我在 postgres 实例的日志中有这个:
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:20:02.277 UTC [78602] FATAL: password authentication failed for user "postgres"
2021-11-20 06:20:02.277 UTC [78602] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:41:05.211 UTC [79412] FATAL: password authentication failed for user "postgres"
2021-11-20 06:41:05.211 UTC [79412] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:41:45.448 UTC [79517] FATAL: password authentication failed for user "pgsql"
2021-11-20 06:41:45.448 UTC [79517] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:01:53.432 UTC [80321] FATAL: password authentication failed for user "postgres"
2021-11-20 07:01:53.432 UTC [80321] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:22:44.231 UTC [81197] FATAL: password authentication failed for user "postgres"
2021-11-20 07:22:44.231 UTC [81197] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:25:30.380 UTC [81317] FATAL: password authentication failed for user "pgsql"
2021-11-20 07:25:30.380 UTC [81317] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:43:48.611 UTC [82115] FATAL: password authentication failed for user "postgres"
2021-11-20 07:43:48.611 UTC [82115] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:47:12.673 UTC [82233] FATAL: password authentication failed for user "pgsql"
2021-11-20 07:47:12.673 UTC [82233] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 08:04:33.369 UTC [82925] FATAL: password authentication failed for user "postgres"
2021-11-20 08:04:33.369 UTC [82925] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 08:09:09.023 UTC [83149] FATAL: password authentication failed for user "pgsql"
2021-11-20 08:09:09.023 UTC [83149] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 08:25:46.146 UTC [83736] FATAL: password authentication failed for user "postgres"
2021-11-20 08:25:46.146 UTC [83736] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 08:30:54.629 UTC [83963] FATAL: password authentication failed for user "pgadmin"
2021-11-20 08:30:54.629 UTC [83963] DETAIL: Role "pgadmin" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
该实例用于测试,包含无价值数据,因此不安全,并且有一个公共开放端口,便于测试。
如果这是一次攻击,我觉得奇怪的是时间戳间隔很大:6:20、6:41、7:01、7:22、7:25、7:43 等请求在很短的时间内,但连接之间有很大的差距
“连接匹配”消息是什么意思?
我无法告诉您谁尝试登录,但您可以添加
%h以log_line_prefix查看客户地址。“连接匹配 pg_hba.conf 第 100 行”表示传入连接匹配该
pg_hba.conf行(这并不奇怪,因为它包含所有通配符),因此scram-sha-256尝试了密码验证(但失败)。我建议使用不那么通用的
pg_hba.conf条目,这样攻击者用猜测的密码入侵的机会就会减少。