主页 / user-38342

wallyk's questions

Martin Hope
wallyk
Asked: 2010-03-21 23:05:23 +0800 CST
  • 2

最近,我通过我的防火墙打开了 SSH 端口(并重定向到我的服务器),这样我就可以在路上检查(http)服务器。前一两周没有什么不同。但是现在,三四个星期后,我看到了很多这样的:

Mar 20 08:38:28 localhost sshd[21895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net  user=root
Mar 20 08:38:31 localhost sshd[21895]: Failed password for root from 207.210.101.209 port 2854 ssh2
Mar 20 15:38:31 localhost sshd[21896]: Received disconnect from 207.210.101.209: 11: Bye Bye
Mar 20 08:38:32 localhost unix_chkpwd[21900]: password check failed for user (root)
Mar 20 08:38:32 localhost sshd[21898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net  user=root
Mar 20 08:38:34 localhost sshd[21898]: Failed password for root from 207.210.101.209 port 3729 ssh2
Mar 20 15:38:35 localhost sshd[21899]: Received disconnect from 207.210.101.209: 11: Bye Bye
Mar 20 08:38:36 localhost unix_chkpwd[21903]: password check failed for user (root)
Mar 20 08:38:36 localhost sshd[21901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net  user=root
Mar 20 08:38:38 localhost sshd[21901]: Failed password for root from 207.210.101.209 port 4313 ssh2
Mar 20 15:38:38 localhost sshd[21902]: Received disconnect from 207.210.101.209: 11: Bye Bye
Mar 20 08:38:40 localhost unix_chkpwd[21906]: password check failed for user (root)
Mar 20 08:38:40 localhost sshd[21904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net  user=root
Mar 20 08:38:42 localhost sshd[21904]: Failed password for root from 207.210.101.209 port 4869 ssh2
Mar 20 15:38:43 localhost sshd[21905]: Received disconnect from 207.210.101.209: 11: Bye Bye
Mar 20 08:38:44 localhost unix_chkpwd[21909]: password check failed for user (root)
Mar 20 08:38:44 localhost sshd[21907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net  user=root
Mar 20 08:38:46 localhost sshd[21907]: Failed password for root from 207.210.101.209 port 2512 ssh2
Mar 20 15:38:47 localhost sshd[21908]: Received disconnect from 207.210.101.209: 11: Bye Bye
Mar 20 15:38:57 localhost sshd[21912]: Connection closed by 207.210.101.209

3 月 20 日大约有 1100 行,19 日为零,18 日大约有 800 行——所有这些都与同一个 IP 相关。

这是什么意思?我应该怎么办?为什么不按时间顺序?

logging redhat security