contaboserver.net
##################################################################
--------------------- Amavisd-new Begin ------------------------
37 Total messages scanned ------------------ 100.00%
307.387K Total bytes scanned 314,764
======== ==================================================
37 Passed ---------------------------------- 100.00%
37 Clean passed 100.00%
======== ==================================================
37 Ham ------------------------------------- 100.00%
37 Clean passed 100.00%
======== ==================================================
---------------------- Amavisd-new End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (49.88.112.112): 76 Time(s)
root (1.119.166.234): 65 Time(s)
root (119.28.140.54): 64 Time(s)
root (107.170.131.23): 63 Time(s)
root (117.211.192.70): 59 Time(s)
root (139.99.105.138): 59 Time(s)
root (167.71.102.201): 59 Time(s)
root (61.244.201.237): 58 Time(s)
root (220.248.95.178): 55 Time(s)
root (106.52.69.167): 54 Time(s)
root (218.93.12.178): 53 Time(s)
root (112.14.59.120): 50 Time(s)
root (190.144.139.235): 50 Time(s)
root (122.176.87.177): 48 Time(s)
root (162.211.226.228): 48 Time(s)
root (203.184.132.191): 48 Time(s)
root (124.105.173.17): 47 Time(s)
root (180.167.225.118): 46 Time(s)
root (222.127.97.91): 46 Time(s)
root (113.28.243.105): 45 Time(s)
root (129.226.157.108): 45 Time(s)
root (81.70.175.232): 45 Time(s)
root (152.136.99.20): 42 Time(s)
root (117.220.201.79): 40 Time(s)
root (124.239.148.87): 40 Time(s)
root (51.77.245.98): 40 Time(s)
root (152.67.165.129): 39 Time(s)
root (153.126.184.65): 39 Time(s)
unknown (163.172.162.15): 39 Time(s)
root (106.13.3.35): 38 Time(s)
root (14.161.45.187): 38 Time(s)
root (14.29.200.186): 38 Time(s)
root (49.235.65.127): 37 Time(s)
root (106.13.89.74): 36 Time(s)
root (221.181.185.148): 36 Time(s)
root (201.111.170.174): 34 Time(s)
root (221.181.185.220): 32 Time(s)
root (221.181.185.198): 28 Time(s)
root (182.254.221.82): 27 Time(s)
root (200.148.108.232): 27 Time(s)
root (150.158.175.66): 25 Time(s)
root (81.68.136.135): 25 Time(s)
root (119.45.194.63): 23 Time(s)
root (106.75.71.82): 22 Time(s)
root (222.249.173.170): 22 Time(s)
root (115.236.89.211): 20 Time(s)
root (106.54.17.221): 19 Time(s)
root (221.181.185.143): 16 Time(s)
root (221.181.185.19): 16 Time(s)
root (221.181.185.29): 16 Time(s)
root (222.187.238.87): 16 Time(s)
root (111.231.215.244): 15 Time(s)
root (115.207.182.167): 15 Time(s)
root (120.92.34.203): 15 Time(s)
root (123.127.237.41): 15 Time(s)
root (154.73.188.183): 15 Time(s)
root (160.251.9.131): 15 Time(s)
root (191.162.202.25): 15 Time(s)
root (49.232.215.196): 15 Time(s)
root (61.136.184.75): 15 Time(s)
root (117.220.203.144): 14 Time(s)
root (221.181.185.223): 14 Time(s)
root (159.89.199.80): 13 Time(s)
root (111.67.206.20): 12 Time(s)
root (152.136.149.60): 12 Time(s)
root (221.131.165.124): 12 Time(s)
root (221.181.185.135): 12 Time(s)
root (221.181.185.140): 12 Time(s)
root (221.181.185.237): 12 Time(s)
root (222.187.222.55): 12 Time(s)
root (222.187.239.31): 12 Time(s)
root (27.128.173.81): 12 Time(s)
root (68.63.236.82): 12 Time(s)
root (81.69.38.149): 12 Time(s)
root (218.14.208.90): 11 Time(s)
root (101.231.146.34): 10 Time(s)
root (119.29.155.249): 10 Time(s)
root (218.56.160.82): 10 Time(s)
root (42.192.152.72): 10 Time(s)
root (46.146.242.149): 10 Time(s)
root (221.131.165.86): 8 Time(s)
root (49.88.112.73): 8 Time(s)
root (192.144.140.20): 7 Time(s)
root (64.225.53.31): 7 Time(s)
root (129.28.175.24): 6 Time(s)
root (178.128.247.181): 6 Time(s)
mail (163.172.162.15): 5 Time(s)
root (161.97.126.91): 5 Time(s)
root (167.86.90.235): 5 Time(s)
root (186.121.204.10): 5 Time(s)
root (212.64.71.254): 5 Time(s)
root (27.155.193.17): 5 Time(s)
root (49.232.87.218): 5 Time(s)
root (68.183.156.109): 5 Time(s)
root (152.136.209.192): 3 Time(s)
unknown (159.203.29.235): 3 Time(s)
root (103.232.91.46): 2 Time(s)
unknown (141.98.80.29): 2 Time(s)
unknown (141.98.80.90): 2 Time(s)
unknown (141.98.80.93): 2 Time(s)
unknown (165.22.85.95): 2 Time(s)
unknown (195.206.105.217): 2 Time(s)
unknown (91.173.12.250): 2 Time(s)
root (115.159.90.137): 1 Time(s)
root (122.161.194.250): 1 Time(s)
root (141.98.80.89): 1 Time(s)
root (141.98.80.91): 1 Time(s)
root (141.98.80.92): 1 Time(s)
root (150.136.243.33): 1 Time(s)
root (151.106.113.19): 1 Time(s)
root (151.253.125.137): 1 Time(s)
root (152.32.252.163): 1 Time(s)
root (154.120.242.70): 1 Time(s)
root (157.230.90.18): 1 Time(s)
root (157.245.140.49): 1 Time(s)
root (167.172.233.156): 1 Time(s)
root (176.121.235.86): 1 Time(s)
root (178.33.67.12): 1 Time(s)
root (182.61.144.129): 1 Time(s)
root (187.45.103.15): 1 Time(s)
root (217.128.133.129): 1 Time(s)
root (218.103.15.177): 1 Time(s)
root (36.133.163.35): 1 Time(s)
root (45.80.153.199): 1 Time(s)
root (49.232.2.249): 1 Time(s)
root (81.68.253.95): 1 Time(s)
root (86.131.53.144): 1 Time(s)
root (89.71.241.168): 1 Time(s)
root (93.188.164.171): 1 Time(s)
unknown (141.98.80.89): 1 Time(s)
unknown (141.98.80.91): 1 Time(s)
unknown (141.98.80.92): 1 Time(s)
Invalid Users:
Unknown Account: 57 Time(s)
su:
Authentication Failures:
root(1000) -> root: 1 Time(s)
Sessions Opened:
root -> iredadmin: 1 Time(s)
root -> iredapd: 1 Time(s)
root -> netdata: 1 Time(s)
root -> root: 1 Time(s)
root -> vlado: 1 Time(s)
root -> vmail: 1 Time(s)
sudo:
Sessions Opened:
root -> root: 14 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
1 Connections 1
1 Disconnections 1
32 Postscreen 32
1 TLS connections (server) 1
1 TLS connections (client) 1
**Unmatched Entries**
1 Mar 1 10:29:55 vmi514622 postfix/cleanup[1196156]: 4Dpw2p75TJzPkbt: message-id=<[email protected]>
1 Mar 1 10:36:33 vmi514622 postfix/qmgr[46456]: 4DpwBT5nq3zPkdb: from=<[email protected]>, size=4708, nrcpt=1 (queue active)
1 Mar 1 12:24:23 vmi514622 postfix/cleanup[1200919]: 4DpyZv4FZTzPkdg: message-id=<[email protected]>
1 Mar 1 20:14:18 vmi514622 postfix/qmgr[46456]: 4Dq9152GSBzPkbt: removed
1 Mar 1 22:43:50 vmi514622 postfix/qmgr[46456]: 4DqDKW28dzzPkbt: removed
1 Mar 1 21:34:50 vmi514622 postfix/cleanup[1222763]: 4DqBp26MQdzPkbt: message-id=<[email protected]>
1 Mar 1 15:25:21 vmi514622 postfix/pipe[1207882]: 4Dq2bj19CbzPkdg: to=<[email protected]>, relay=dovecot, delay=0.13, delays=0.01/0.01/0/0.11, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 10:24:26 vmi514622 postfix/pipe[1195937]: 4DpvwT3ynvzPkdB: to=<[email protected]>, relay=dovecot, delay=0.48, delays=0.02/0.04/0/0.42, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 03:30:06 vmi514622 postfix/cleanup[1177579]: 4DpkkQ5bHKzPkdg: message-id=<[email protected]>
1 Mar 1 11:20:47 vmi514622 postfix/pipe[1198348]: 4Dpx9W0njGzPkdg: to=<[email protected]>, relay=dovecot, delay=0.17, delays=0.01/0.02/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 21:25:24 vmi514622 postfix/qmgr[46456]: 4DqBb81DvVzPkdg: removed
1 Mar 1 16:50:19 vmi514622 postfix/cleanup[1211187]: 4Dq4Tl4g7GzPkbt: message-id=<[email protected]>
1 Mar 1 20:55:33 vmi514622 postfix/qmgr[46456]: 4Dq9wj3HY7zPkbt: from=<[email protected]>, size=6266, nrcpt=1 (queue active)
1 Mar 1 06:26:20 vmi514622 postfix/cleanup[1185400]: 4Dppdm1cvrzPkdj: message-id=<[email protected]>
1 Mar 1 12:25:09 vmi514622 postfix/cleanup[1200919]: 4Dpybn49tpzPkdg: message-id=<[email protected]>
1 Mar 1 21:49:08 vmi514622 postfix/qmgr[46456]: 4DqC6V1qxxzPkbt: removed
1 Mar 1 21:34:51 vmi514622 postfix/pipe[1222768]: 4DqBp32pZTzPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0.01/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:26:52 vmi514622 postfix/qmgr[46456]: 4DpxJX12dvzPkbt: removed
1 Mar 1 12:25:09 vmi514622 postfix/cleanup[1200919]: 4Dpybn2NYMzPkbt: message-id=<[email protected]>
1 Mar 1 10:25:03 vmi514622 postfix/qmgr[46456]: 4DpvxC2tj6zPkdH: from=<[email protected]>, size=7438, nrcpt=1 (queue active)
1 Mar 1 21:49:06 vmi514622 postfix/cleanup[1223355]: 4DqC6V1qxxzPkbt: message-id=<[email protected]>
1 Mar 1 22:43:43 vmi514622 postfix/qmgr[46456]: 4DqDKW28dzzPkbt: from=<[email protected]>, size=6124, nrcpt=1 (queue active)
1 Mar 1 10:25:03 vmi514622 postfix/qmgr[46456]: 4DpvxC2tj6zPkdH: removed
1 Mar 1 04:00:08 vmi514622 postfix/cleanup[1178958]: 4DplP44YsczPkdg: message-id=<[email protected]>
1 Mar 1 10:54:17 vmi514622 postfix/cleanup[1197185]: 4DpwZx1CnxzPkbt: message-id=<[email protected]>
1 Mar 1 20:55:34 vmi514622 postfix/qmgr[46456]: 4Dq9wk33zVzPkdg: removed
1 Mar 1 20:45:09 vmi514622 postfix/cleanup[1220774]: 4Dq9hj1vh8zPkbt: message-id=<[email protected]>
1 Mar 1 11:20:47 vmi514622 postfix/qmgr[46456]: 4Dpx9T2Y3BzPkbt: removed
1 Mar 1 20:45:10 vmi514622 postfix/qmgr[46456]: 4Dq9hk16kBzPkdg: removed
1 Mar 1 11:25:09 vmi514622 postfix/cleanup[1198541]: 4DpxGY2lHyzPkbt: message-id=<[email protected]>
1 Mar 1 11:25:52 vmi514622 postfix/qmgr[46456]: 4DpxHN45bqzPkdg: removed
1 Mar 1 10:54:17 vmi514622 postfix/qmgr[46456]: 4DpwZx1CnxzPkbt: removed
1 Mar 1 16:50:20 vmi514622 postfix/qmgr[46456]: 4Dq4Tl4g7GzPkbt: removed
1 Mar 1 11:20:47 vmi514622 postfix/qmgr[46456]: 4Dpx9W0njGzPkdg: from=<[email protected]>, size=23083, nrcpt=1 (queue active)
1 Mar 1 04:01:02 vmi514622 postfix/qmgr[46456]: 4DplQ65lDTzPkdg: from=<[email protected]>, size=855, nrcpt=1 (queue active)
1 Mar 1 10:25:02 vmi514622 postfix/qmgr[46456]: 4DpvxB4jmRzPkbt: from=<[email protected]>, size=6055, nrcpt=1 (queue active)
1 Mar 1 12:25:09 vmi514622 postfix/qmgr[46456]: 4Dpybn2NYMzPkbt: from=<[email protected]>, size=1318, nrcpt=1 (queue active)
1 Mar 1 17:37:06 vmi514622 postfix/qmgr[46456]: 4Dq5Wk2KFMzPkdg: from=<[email protected]>, size=96198, nrcpt=1 (queue active)
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ80YwqzPkdc: from=<[email protected]>, size=2223, nrcpt=1 (queue active)
1 Mar 1 17:34:49 vmi514622 postfix/pipe[1213041]: 4Dq5T474YtzPkdg: to=<[email protected]>, relay=dovecot, delay=0.1, delays=0.03/0.02/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 21:49:08 vmi514622 postfix/qmgr[46456]: 4DqC6X1tg2zPkdg: from=<[email protected]>, size=7651, nrcpt=1 (queue active)
1 Mar 1 06:26:20 vmi514622 postfix/local[1185425]: 4Dppdm1TB7zPkdc: to=<[email protected]>, relay=local, delay=0.03, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as 4Dppdm1cvrzPkdj)
1 Mar 1 04:01:04 vmi514622 postfix/cleanup[1178958]: 4DplQ80YwqzPkdc: message-id=<[email protected]>
1 Mar 1 20:45:10 vmi514622 postfix/cleanup[1220774]: 4Dq9hk16kBzPkdg: message-id=<[email protected]>
1 Mar 1 11:36:23 vmi514622 postfix/pipe[1198903]: 4DpxWV6dHtzPkdg: to=<[email protected]>, relay=dovecot, delay=0.08, delays=0.01/0.02/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:18:37 vmi514622 postfix/pipe[1198261]: 4Dpx711q91zPkdg: to=<[email protected]>, relay=dovecot, delay=0.16, delays=0.03/0.04/0/0.09, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:20:45 vmi514622 postfix/qmgr[46456]: 4Dpx9T2Y3BzPkbt: from=<[email protected]>, size=21700, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/pipe[1196674]: 4DpwHc5S2xzPkdg: to=<[email protected]>, relay=dovecot, delay=0.07, delays=0.01/0.01/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 12:09:26 vmi514622 postfix/pipe[1200352]: 4DpyFf5PhZzPkdg: to=<[email protected]>, relay=dovecot, delay=0.15, delays=0.01/0.02/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 17:34:49 vmi514622 postfix/qmgr[46456]: 4Dq5Sy23z9zPkbt: removed
1 Mar 1 11:35:36 vmi514622 postfix/cleanup[1198898]: 4DpxVc5dHhzPkbt: message-id=<[email protected]>
1 Mar 1 11:36:22 vmi514622 postfix/cleanup[1198898]: 4DpxWV3rTNzPkbt: message-id=<[email protected]>
1 Mar 1 20:45:10 vmi514622 postfix/qmgr[46456]: 4Dq9hj1vh8zPkbt: removed
1 Mar 1 04:00:06 vmi514622 postfix/pickup[1177877]: 4DplP2288zzPkdg: uid=0 from=<root>
1 Mar 1 10:30:29 vmi514622 postfix/cleanup[1196156]: 4Dpw3T3XCYzPkbt: message-id=<[email protected]>
1 Mar 1 10:28:10 vmi514622 postfix/cleanup[1196074]: 4Dpw0p0QkkzPkbt: message-id=<[email protected]>
1 Mar 1 12:20:56 vmi514622 postfix/qmgr[46456]: 4DpyVw3JlSzPkdg: removed
1 Mar 1 17:37:05 vmi514622 postfix/cleanup[1213164]: 4Dq5Wj33ZnzPkbt: message-id=<CACBSb5ZvgNzda5Bwz_UKqsvBpDvreak4g+UgwCTfQrVSnLrW=g@mail.gmail.com>
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ80YwqzPkdc: removed
1 Mar 1 04:00:08 vmi514622 postfix/qmgr[46456]: 4DplP2288zzPkdg: removed
1 Mar 1 06:26:16 vmi514622 postfix/cleanup[1185400]: 4Dppdh3zd9zPkdg: message-id=<[email protected]>
1 Mar 1 12:20:56 vmi514622 postfix/qmgr[46456]: 4DpyVp4G02zPkbt: removed
1 Mar 1 20:55:34 vmi514622 postfix/qmgr[46456]: 4Dq9wk33zVzPkdg: from=<[email protected]>, size=7649, nrcpt=1 (queue active)
1 Mar 1 12:24:23 vmi514622 postfix/qmgr[46456]: 4DpyZv4FZTzPkdg: from=<[email protected]>, size=6965, nrcpt=1 (queue active)
1 Mar 1 22:43:43 vmi514622 postfix/cleanup[1225466]: 4DqDKW28dzzPkbt: message-id=<[email protected]>
1 Mar 1 04:00:06 vmi514622 postfix/cleanup[1178958]: 4DplP2288zzPkdg: message-id=<[email protected]>
1 Mar 1 03:30:03 vmi514622 postfix/cleanup[1177579]: 4DpkkM0BsnzPkdc: message-id=<[email protected]>
1 Mar 1 11:20:47 vmi514622 postfix/qmgr[46456]: 4Dpx9W0njGzPkdg: removed
1 Mar 1 10:28:10 vmi514622 postfix/qmgr[46456]: 4Dpw0p0QkkzPkbt: removed
1 Mar 1 11:18:35 vmi514622 postfix/cleanup[1198256]: 4Dpx6z6dVszPkbt: message-id=<[email protected]>
1 Mar 1 04:01:02 vmi514622 postfix/cleanup[1178958]: 4DplQ65lDTzPkdg: message-id=<[email protected]>
1 Mar 1 03:30:06 vmi514622 postfix/cleanup[1177579]: 4DpkkQ5nLqzPkdj: message-id=<[email protected]>
1 Mar 1 11:36:23 vmi514622 postfix/qmgr[46456]: 4DpxWV6dHtzPkdg: removed
1 Mar 1 10:28:10 vmi514622 postfix/cleanup[1196074]: 4Dpw0p6CRPzPkdM: message-id=<[email protected]>
1 Mar 1 17:37:06 vmi514622 postfix/pipe[1213175]: 4Dq5Wk2KFMzPkdg: to=<[email protected]>, relay=dovecot, delay=0.07, delays=0.01/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:25:52 vmi514622 postfix/cleanup[1198541]: 4DpxHN1Y3nzPkbt: message-id=<[email protected]>
1 Mar 1 10:24:25 vmi514622 postfix/qmgr[46456]: 4DpvwS4Jv6zPkbt: removed
1 Mar 1 15:25:10 vmi514622 postfix/qmgr[46456]: 4Dq2bV1DXMzPkbt: from=<[email protected]>, size=6101, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/qmgr[46456]: 4DpwHc24GqzPkbt: removed
1 Mar 1 20:45:10 vmi514622 postfix/smtp[1220779]: 4Dq9hk16kBzPkdg: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[108.177.126.27]:25, delay=0.57, delays=0.01/0.02/0.13/0.41, dsn=2.0.0, status=sent (250 2.0.0 OK 1614627910 i12si11266553ejr.344 - gsmtp)
1 Mar 1 09:04:18 vmi514622 postfix/pipe[1192514]: 4Dpt8227gKzPkcx: to=<[email protected]>, relay=dovecot, delay=0.1, delays=0.01/0.01/0/0.08, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ65lDTzPkdg: removed
1 Mar 1 03:30:03 vmi514622 postfix/qmgr[46456]: 4DpkkM0BsnzPkdc: from=<[email protected]>, size=1299, nrcpt=1 (queue active)
1 Mar 1 11:25:09 vmi514622 postfix/pipe[1198546]: 4DpxGY5ZdtzPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0.01/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 10:36:33 vmi514622 postfix/pipe[1196443]: 4DpwBT5nq3zPkdb: to=<[email protected]>, relay=dovecot, delay=0.14, delays=0.02/0.02/0/0.11, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:20:45 vmi514622 postfix/cleanup[1198341]: 4Dpx9T2Y3BzPkbt: message-id=<[email protected]>
1 Mar 1 23:12:41 vmi514622 postfix/qmgr[46456]: 4DqDyq4pnFzPkbt: removed
1 Mar 1 23:12:35 vmi514622 postfix/qmgr[46456]: 4DqDyq4pnFzPkbt: from=<[email protected]>, size=6163, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/qmgr[46456]: 4DpwHc24GqzPkbt: from=<[email protected]>, size=3324, nrcpt=1 (queue active)
1 Mar 1 12:20:56 vmi514622 postfix/cleanup[1200775]: 4DpyVw3JlSzPkdg: message-id=<[email protected]>
1 Mar 1 20:45:10 vmi514622 postfix/qmgr[46456]: 4Dq9hk16kBzPkdg: from=<[email protected]>, size=1968, nrcpt=1 (queue active)
1 Mar 1 10:25:03 vmi514622 postfix/pipe[1195937]: 4DpvxC2tj6zPkdH: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0/0.02/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 12:20:50 vmi514622 postfix/cleanup[1200775]: 4DpyVp4G02zPkbt: message-id=<[email protected]>
1 Mar 1 12:09:14 vmi514622 postfix/qmgr[46456]: 4DpyFQ6K9pzPkbt: from=<[email protected]>, size=3324, nrcpt=1 (queue active)
1 Mar 1 10:30:30 vmi514622 postfix/qmgr[46456]: 4Dpw3V0k5lzPkdW: removed
1 Mar 1 11:26:52 vmi514622 postfix/cleanup[1198541]: 4DpxJX3v27zPkdg: message-id=<[email protected]>
1 Mar 1 20:55:34 vmi514622 postfix/pipe[1221178]: 4Dq9wk33zVzPkdg: to=<[email protected]>, relay=dovecot, delay=0.13, delays=0.01/0.02/0/0.1, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 15:25:21 vmi514622 postfix/qmgr[46456]: 4Dq2bj19CbzPkdg: from=<[email protected]>, size=7458, nrcpt=1 (queue active)
1 Mar 1 12:09:26 vmi514622 postfix/cleanup[1200333]: 4DpyFf5PhZzPkdg: message-id=<[email protected]>
1 Mar 1 23:12:41 vmi514622 postfix/qmgr[46456]: 4DqDyx2nnczPkdg: removed
1 Mar 1 11:26:52 vmi514622 postfix/pipe[1198546]: 4DpxJX3v27zPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0/0.02/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 09:04:18 vmi514622 postfix/qmgr[46456]: 4Dpt813WSdzPkbt: removed
1 Mar 1 04:00:08 vmi514622 postfix/qmgr[46456]: 4DplP43wYCzPkdc: from=<[email protected]>, size=2769, nrcpt=1 (queue active)
1 Mar 1 12:24:23 vmi514622 postfix/pipe[1200924]: 4DpyZv4FZTzPkdg: to=<[email protected]>, relay=dovecot, delay=0.07, delays=0.01/0.02/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 06:26:20 vmi514622 postfix/qmgr[46456]: 4Dppdm1TB7zPkdc: from=<[email protected]>, size=32737, nrcpt=1 (queue active)
1 Mar 1 21:20:25 vmi514622 postfix/qmgr[46456]: 4DqBTN6l1SzPkdg: removed
1 Mar 1 11:35:37 vmi514622 postfix/qmgr[46456]: 4DpxVc5dHhzPkbt: removed
1 Mar 1 16:50:20 vmi514622 postfix/cleanup[1211187]: 4Dq4Tm5kDYzPkdg: message-id=<[email protected]>
1 Mar 1 10:29:55 vmi514622 postfix/qmgr[46456]: 4Dpw2p75TJzPkbt: removed
1 Mar 1 03:30:06 vmi514622 postfix/qmgr[46456]: 4DpkkM0BsnzPkdc: removed
1 Mar 1 12:24:23 vmi514622 postfix/cleanup[1200919]: 4DpyZv01YCzPkbt: message-id=<[email protected]>
1 Mar 1 10:30:30 vmi514622 postfix/qmgr[46456]: 4Dpw3V0k5lzPkdW: from=<[email protected]>, size=6965, nrcpt=1 (queue active)
1 Mar 1 22:43:50 vmi514622 postfix/cleanup[1225466]: 4DqDKf3H3CzPkdg: message-id=<[email protected]>
1 Mar 1 10:36:33 vmi514622 postfix/qmgr[46456]: 4DpwBT0K56zPkbt: from=<[email protected]>, size=3325, nrcpt=1 (queue active)
1 Mar 1 20:14:17 vmi514622 postfix/qmgr[46456]: 4Dq9152GSBzPkbt: from=<[email protected]>, size=6271, nrcpt=1 (queue active)
1 Mar 1 10:24:24 vmi514622 postfix/qmgr[46456]: 4DpvwS4Jv6zPkbt: from=<[email protected]>, size=6054, nrcpt=1 (queue active)
1 Mar 1 06:26:20 vmi514622 postfix/pipe[1185426]: 4Dppdm1cvrzPkdj: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.14, delays=0/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 23:12:41 vmi514622 postfix/pipe[1226661]: 4DqDyx2nnczPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 06:26:16 vmi514622 postfix/qmgr[46456]: 4Dppdh3zd9zPkdg: from=<[email protected]>, size=31358, nrcpt=1 (queue active)
1 Mar 1 10:30:30 vmi514622 postfix/qmgr[46456]: 4Dpw3T3XCYzPkbt: removed
1 Mar 1 21:20:24 vmi514622 postfix/qmgr[46456]: 4DqBTN6l1SzPkdg: from=<[email protected]>, size=7484, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/qmgr[46456]: 4DpwHc5S2xzPkdg: removed
1 Mar 1 04:00:06 vmi514622 postfix/qmgr[46456]: 4DplP2288zzPkdg: from=<[email protected]>, size=1389, nrcpt=1 (queue active)
1 Mar 1 21:34:51 vmi514622 postfix/qmgr[46456]: 4DqBp32pZTzPkdg: from=<[email protected]>, size=7647, nrcpt=1 (queue active)
1 Mar 1 17:34:49 vmi514622 postfix/cleanup[1213036]: 4Dq5T474YtzPkdg: message-id=<[email protected]>
1 Mar 1 06:26:16 vmi514622 postfix/pickup[1182116]: 4Dppdh3zd9zPkdg: uid=0 from=<root>
1 Mar 1 03:30:06 vmi514622 postfix/local[1177589]: 4DpkkQ5bHKzPkdg: to=<[email protected]>, relay=local, delay=0.03, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as 4DpkkQ5nLqzPkdj)
1 Mar 1 03:30:07 vmi514622 postfix/pipe[1177591]: 4DpkkQ5nLqzPkdj: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.19, delays=0/0.01/0/0.18, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ80f1PzPkdj: from=<[email protected]>, size=2383, nrcpt=1 (queue active)
1 Mar 1 10:28:10 vmi514622 postfix/qmgr[46456]: 4Dpw0p6CRPzPkdM: from=
---------------------- Postfix End -------------------------
--------------------- rsyslogd Begin ------------------------
Rsyslogd actions suspended:
action-6-builtin:omfile (builtin:omfile): 15531 Times
Rsyslogd actions resumed
action-6-builtin:omfile (builtin:omfile): 14120 Times
**** Unmatched entries ****
file '/var/log/fail2ban.log': open error: Permission denied [v8.2001.0 try https://www.rsyslog.com/e/2433 ] : 1 Times
---------------------- rsyslogd End -------------------------
我不确定,但我读到过 UFW 能够在 30 秒内阻止来自一个 IP 的多次登录失败。我不知道,但日志中确实有数百次尝试。或者它是防火墙尚未设置时的日志?我大约 12 小时前设置了它。我的防火墙正确吗?非常感谢您的帮助。
答案1
那只是正常的噪音www。如果你使用强密码,那就没什么可担心的。
但是,您应该采取一些措施来降低噪音并使您的服务器更安全:
- 禁用
root登录,而是以普通用户身份登录并使用sudo。 - 禁用
password登录并pubkey仅使用 -authentication - 将您的
ssh端口更改为更高的端口号(确保您的防火墙允许它)。 - 安装
fail2ban至少可以延迟这些尝试。 - 使用强密码任何地方
- 随时保持所有软件为最新版本
ufw limit并且fail2ban很不错,但攻击者知道这些限制,并会进行尽可能多的尝试,以防被阻止。通常这些随机攻击是通过接管一些随机服务器的僵尸网络进行的,因此限制每个 IP 的尝试效果有限。