Eu tenho isso nos logs de uma instância do postgres:
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:20:02.277 UTC [78602] FATAL: password authentication failed for user "postgres"
2021-11-20 06:20:02.277 UTC [78602] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:41:05.211 UTC [79412] FATAL: password authentication failed for user "postgres"
2021-11-20 06:41:05.211 UTC [79412] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:41:45.448 UTC [79517] FATAL: password authentication failed for user "pgsql"
2021-11-20 06:41:45.448 UTC [79517] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:01:53.432 UTC [80321] FATAL: password authentication failed for user "postgres"
2021-11-20 07:01:53.432 UTC [80321] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:22:44.231 UTC [81197] FATAL: password authentication failed for user "postgres"
2021-11-20 07:22:44.231 UTC [81197] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:25:30.380 UTC [81317] FATAL: password authentication failed for user "pgsql"
2021-11-20 07:25:30.380 UTC [81317] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:43:48.611 UTC [82115] FATAL: password authentication failed for user "postgres"
2021-11-20 07:43:48.611 UTC [82115] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:47:12.673 UTC [82233] FATAL: password authentication failed for user "pgsql"
2021-11-20 07:47:12.673 UTC [82233] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 08:04:33.369 UTC [82925] FATAL: password authentication failed for user "postgres"
2021-11-20 08:04:33.369 UTC [82925] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 08:09:09.023 UTC [83149] FATAL: password authentication failed for user "pgsql"
2021-11-20 08:09:09.023 UTC [83149] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 08:25:46.146 UTC [83736] FATAL: password authentication failed for user "postgres"
2021-11-20 08:25:46.146 UTC [83736] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 08:30:54.629 UTC [83963] FATAL: password authentication failed for user "pgadmin"
2021-11-20 08:30:54.629 UTC [83963] DETAIL: Role "pgadmin" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
Essa instância é usada para testes e contém dados sem valor, portanto, não é segura e possui uma porta aberta pública para facilitar o teste.
O que acho estranho, se for um ataque, é que os timestamps são muito espaçados: 6:20, 6:41, 7:01, 7:22, 7:25, 7:43, etc. solicitações em um curto período de tempo, mas há muita lacuna entre as conexões
O que significa a mensagem "conexão correspondida"?
Não posso dizer quem tenta fazer login, mas você pode adicionar
%hparalog_line_prefixver o endereço do cliente.“Connection matched pg_hba.conf line 100” significa que a conexão de entrada correspondeu a essa
pg_hba.conflinha (o que não é surpresa, pois contém todos os curingas) e, como consequência, ascram-sha-256autenticação por senha foi tentada (e falhou).pg_hba.confEu recomendo usar entradas menos genéricas , para que os invasores tenham menos chance de se intrometer com uma senha adivinhada.