我在 Ubuntu 20.04 上有一个邮件服务器。昨天我设置了 UFW 防火墙,它看起来像:
root@vmi514622:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp LIMIT IN Anywhere
80/tcp ALLOW IN Anywhere # accept Apache
443/tcp ALLOW IN Anywhere # accept HTTPS connections
1194/udp ALLOW IN Anywhere # OpenVPN server
Anywhere DENY IN 49.88.112.75
465/tcp ALLOW IN Anywhere
587/tcp ALLOW IN Anywhere
22/tcp (v6) LIMIT IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6) # accept Apache
443/tcp (v6) ALLOW IN Anywhere (v6) # accept HTTPS connections
1194/udp (v6) ALLOW IN Anywhere (v6) # OpenVPN server
465/tcp (v6) ALLOW IN Anywhere (v6)
587/tcp (v6) ALLOW IN Anywhere (v6)
今天我收到一封包含此日志的电子邮件,其中显示了数百次以 root 身份登录的尝试:
################### Logwatch 7.5.2 (07/22/19) ####################
Processing Initiated: Tue Mar 2 06:25:06 2021
Date Range Processed: yesterday
( 2021-Mar-01 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: vmi514622.contaboserver.net
##################################################################
--------------------- Amavisd-new Begin ------------------------
37 Total messages scanned ------------------ 100.00%
307.387K Total bytes scanned 314,764
======== ==================================================
37 Passed ---------------------------------- 100.00%
37 Clean passed 100.00%
======== ==================================================
37 Ham ------------------------------------- 100.00%
37 Clean passed 100.00%
======== ==================================================
---------------------- Amavisd-new End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (49.88.112.112): 76 Time(s)
root (1.119.166.234): 65 Time(s)
root (119.28.140.54): 64 Time(s)
root (107.170.131.23): 63 Time(s)
root (117.211.192.70): 59 Time(s)
root (139.99.105.138): 59 Time(s)
root (167.71.102.201): 59 Time(s)
root (61.244.201.237): 58 Time(s)
root (220.248.95.178): 55 Time(s)
root (106.52.69.167): 54 Time(s)
root (218.93.12.178): 53 Time(s)
root (112.14.59.120): 50 Time(s)
root (190.144.139.235): 50 Time(s)
root (122.176.87.177): 48 Time(s)
root (162.211.226.228): 48 Time(s)
root (203.184.132.191): 48 Time(s)
root (124.105.173.17): 47 Time(s)
root (180.167.225.118): 46 Time(s)
root (222.127.97.91): 46 Time(s)
root (113.28.243.105): 45 Time(s)
root (129.226.157.108): 45 Time(s)
root (81.70.175.232): 45 Time(s)
root (152.136.99.20): 42 Time(s)
root (117.220.201.79): 40 Time(s)
root (124.239.148.87): 40 Time(s)
root (51.77.245.98): 40 Time(s)
root (152.67.165.129): 39 Time(s)
root (153.126.184.65): 39 Time(s)
unknown (163.172.162.15): 39 Time(s)
root (106.13.3.35): 38 Time(s)
root (14.161.45.187): 38 Time(s)
root (14.29.200.186): 38 Time(s)
root (49.235.65.127): 37 Time(s)
root (106.13.89.74): 36 Time(s)
root (221.181.185.148): 36 Time(s)
root (201.111.170.174): 34 Time(s)
root (221.181.185.220): 32 Time(s)
root (221.181.185.198): 28 Time(s)
root (182.254.221.82): 27 Time(s)
root (200.148.108.232): 27 Time(s)
root (150.158.175.66): 25 Time(s)
root (81.68.136.135): 25 Time(s)
root (119.45.194.63): 23 Time(s)
root (106.75.71.82): 22 Time(s)
root (222.249.173.170): 22 Time(s)
root (115.236.89.211): 20 Time(s)
root (106.54.17.221): 19 Time(s)
root (221.181.185.143): 16 Time(s)
root (221.181.185.19): 16 Time(s)
root (221.181.185.29): 16 Time(s)
root (222.187.238.87): 16 Time(s)
root (111.231.215.244): 15 Time(s)
root (115.207.182.167): 15 Time(s)
root (120.92.34.203): 15 Time(s)
root (123.127.237.41): 15 Time(s)
root (154.73.188.183): 15 Time(s)
root (160.251.9.131): 15 Time(s)
root (191.162.202.25): 15 Time(s)
root (49.232.215.196): 15 Time(s)
root (61.136.184.75): 15 Time(s)
root (117.220.203.144): 14 Time(s)
root (221.181.185.223): 14 Time(s)
root (159.89.199.80): 13 Time(s)
root (111.67.206.20): 12 Time(s)
root (152.136.149.60): 12 Time(s)
root (221.131.165.124): 12 Time(s)
root (221.181.185.135): 12 Time(s)
root (221.181.185.140): 12 Time(s)
root (221.181.185.237): 12 Time(s)
root (222.187.222.55): 12 Time(s)
root (222.187.239.31): 12 Time(s)
root (27.128.173.81): 12 Time(s)
root (68.63.236.82): 12 Time(s)
root (81.69.38.149): 12 Time(s)
root (218.14.208.90): 11 Time(s)
root (101.231.146.34): 10 Time(s)
root (119.29.155.249): 10 Time(s)
root (218.56.160.82): 10 Time(s)
root (42.192.152.72): 10 Time(s)
root (46.146.242.149): 10 Time(s)
root (221.131.165.86): 8 Time(s)
root (49.88.112.73): 8 Time(s)
root (192.144.140.20): 7 Time(s)
root (64.225.53.31): 7 Time(s)
root (129.28.175.24): 6 Time(s)
root (178.128.247.181): 6 Time(s)
mail (163.172.162.15): 5 Time(s)
root (161.97.126.91): 5 Time(s)
root (167.86.90.235): 5 Time(s)
root (186.121.204.10): 5 Time(s)
root (212.64.71.254): 5 Time(s)
root (27.155.193.17): 5 Time(s)
root (49.232.87.218): 5 Time(s)
root (68.183.156.109): 5 Time(s)
root (152.136.209.192): 3 Time(s)
unknown (159.203.29.235): 3 Time(s)
root (103.232.91.46): 2 Time(s)
unknown (141.98.80.29): 2 Time(s)
unknown (141.98.80.90): 2 Time(s)
unknown (141.98.80.93): 2 Time(s)
unknown (165.22.85.95): 2 Time(s)
unknown (195.206.105.217): 2 Time(s)
unknown (91.173.12.250): 2 Time(s)
root (115.159.90.137): 1 Time(s)
root (122.161.194.250): 1 Time(s)
root (141.98.80.89): 1 Time(s)
root (141.98.80.91): 1 Time(s)
root (141.98.80.92): 1 Time(s)
root (150.136.243.33): 1 Time(s)
root (151.106.113.19): 1 Time(s)
root (151.253.125.137): 1 Time(s)
root (152.32.252.163): 1 Time(s)
root (154.120.242.70): 1 Time(s)
root (157.230.90.18): 1 Time(s)
root (157.245.140.49): 1 Time(s)
root (167.172.233.156): 1 Time(s)
root (176.121.235.86): 1 Time(s)
root (178.33.67.12): 1 Time(s)
root (182.61.144.129): 1 Time(s)
root (187.45.103.15): 1 Time(s)
root (217.128.133.129): 1 Time(s)
root (218.103.15.177): 1 Time(s)
root (36.133.163.35): 1 Time(s)
root (45.80.153.199): 1 Time(s)
root (49.232.2.249): 1 Time(s)
root (81.68.253.95): 1 Time(s)
root (86.131.53.144): 1 Time(s)
root (89.71.241.168): 1 Time(s)
root (93.188.164.171): 1 Time(s)
unknown (141.98.80.89): 1 Time(s)
unknown (141.98.80.91): 1 Time(s)
unknown (141.98.80.92): 1 Time(s)
Invalid Users:
Unknown Account: 57 Time(s)
su:
Authentication Failures:
root(1000) -> root: 1 Time(s)
Sessions Opened:
root -> iredadmin: 1 Time(s)
root -> iredapd: 1 Time(s)
root -> netdata: 1 Time(s)
root -> root: 1 Time(s)
root -> vlado: 1 Time(s)
root -> vmail: 1 Time(s)
sudo:
Sessions Opened:
root -> root: 14 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
1 Connections 1
1 Disconnections 1
32 Postscreen 32
1 TLS connections (server) 1
1 TLS connections (client) 1
**Unmatched Entries**
1 Mar 1 10:29:55 vmi514622 postfix/cleanup[1196156]: 4Dpw2p75TJzPkbt: message-id=<[email protected]>
1 Mar 1 10:36:33 vmi514622 postfix/qmgr[46456]: 4DpwBT5nq3zPkdb: from=<[email protected]>, size=4708, nrcpt=1 (queue active)
1 Mar 1 12:24:23 vmi514622 postfix/cleanup[1200919]: 4DpyZv4FZTzPkdg: message-id=<[email protected]>
1 Mar 1 20:14:18 vmi514622 postfix/qmgr[46456]: 4Dq9152GSBzPkbt: removed
1 Mar 1 22:43:50 vmi514622 postfix/qmgr[46456]: 4DqDKW28dzzPkbt: removed
1 Mar 1 21:34:50 vmi514622 postfix/cleanup[1222763]: 4DqBp26MQdzPkbt: message-id=<[email protected]>
1 Mar 1 15:25:21 vmi514622 postfix/pipe[1207882]: 4Dq2bj19CbzPkdg: to=<[email protected]>, relay=dovecot, delay=0.13, delays=0.01/0.01/0/0.11, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 10:24:26 vmi514622 postfix/pipe[1195937]: 4DpvwT3ynvzPkdB: to=<[email protected]>, relay=dovecot, delay=0.48, delays=0.02/0.04/0/0.42, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 03:30:06 vmi514622 postfix/cleanup[1177579]: 4DpkkQ5bHKzPkdg: message-id=<[email protected]>
1 Mar 1 11:20:47 vmi514622 postfix/pipe[1198348]: 4Dpx9W0njGzPkdg: to=<[email protected]>, relay=dovecot, delay=0.17, delays=0.01/0.02/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 21:25:24 vmi514622 postfix/qmgr[46456]: 4DqBb81DvVzPkdg: removed
1 Mar 1 16:50:19 vmi514622 postfix/cleanup[1211187]: 4Dq4Tl4g7GzPkbt: message-id=<[email protected]>
1 Mar 1 20:55:33 vmi514622 postfix/qmgr[46456]: 4Dq9wj3HY7zPkbt: from=<[email protected]>, size=6266, nrcpt=1 (queue active)
1 Mar 1 06:26:20 vmi514622 postfix/cleanup[1185400]: 4Dppdm1cvrzPkdj: message-id=<[email protected]>
1 Mar 1 12:25:09 vmi514622 postfix/cleanup[1200919]: 4Dpybn49tpzPkdg: message-id=<[email protected]>
1 Mar 1 21:49:08 vmi514622 postfix/qmgr[46456]: 4DqC6V1qxxzPkbt: removed
1 Mar 1 21:34:51 vmi514622 postfix/pipe[1222768]: 4DqBp32pZTzPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0.01/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:26:52 vmi514622 postfix/qmgr[46456]: 4DpxJX12dvzPkbt: removed
1 Mar 1 12:25:09 vmi514622 postfix/cleanup[1200919]: 4Dpybn2NYMzPkbt: message-id=<[email protected]>
1 Mar 1 10:25:03 vmi514622 postfix/qmgr[46456]: 4DpvxC2tj6zPkdH: from=<[email protected]>, size=7438, nrcpt=1 (queue active)
1 Mar 1 21:49:06 vmi514622 postfix/cleanup[1223355]: 4DqC6V1qxxzPkbt: message-id=<[email protected]>
1 Mar 1 22:43:43 vmi514622 postfix/qmgr[46456]: 4DqDKW28dzzPkbt: from=<[email protected]>, size=6124, nrcpt=1 (queue active)
1 Mar 1 10:25:03 vmi514622 postfix/qmgr[46456]: 4DpvxC2tj6zPkdH: removed
1 Mar 1 04:00:08 vmi514622 postfix/cleanup[1178958]: 4DplP44YsczPkdg: message-id=<[email protected]>
1 Mar 1 10:54:17 vmi514622 postfix/cleanup[1197185]: 4DpwZx1CnxzPkbt: message-id=<[email protected]>
1 Mar 1 20:55:34 vmi514622 postfix/qmgr[46456]: 4Dq9wk33zVzPkdg: removed
1 Mar 1 20:45:09 vmi514622 postfix/cleanup[1220774]: 4Dq9hj1vh8zPkbt: message-id=<[email protected]>
1 Mar 1 11:20:47 vmi514622 postfix/qmgr[46456]: 4Dpx9T2Y3BzPkbt: removed
1 Mar 1 20:45:10 vmi514622 postfix/qmgr[46456]: 4Dq9hk16kBzPkdg: removed
1 Mar 1 11:25:09 vmi514622 postfix/cleanup[1198541]: 4DpxGY2lHyzPkbt: message-id=<[email protected]>
1 Mar 1 11:25:52 vmi514622 postfix/qmgr[46456]: 4DpxHN45bqzPkdg: removed
1 Mar 1 10:54:17 vmi514622 postfix/qmgr[46456]: 4DpwZx1CnxzPkbt: removed
1 Mar 1 16:50:20 vmi514622 postfix/qmgr[46456]: 4Dq4Tl4g7GzPkbt: removed
1 Mar 1 11:20:47 vmi514622 postfix/qmgr[46456]: 4Dpx9W0njGzPkdg: from=<[email protected]>, size=23083, nrcpt=1 (queue active)
1 Mar 1 04:01:02 vmi514622 postfix/qmgr[46456]: 4DplQ65lDTzPkdg: from=<[email protected]>, size=855, nrcpt=1 (queue active)
1 Mar 1 10:25:02 vmi514622 postfix/qmgr[46456]: 4DpvxB4jmRzPkbt: from=<[email protected]>, size=6055, nrcpt=1 (queue active)
1 Mar 1 12:25:09 vmi514622 postfix/qmgr[46456]: 4Dpybn2NYMzPkbt: from=<[email protected]>, size=1318, nrcpt=1 (queue active)
1 Mar 1 17:37:06 vmi514622 postfix/qmgr[46456]: 4Dq5Wk2KFMzPkdg: from=<[email protected]>, size=96198, nrcpt=1 (queue active)
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ80YwqzPkdc: from=<[email protected]>, size=2223, nrcpt=1 (queue active)
1 Mar 1 17:34:49 vmi514622 postfix/pipe[1213041]: 4Dq5T474YtzPkdg: to=<[email protected]>, relay=dovecot, delay=0.1, delays=0.03/0.02/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 21:49:08 vmi514622 postfix/qmgr[46456]: 4DqC6X1tg2zPkdg: from=<[email protected]>, size=7651, nrcpt=1 (queue active)
1 Mar 1 06:26:20 vmi514622 postfix/local[1185425]: 4Dppdm1TB7zPkdc: to=<[email protected]>, relay=local, delay=0.03, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as 4Dppdm1cvrzPkdj)
1 Mar 1 04:01:04 vmi514622 postfix/cleanup[1178958]: 4DplQ80YwqzPkdc: message-id=<[email protected]>
1 Mar 1 20:45:10 vmi514622 postfix/cleanup[1220774]: 4Dq9hk16kBzPkdg: message-id=<[email protected]>
1 Mar 1 11:36:23 vmi514622 postfix/pipe[1198903]: 4DpxWV6dHtzPkdg: to=<[email protected]>, relay=dovecot, delay=0.08, delays=0.01/0.02/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:18:37 vmi514622 postfix/pipe[1198261]: 4Dpx711q91zPkdg: to=<[email protected]>, relay=dovecot, delay=0.16, delays=0.03/0.04/0/0.09, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:20:45 vmi514622 postfix/qmgr[46456]: 4Dpx9T2Y3BzPkbt: from=<[email protected]>, size=21700, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/pipe[1196674]: 4DpwHc5S2xzPkdg: to=<[email protected]>, relay=dovecot, delay=0.07, delays=0.01/0.01/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 12:09:26 vmi514622 postfix/pipe[1200352]: 4DpyFf5PhZzPkdg: to=<[email protected]>, relay=dovecot, delay=0.15, delays=0.01/0.02/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 17:34:49 vmi514622 postfix/qmgr[46456]: 4Dq5Sy23z9zPkbt: removed
1 Mar 1 11:35:36 vmi514622 postfix/cleanup[1198898]: 4DpxVc5dHhzPkbt: message-id=<[email protected]>
1 Mar 1 11:36:22 vmi514622 postfix/cleanup[1198898]: 4DpxWV3rTNzPkbt: message-id=<[email protected]>
1 Mar 1 20:45:10 vmi514622 postfix/qmgr[46456]: 4Dq9hj1vh8zPkbt: removed
1 Mar 1 04:00:06 vmi514622 postfix/pickup[1177877]: 4DplP2288zzPkdg: uid=0 from=<root>
1 Mar 1 10:30:29 vmi514622 postfix/cleanup[1196156]: 4Dpw3T3XCYzPkbt: message-id=<[email protected]>
1 Mar 1 10:28:10 vmi514622 postfix/cleanup[1196074]: 4Dpw0p0QkkzPkbt: message-id=<[email protected]>
1 Mar 1 12:20:56 vmi514622 postfix/qmgr[46456]: 4DpyVw3JlSzPkdg: removed
1 Mar 1 17:37:05 vmi514622 postfix/cleanup[1213164]: 4Dq5Wj33ZnzPkbt: message-id=<CACBSb5ZvgNzda5Bwz_UKqsvBpDvreak4g+UgwCTfQrVSnLrW=g@mail.gmail.com>
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ80YwqzPkdc: removed
1 Mar 1 04:00:08 vmi514622 postfix/qmgr[46456]: 4DplP2288zzPkdg: removed
1 Mar 1 06:26:16 vmi514622 postfix/cleanup[1185400]: 4Dppdh3zd9zPkdg: message-id=<[email protected]>
1 Mar 1 12:20:56 vmi514622 postfix/qmgr[46456]: 4DpyVp4G02zPkbt: removed
1 Mar 1 20:55:34 vmi514622 postfix/qmgr[46456]: 4Dq9wk33zVzPkdg: from=<[email protected]>, size=7649, nrcpt=1 (queue active)
1 Mar 1 12:24:23 vmi514622 postfix/qmgr[46456]: 4DpyZv4FZTzPkdg: from=<[email protected]>, size=6965, nrcpt=1 (queue active)
1 Mar 1 22:43:43 vmi514622 postfix/cleanup[1225466]: 4DqDKW28dzzPkbt: message-id=<[email protected]>
1 Mar 1 04:00:06 vmi514622 postfix/cleanup[1178958]: 4DplP2288zzPkdg: message-id=<[email protected]>
1 Mar 1 03:30:03 vmi514622 postfix/cleanup[1177579]: 4DpkkM0BsnzPkdc: message-id=<[email protected]>
1 Mar 1 11:20:47 vmi514622 postfix/qmgr[46456]: 4Dpx9W0njGzPkdg: removed
1 Mar 1 10:28:10 vmi514622 postfix/qmgr[46456]: 4Dpw0p0QkkzPkbt: removed
1 Mar 1 11:18:35 vmi514622 postfix/cleanup[1198256]: 4Dpx6z6dVszPkbt: message-id=<[email protected]>
1 Mar 1 04:01:02 vmi514622 postfix/cleanup[1178958]: 4DplQ65lDTzPkdg: message-id=<[email protected]>
1 Mar 1 03:30:06 vmi514622 postfix/cleanup[1177579]: 4DpkkQ5nLqzPkdj: message-id=<[email protected]>
1 Mar 1 11:36:23 vmi514622 postfix/qmgr[46456]: 4DpxWV6dHtzPkdg: removed
1 Mar 1 10:28:10 vmi514622 postfix/cleanup[1196074]: 4Dpw0p6CRPzPkdM: message-id=<[email protected]>
1 Mar 1 17:37:06 vmi514622 postfix/pipe[1213175]: 4Dq5Wk2KFMzPkdg: to=<[email protected]>, relay=dovecot, delay=0.07, delays=0.01/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:25:52 vmi514622 postfix/cleanup[1198541]: 4DpxHN1Y3nzPkbt: message-id=<[email protected]>
1 Mar 1 10:24:25 vmi514622 postfix/qmgr[46456]: 4DpvwS4Jv6zPkbt: removed
1 Mar 1 15:25:10 vmi514622 postfix/qmgr[46456]: 4Dq2bV1DXMzPkbt: from=<[email protected]>, size=6101, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/qmgr[46456]: 4DpwHc24GqzPkbt: removed
1 Mar 1 20:45:10 vmi514622 postfix/smtp[1220779]: 4Dq9hk16kBzPkdg: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[108.177.126.27]:25, delay=0.57, delays=0.01/0.02/0.13/0.41, dsn=2.0.0, status=sent (250 2.0.0 OK 1614627910 i12si11266553ejr.344 - gsmtp)
1 Mar 1 09:04:18 vmi514622 postfix/pipe[1192514]: 4Dpt8227gKzPkcx: to=<[email protected]>, relay=dovecot, delay=0.1, delays=0.01/0.01/0/0.08, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ65lDTzPkdg: removed
1 Mar 1 03:30:03 vmi514622 postfix/qmgr[46456]: 4DpkkM0BsnzPkdc: from=<[email protected]>, size=1299, nrcpt=1 (queue active)
1 Mar 1 11:25:09 vmi514622 postfix/pipe[1198546]: 4DpxGY5ZdtzPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0.01/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 10:36:33 vmi514622 postfix/pipe[1196443]: 4DpwBT5nq3zPkdb: to=<[email protected]>, relay=dovecot, delay=0.14, delays=0.02/0.02/0/0.11, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 11:20:45 vmi514622 postfix/cleanup[1198341]: 4Dpx9T2Y3BzPkbt: message-id=<[email protected]>
1 Mar 1 23:12:41 vmi514622 postfix/qmgr[46456]: 4DqDyq4pnFzPkbt: removed
1 Mar 1 23:12:35 vmi514622 postfix/qmgr[46456]: 4DqDyq4pnFzPkbt: from=<[email protected]>, size=6163, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/qmgr[46456]: 4DpwHc24GqzPkbt: from=<[email protected]>, size=3324, nrcpt=1 (queue active)
1 Mar 1 12:20:56 vmi514622 postfix/cleanup[1200775]: 4DpyVw3JlSzPkdg: message-id=<[email protected]>
1 Mar 1 20:45:10 vmi514622 postfix/qmgr[46456]: 4Dq9hk16kBzPkdg: from=<[email protected]>, size=1968, nrcpt=1 (queue active)
1 Mar 1 10:25:03 vmi514622 postfix/pipe[1195937]: 4DpvxC2tj6zPkdH: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0/0.02/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 12:20:50 vmi514622 postfix/cleanup[1200775]: 4DpyVp4G02zPkbt: message-id=<[email protected]>
1 Mar 1 12:09:14 vmi514622 postfix/qmgr[46456]: 4DpyFQ6K9pzPkbt: from=<[email protected]>, size=3324, nrcpt=1 (queue active)
1 Mar 1 10:30:30 vmi514622 postfix/qmgr[46456]: 4Dpw3V0k5lzPkdW: removed
1 Mar 1 11:26:52 vmi514622 postfix/cleanup[1198541]: 4DpxJX3v27zPkdg: message-id=<[email protected]>
1 Mar 1 20:55:34 vmi514622 postfix/pipe[1221178]: 4Dq9wk33zVzPkdg: to=<[email protected]>, relay=dovecot, delay=0.13, delays=0.01/0.02/0/0.1, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 15:25:21 vmi514622 postfix/qmgr[46456]: 4Dq2bj19CbzPkdg: from=<[email protected]>, size=7458, nrcpt=1 (queue active)
1 Mar 1 12:09:26 vmi514622 postfix/cleanup[1200333]: 4DpyFf5PhZzPkdg: message-id=<[email protected]>
1 Mar 1 23:12:41 vmi514622 postfix/qmgr[46456]: 4DqDyx2nnczPkdg: removed
1 Mar 1 11:26:52 vmi514622 postfix/pipe[1198546]: 4DpxJX3v27zPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0/0.02/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 09:04:18 vmi514622 postfix/qmgr[46456]: 4Dpt813WSdzPkbt: removed
1 Mar 1 04:00:08 vmi514622 postfix/qmgr[46456]: 4DplP43wYCzPkdc: from=<[email protected]>, size=2769, nrcpt=1 (queue active)
1 Mar 1 12:24:23 vmi514622 postfix/pipe[1200924]: 4DpyZv4FZTzPkdg: to=<[email protected]>, relay=dovecot, delay=0.07, delays=0.01/0.02/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 06:26:20 vmi514622 postfix/qmgr[46456]: 4Dppdm1TB7zPkdc: from=<[email protected]>, size=32737, nrcpt=1 (queue active)
1 Mar 1 21:20:25 vmi514622 postfix/qmgr[46456]: 4DqBTN6l1SzPkdg: removed
1 Mar 1 11:35:37 vmi514622 postfix/qmgr[46456]: 4DpxVc5dHhzPkbt: removed
1 Mar 1 16:50:20 vmi514622 postfix/cleanup[1211187]: 4Dq4Tm5kDYzPkdg: message-id=<[email protected]>
1 Mar 1 10:29:55 vmi514622 postfix/qmgr[46456]: 4Dpw2p75TJzPkbt: removed
1 Mar 1 03:30:06 vmi514622 postfix/qmgr[46456]: 4DpkkM0BsnzPkdc: removed
1 Mar 1 12:24:23 vmi514622 postfix/cleanup[1200919]: 4DpyZv01YCzPkbt: message-id=<[email protected]>
1 Mar 1 10:30:30 vmi514622 postfix/qmgr[46456]: 4Dpw3V0k5lzPkdW: from=<[email protected]>, size=6965, nrcpt=1 (queue active)
1 Mar 1 22:43:50 vmi514622 postfix/cleanup[1225466]: 4DqDKf3H3CzPkdg: message-id=<[email protected]>
1 Mar 1 10:36:33 vmi514622 postfix/qmgr[46456]: 4DpwBT0K56zPkbt: from=<[email protected]>, size=3325, nrcpt=1 (queue active)
1 Mar 1 20:14:17 vmi514622 postfix/qmgr[46456]: 4Dq9152GSBzPkbt: from=<[email protected]>, size=6271, nrcpt=1 (queue active)
1 Mar 1 10:24:24 vmi514622 postfix/qmgr[46456]: 4DpvwS4Jv6zPkbt: from=<[email protected]>, size=6054, nrcpt=1 (queue active)
1 Mar 1 06:26:20 vmi514622 postfix/pipe[1185426]: 4Dppdm1cvrzPkdj: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.14, delays=0/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 23:12:41 vmi514622 postfix/pipe[1226661]: 4DqDyx2nnczPkdg: to=<[email protected]>, relay=dovecot, delay=0.05, delays=0/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 06:26:16 vmi514622 postfix/qmgr[46456]: 4Dppdh3zd9zPkdg: from=<[email protected]>, size=31358, nrcpt=1 (queue active)
1 Mar 1 10:30:30 vmi514622 postfix/qmgr[46456]: 4Dpw3T3XCYzPkbt: removed
1 Mar 1 21:20:24 vmi514622 postfix/qmgr[46456]: 4DqBTN6l1SzPkdg: from=<[email protected]>, size=7484, nrcpt=1 (queue active)
1 Mar 1 10:41:00 vmi514622 postfix/qmgr[46456]: 4DpwHc5S2xzPkdg: removed
1 Mar 1 04:00:06 vmi514622 postfix/qmgr[46456]: 4DplP2288zzPkdg: from=<[email protected]>, size=1389, nrcpt=1 (queue active)
1 Mar 1 21:34:51 vmi514622 postfix/qmgr[46456]: 4DqBp32pZTzPkdg: from=<[email protected]>, size=7647, nrcpt=1 (queue active)
1 Mar 1 17:34:49 vmi514622 postfix/cleanup[1213036]: 4Dq5T474YtzPkdg: message-id=<[email protected]>
1 Mar 1 06:26:16 vmi514622 postfix/pickup[1182116]: 4Dppdh3zd9zPkdg: uid=0 from=<root>
1 Mar 1 03:30:06 vmi514622 postfix/local[1177589]: 4DpkkQ5bHKzPkdg: to=<[email protected]>, relay=local, delay=0.03, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as 4DpkkQ5nLqzPkdj)
1 Mar 1 03:30:07 vmi514622 postfix/pipe[1177591]: 4DpkkQ5nLqzPkdj: to=<[email protected]>, orig_to=<[email protected]>, relay=dovecot, delay=0.19, delays=0/0.01/0/0.18, dsn=2.0.0, status=sent (delivered via dovecot service)
1 Mar 1 04:01:04 vmi514622 postfix/qmgr[46456]: 4DplQ80f1PzPkdj: from=<[email protected]>, size=2383, nrcpt=1 (queue active)
1 Mar 1 10:28:10 vmi514622 postfix/qmgr[46456]: 4Dpw0p6CRPzPkdM: from=
---------------------- Postfix End -------------------------
--------------------- rsyslogd Begin ------------------------
Rsyslogd actions suspended:
action-6-builtin:omfile (builtin:omfile): 15531 Times
Rsyslogd actions resumed
action-6-builtin:omfile (builtin:omfile): 14120 Times
**** Unmatched entries ****
file '/var/log/fail2ban.log': open error: Permission denied [v8.2001.0 try https://www.rsyslog.com/e/2433 ] : 1 Times
---------------------- rsyslogd End -------------------------
我不确定,但我在某处读到 UFW 能够在 30 秒窗口内阻止来自一个 IP 的失败登录次数。我不知道,但在日志中确实有数百次尝试。或者是防火墙还没有设置时的日志?我大约 12 小时前设置的。我的防火墙对吗?非常感谢您的帮助。
那只是正常的噪音
www
。如果您使用强密码,则无需担心。但是,您应该采取一些措施来降低噪音并使您的服务器更安全:
root
登录,而是以普通用户身份登录并使用sudo
.password
登录并pubkey
仅使用 -authenticationssh
为更高的端口号(确保在防火墙中允许它)。fail2ban
以至少延迟这些尝试。另请参阅以获取更多信息。
ufw limit
并且fail2ban
很高兴拥有,但攻击者知道这些限制并进行尽可能多的尝试,以免被阻止。通常这些随机攻击是通过一些被接管的随机服务器的僵尸网络完成的,因此限制每个 IP 尝试的效果是有限的。