主页 / ubuntu / 问题 / 1139459
Accepted
Muhammad Usman
Asked: 2019-05-01 07:31:17 +0800 CST

有人试图破解我的服务器吗?

  • 772

所以我journalctl在 ssh(ing) 后输入服务器并得到以下输出:(有人试图破解系统还是从我这边?)(还要注意时间是早上 5 点?但很可能我们都没有登录系统那时?所以它来自 apache/ubuntu?)

Apr 30 05:38:59 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
Apr 30 05:38:56 bosc-chat sshd[13592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12  user=root
Apr 30 05:38:55 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
Apr 30 05:38:54 bosc-chat sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133  user=root
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM service(sshd) ignoring max retries; 6 > 3
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12  user=root
Apr 30 05:38:53 bosc-chat sshd[13566]: Disconnecting authenticating user root 58.242.82.12 port 58191: Too many authentication failures [preauth]
Apr 30 05:38:53 bosc-chat sshd[13566]: error: maximum authentication attempts exceeded for root from 58.242.82.12 port 58191 ssh2 [preauth]
Apr 30 05:38:53 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM service(sshd) ignoring max retries; 6 > 3
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133  user=root
Apr 30 05:38:50 bosc-chat sshd[13558]: Disconnecting authenticating user root 218.92.0.133 port 24314: Too many authentication failures [preauth]
Apr 30 05:38:50 bosc-chat sshd[13558]: error: maximum authentication attempts exceeded for root from 218.92.0.133 port 24314 ssh2 [preauth]
Apr 30 05:38:50 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:50 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:47 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:47 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:45 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:44 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:42 bosc-chat sshd[13560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
Apr 30 05:38:42 bosc-chat sshd[13560]: Disconnected from authenticating user root 218.92.0.207 port 40772 [preauth]
Apr 30 05:38:42 bosc-chat sshd[13560]: Received disconnect from 218.92.0.207 port 40772:11:  [preauth]
Apr 30 05:38:42 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:42 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
Apr 30 05:38:41 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:40 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
Apr 30 05:38:40 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:38 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
Apr 30 05:38:38 bosc-chat sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost

如果有人真的想破解,那么我能做些什么吗?

非常感谢!

server ssh apache2 webserver hacking

1 个回答

  1. Best Answer

    是的,有人在积极尝试猜测您的 root 密码。

    您可以采取一些措施来降低被黑客入侵的可能性:

    • 确保您的 root 密码长且唯一。
    • 检查您服务器的所有应用程序和服务是否已更新到当前版本,并定期更新。
    • 安装入侵防御系统。Fail2Ban是一个非常好的工具,它会在 X 次失败的登录尝试后阻止 IP 尝试。
    • 减少能够连接到防火墙上的 SSH 服务器、您所在国家/地区以及 ISP 的 IP 数量。例如,如果您住在美国,您将不会从俄罗斯或中国登录您的服务器。
    • 将您的服务器 IP 隐藏在代理服务后面。Cloudflare是这方面的优秀提供商,并提供免费计划。
    • 建立电子邮件警报以在有人登录服务器时通知您。

    我确信您可以做其他事情来强化您的服务器,但这将是一个好的开始。

    • 3

相关问题