Personal tools
You are here: Home maruz.net blog ブルートフォースアタックに対抗
« April 2024 »
Su Mo Tu We Th Fr Sa
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        
About this blog
戸塚鯖改めとある山中にある鯖からお届けするどーでもいいよーなBlog
Recent comments
Re:エヴォ直った dragon77 slot 2023-11-26
Re:Linuxコマンドメモとか(find、mv) truffe fraiche achat 2023-03-30
Re:エヴォ直った pragmaticplay 2023-01-06
Re:エヴォ直った ceri 138 2022-11-27
Re:模様替え cctv drain survey woking 2022-08-11
Recent trackbacks
ECS 4.0 に対応した ATAmazon takalog 2008-04-15
北海道の積丹は、これから夏がシーズン旨いもの食べること出来ます 特にうにが一番です 北海道札幌から始まり全道の観光地、観光名所、市町村の情報紹介 2007-07-24
北海道利尻島は、北海道の美味しいうにや魚が食べることが出来 観光名所もたくさんある観光地です 北海道札幌から始まり全道の観光地、観光名所、市町村の情報紹介 2007-07-22
北海道広尾町は、いつも峠越えで行ってましたがたまには黄金道路いいですね 広尾町は観光できますし 海産物も美味しいですね 北海道札幌から始まり全道の観光地、観光名所、市町村の情報紹介 2007-07-21
ラベンダーといえば北海道の富良野ですね この富良野は観光名所であり 北海道観光の目玉ツアーの1つです 北海道札幌から始まり全道の観光地、観光名所、市町村の情報紹介 2007-07-19
Categories
RBR (3)
CBR1100XX (13)
KDX250SR (6)
バイクネタ (70)
ツーリング (16)
エヴォIV (49)
べるさん (16)
物欲 (32)
鯖立て (9)
Zope&Plone (13)
スキー (46)
WORKS (9)
PC (9)
雑記 (117)
moblog (72)
iPhone (5)
走行会とか (9)
平均価格 ランキング
swf images
 
2008/02/16
Document Actions

ブルートフォースアタックに対抗

IPホイホイ本格稼働ww

Category(s)
鯖立て
Zope&Plone

 いやー、アタック来てるわ来てるわw 昔は ssh だけだった(と思った)のですが、最近は ftp にまでも・・・(;´Д`)

 ※↓ sshのログ

2008-02-16 19:55:43.305903500 Failed password for root from 220.227.149.240 port 54310 ssh2
2008-02-16 19:55:43.852357500 Could not reverse map address 220.227.149.240.
2008-02-16 19:55:44.942319500 Received disconnect from 220.227.149.240: 11: Bye Bye
2008-02-16 19:55:44.944846500 tcpserver: end 23600 status 65280
2008-02-16 19:55:44.944859500 tcpserver: status: 0/3
2008-02-16 19:55:45.425903500 tcpserver: status: 1/3
2008-02-16 19:55:45.426067500 tcpserver: pid 23602 from 220.227.149.240
2008-02-16 19:55:45.428029500 tcpserver: ok 23602 ns1.maruz.net:192.168.1.2:22 :220.227.149.240::54913
2008-02-16 19:55:48.466449500 Failed password for postgres from 220.227.149.240 port 54913 ssh2
2008-02-16 19:55:48.473409500 Could not reverse map address 220.227.149.240.
2008-02-16 19:55:49.025943500 Received disconnect from 220.227.149.240: 11: Bye Bye
2008-02-16 19:55:49.028646500 tcpserver: end 23602 status 65280
2008-02-16 19:55:49.028754500 tcpserver: status: 0/3
2008-02-16 19:55:49.513898500 tcpserver: status: 1/3
2008-02-16 19:55:49.514345500 tcpserver: pid 23604 from 220.227.149.240
2008-02-16 19:55:49.516848500 tcpserver: ok 23604 ns1.maruz.net:192.168.1.2:22 :220.227.149.240::55460
2008-02-16 19:55:52.567030500 input_userauth_request: illegal user accept
2008-02-16 19:55:52.567189500 Failed password for illegal user accept from 220.227.149.240 port 55460 ssh2
2008-02-16 19:55:52.573715500 Could not reverse map address 220.227.149.240.
2008-02-16 19:55:53.060667500 Received disconnect from 220.227.149.240: 11: Bye Bye
2008-02-16 19:55:53.063184500 tcpserver: end 23604 status 65280
2008-02-16 19:55:53.063196500 tcpserver: status: 0/3
2008-02-16 19:55:53.549249500 tcpserver: status: 1/3
2008-02-16 19:55:53.549467500 tcpserver: pid 23606 from 220.227.149.240
2008-02-16 19:55:53.551231500 tcpserver: ok 23606 ns1.maruz.net:192.168.1.2:22 :220.227.149.240::56028
2008-02-16 19:55:56.583752500 input_userauth_request: illegal user leo
2008-02-16 19:55:56.583945500 Failed password for illegal user leo from 220.227.149.240 port 56028 ssh2
2008-02-16 19:55:56.590482500 Could not reverse map address 220.227.149.240.
2008-02-16 19:55:57.069369500 Received disconnect from 220.227.149.240: 11: Bye Bye
2008-02-16 19:55:57.071888500 tcpserver: end 23606 status 65280
2008-02-16 19:55:57.071998500 tcpserver: status: 0/3
2008-02-16 19:56:00.550304500 tcpserver: status: 1/3

※ ↓ftp のログ

Feb  3 08:45:04 ns1 proftpd[1892]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - Maximum login attempts (3) exceeded
Feb  3 08:45:16 ns1 proftpd[1900]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - USER Administrator: no such user found from 62.99.164.138.sh.interxion.inode.at [62.99.164.138] to 192.168.1.2:21
Feb  3 08:45:17 ns1 last message repeated 2 times
Feb  3 08:45:17 ns1 proftpd[1900]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - Maximum login attempts (3) exceeded
Feb  3 08:45:28 ns1 proftpd[1901]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - USER Administrator: no such user found from 62.99.164.138.sh.interxion.inode.at [62.99.164.138] to 192.168.1.2:21
Feb  3 08:45:30 ns1 last message repeated 2 times
Feb  3 08:45:30 ns1 proftpd[1901]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - Maximum login attempts (3) exceeded
Feb  3 08:45:41 ns1 proftpd[1902]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - USER Administrator: no such user found from 62.99.164.138.sh.interxion.inode.at [62.99.164.138] to 192.168.1.2:21
Feb  3 08:45:43 ns1 last message repeated 2 times
Feb  3 08:45:43 ns1 proftpd[1902]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - Maximum login attempts (3) exceeded
Feb  3 08:45:55 ns1 proftpd[1903]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - USER Administrator: no such user found from 62.99.164.138.sh.interxion.inode.at [62.99.164.138] to 192.168.1.2:21
Feb  3 08:45:56 ns1 last message repeated 2 times
Feb  3 08:45:56 ns1 proftpd[1903]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - Maximum login attempts (3) exceeded

 ということで、ftp と ssh に対して本格対処しました。今度は前々から構想のあった「IPホイホイ」付きでw

 IPホイホイでアタックを仕掛けてきたヴァカIPを晒していますが、そのIPに対して田代h(ry とか うぃ(ry とかやっちゃだめだぞ?いいか?絶対だぞ?やるなよ?!wwwww
 

Related content
by maru posted at 2008-02-16 23:55 last modified 2008-02-19 22:57
The URL to Trackback this entry is:
http://www.maruz.net/blog/179/tbping
Add comment

You can add a comment by filling out the form below. Plain text formatting.

(Required)
(Required)
(Required)