是不是只有我一个人这么想,还是有人试图侵入我的服务器?

是不是只有我一个人这么想,还是有人试图侵入我的服务器?

对于普通的非重要服务器来说,这种黑客攻击是正常的吗?我今天刚刚检查了我的 auth.log。

Jul  1 15:02:22 webserver sshd[5094]: Did not receive identification string from 188.165.243.46
Jul  1 15:03:51 webserver sshd[5095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=iota10.iotanet.net  user=root
Jul  1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 15:03:54 webserver sshd[5095]: Failed password for root from 188.165.243.46 port 53281 ssh2
Jul  1 15:03:54 webserver sshd[5095]: Received disconnect from 188.165.243.46: 11: Bye Bye [preauth]
Jul  1 16:33:07 webserver sshd[5302]: Invalid user guest from 62.93.6.226
Jul  1 16:33:07 webserver sshd[5302]: input_userauth_request: invalid user guest [preauth]
Jul  1 16:33:07 webserver sshd[5302]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:07 webserver sshd[5302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:07 webserver sshd[5302]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:07 webserver sshd[5302]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:09 webserver sshd[5302]: Failed password for invalid user guest from 62.93.6.226 port 59027 ssh2
Jul  1 16:33:09 webserver sshd[5302]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:10 webserver sshd[5304]: Invalid user guest from 62.93.6.226
Jul  1 16:33:10 webserver sshd[5304]: input_userauth_request: invalid user guest [preauth]
Jul  1 16:33:10 webserver sshd[5304]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:10 webserver sshd[5304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:10 webserver sshd[5304]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:10 webserver sshd[5304]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:12 webserver sshd[5304]: Failed password for invalid user guest from 62.93.6.226 port 60980 ssh2
Jul  1 16:33:13 webserver sshd[5304]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:14 webserver sshd[5306]: Invalid user guest from 62.93.6.226
Jul  1 16:33:14 webserver sshd[5306]: input_userauth_request: invalid user guest [preauth]
Jul  1 16:33:14 webserver sshd[5306]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:14 webserver sshd[5306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:14 webserver sshd[5306]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:14 webserver sshd[5306]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:16 webserver sshd[5306]: Failed password for invalid user guest from 62.93.6.226 port 34999 ssh2
Jul  1 16:33:16 webserver sshd[5306]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:17 webserver sshd[5308]: Invalid user test from 62.93.6.226
Jul  1 16:33:17 webserver sshd[5308]: input_userauth_request: invalid user test [preauth]
Jul  1 16:33:17 webserver sshd[5308]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:17 webserver sshd[5308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:17 webserver sshd[5308]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:17 webserver sshd[5308]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:19 webserver sshd[5308]: Failed password for invalid user test from 62.93.6.226 port 36760 ssh2
Jul  1 16:33:19 webserver sshd[5308]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:20 webserver sshd[5310]: Invalid user test from 62.93.6.226
Jul  1 16:33:20 webserver sshd[5310]: input_userauth_request: invalid user test [preauth]
Jul  1 16:33:20 webserver sshd[5310]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:20 webserver sshd[5310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:20 webserver sshd[5310]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:20 webserver sshd[5310]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:22 webserver sshd[5310]: Failed password for invalid user test from 62.93.6.226 port 38595 ssh2
Jul  1 16:33:22 webserver sshd[5310]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:23 webserver sshd[5312]: Invalid user test from 62.93.6.226
Jul  1 16:33:23 webserver sshd[5312]: input_userauth_request: invalid user test [preauth]
Jul  1 16:33:23 webserver sshd[5312]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:23 webserver sshd[5312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:23 webserver sshd[5312]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:23 webserver sshd[5312]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:26 webserver sshd[5312]: Failed password for invalid user test from 62.93.6.226 port 40238 ssh2
Jul  1 16:33:26 webserver sshd[5312]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:27 webserver sshd[5314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=ftp
Jul  1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:29 webserver sshd[5314]: Failed password for ftp from 62.93.6.226 port 42089 ssh2
Jul  1 16:33:29 webserver sshd[5314]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:30 webserver sshd[5316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=ftp
Jul  1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:32 webserver sshd[5316]: Failed password for ftp from 62.93.6.226 port 43379 ssh2
Jul  1 16:33:32 webserver sshd[5316]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:33 webserver sshd[5318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=ftp
Jul  1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:35 webserver sshd[5318]: Failed password for ftp from 62.93.6.226 port 44670 ssh2
Jul  1 16:33:35 webserver sshd[5318]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:36 webserver sshd[5320]: Invalid user ftpuser from 62.93.6.226
Jul  1 16:33:36 webserver sshd[5320]: input_userauth_request: invalid user ftpuser [preauth]
Jul  1 16:33:36 webserver sshd[5320]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:36 webserver sshd[5320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:36 webserver sshd[5320]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:36 webserver sshd[5320]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:38 webserver sshd[5320]: Failed password for invalid user ftpuser from 62.93.6.226 port 46318 ssh2
Jul  1 16:33:38 webserver sshd[5320]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:39 webserver sshd[5322]: Invalid user ftpuser from 62.93.6.226
Jul  1 16:33:39 webserver sshd[5322]: input_userauth_request: invalid user ftpuser [preauth]
Jul  1 16:33:39 webserver sshd[5322]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:39 webserver sshd[5322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:39 webserver sshd[5322]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:39 webserver sshd[5322]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:41 webserver sshd[5322]: Failed password for invalid user ftpuser from 62.93.6.226 port 47653 ssh2
Jul  1 16:33:41 webserver sshd[5322]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:43 webserver sshd[5324]: Invalid user ftpuser from 62.93.6.226
Jul  1 16:33:43 webserver sshd[5324]: input_userauth_request: invalid user ftpuser [preauth]
Jul  1 16:33:43 webserver sshd[5324]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:43 webserver sshd[5324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:43 webserver sshd[5324]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:43 webserver sshd[5324]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:45 webserver sshd[5324]: Failed password for invalid user ftpuser from 62.93.6.226 port 49269 ssh2
Jul  1 16:33:45 webserver sshd[5324]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:46 webserver sshd[5326]: Invalid user library from 62.93.6.226
Jul  1 16:33:46 webserver sshd[5326]: input_userauth_request: invalid user library [preauth]
Jul  1 16:33:46 webserver sshd[5326]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:46 webserver sshd[5326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:46 webserver sshd[5326]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:46 webserver sshd[5326]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:48 webserver sshd[5326]: Failed password for invalid user library from 62.93.6.226 port 50591 ssh2
Jul  1 16:33:48 webserver sshd[5326]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:49 webserver sshd[5328]: Invalid user library from 62.93.6.226
Jul  1 16:33:49 webserver sshd[5328]: input_userauth_request: invalid user library [preauth]
Jul  1 16:33:49 webserver sshd[5328]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:49 webserver sshd[5328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:49 webserver sshd[5328]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:49 webserver sshd[5328]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:51 webserver sshd[5328]: Failed password for invalid user library from 62.93.6.226 port 51906 ssh2
Jul  1 16:33:51 webserver sshd[5328]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:52 webserver sshd[5330]: Invalid user library from 62.93.6.226
Jul  1 16:33:52 webserver sshd[5330]: input_userauth_request: invalid user library [preauth]
Jul  1 16:33:52 webserver sshd[5330]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:52 webserver sshd[5330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:52 webserver sshd[5330]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:52 webserver sshd[5330]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:54 webserver sshd[5330]: Failed password for invalid user library from 62.93.6.226 port 53246 ssh2
Jul  1 16:33:55 webserver sshd[5330]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:56 webserver sshd[5332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=mysql
Jul  1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:58 webserver sshd[5332]: Failed password for mysql from 62.93.6.226 port 54760 ssh2
Jul  1 16:33:58 webserver sshd[5332]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:59 webserver sshd[5334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=mysql
Jul  1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:34:02 webserver sshd[5334]: Failed password for mysql from 62.93.6.226 port 56357 ssh2
Jul  1 16:34:02 webserver sshd[5334]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:34:03 webserver sshd[5336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=mysql
Jul  1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:34:05 webserver sshd[5336]: Failed password for mysql from 62.93.6.226 port 58251 ssh2
Jul  1 16:34:05 webserver sshd[5336]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:34:06 webserver sshd[5338]: Invalid user support from 62.93.6.226
Jul  1 16:34:06 webserver sshd[5338]: input_userauth_request: invalid user support [preauth]
Jul  1 16:34:06 webserver sshd[5338]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:34:06 webserver sshd[5338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:34:06 webserver sshd[5338]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:34:06 webserver sshd[5338]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:34:08 webserver sshd[5338]: Failed password for invalid user support from 62.93.6.226 port 59741 ssh2
Jul  1 16:34:08 webserver sshd[5338]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:34:10 webserver sshd[5340]: Invalid user support from 62.93.6.226
Jul  1 16:34:10 webserver sshd[5340]: input_userauth_request: invalid user support [preauth]
Jul  1 16:34:10 webserver sshd[5340]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:34:10 webserver sshd[5340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:34:10 webserver sshd[5340]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:34:10 webserver sshd[5340]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:34:12 webserver sshd[5340]: Failed password for invalid user support from 62.93.6.226 port 33112 ssh2

答案1

尝试意味着意图。显然有人尝试了,但说是某人做的,这太大胆了,也可能是不正确的:这更可能是僵尸网络上运行的脚本尝试62.93.6.226188.165.243.46可能通过僵尸网络进行连接。

在其他新闻中,禁用密码验证/etc/ssh/sshd_config并学习使用公钥。

相关内容