鯖立て
Up one level秘境鯖(謎)メンテナンスネタ、Linux関連のネタなど。
2008/02/16
ブルートフォースアタックに対抗
IPホイホイ本格稼働ww
- Category(s)
- 鯖立て
- Zope&Plone
いやー、アタック来てるわ来てるわw 昔は ssh だけだった(と思った)のですが、最近は ftp にまでも・・・(;´Д`)
※↓ sshのログ
2008-02-16 19:55:43.305903500 Failed password for root from 220.227.149.240 port 54310 ssh2
2008-02-16 19:55:43.852357500 Could not reverse map address 220.227.149.240.
2008-02-16 19:55:44.942319500 Received disconnect from 220.227.149.240: 11: Bye Bye
2008-02-16 19:55:44.944846500 tcpserver: end 23600 status 65280
2008-02-16 19:55:44.944859500 tcpserver: status: 0/3
2008-02-16 19:55:45.425903500 tcpserver: status: 1/3
2008-02-16 19:55:45.426067500 tcpserver: pid 23602 from 220.227.149.240
2008-02-16 19:55:45.428029500 tcpserver: ok 23602 ns1.maruz.net:192.168.1.2:22 :220.227.149.240::54913
2008-02-16 19:55:48.466449500 Failed password for postgres from 220.227.149.240 port 54913 ssh2
2008-02-16 19:55:48.473409500 Could not reverse map address 220.227.149.240.
2008-02-16 19:55:49.025943500 Received disconnect from 220.227.149.240: 11: Bye Bye
2008-02-16 19:55:49.028646500 tcpserver: end 23602 status 65280
2008-02-16 19:55:49.028754500 tcpserver: status: 0/3
2008-02-16 19:55:49.513898500 tcpserver: status: 1/3
2008-02-16 19:55:49.514345500 tcpserver: pid 23604 from 220.227.149.240
2008-02-16 19:55:49.516848500 tcpserver: ok 23604 ns1.maruz.net:192.168.1.2:22 :220.227.149.240::55460
2008-02-16 19:55:52.567030500 input_userauth_request: illegal user accept
2008-02-16 19:55:52.567189500 Failed password for illegal user accept from 220.227.149.240 port 55460 ssh2
2008-02-16 19:55:52.573715500 Could not reverse map address 220.227.149.240.
2008-02-16 19:55:53.060667500 Received disconnect from 220.227.149.240: 11: Bye Bye
2008-02-16 19:55:53.063184500 tcpserver: end 23604 status 65280
2008-02-16 19:55:53.063196500 tcpserver: status: 0/3
2008-02-16 19:55:53.549249500 tcpserver: status: 1/3
2008-02-16 19:55:53.549467500 tcpserver: pid 23606 from 220.227.149.240
2008-02-16 19:55:53.551231500 tcpserver: ok 23606 ns1.maruz.net:192.168.1.2:22 :220.227.149.240::56028
2008-02-16 19:55:56.583752500 input_userauth_request: illegal user leo
2008-02-16 19:55:56.583945500 Failed password for illegal user leo from 220.227.149.240 port 56028 ssh2
2008-02-16 19:55:56.590482500 Could not reverse map address 220.227.149.240.
2008-02-16 19:55:57.069369500 Received disconnect from 220.227.149.240: 11: Bye Bye
2008-02-16 19:55:57.071888500 tcpserver: end 23606 status 65280
2008-02-16 19:55:57.071998500 tcpserver: status: 0/3
2008-02-16 19:56:00.550304500 tcpserver: status: 1/3
※ ↓ftp のログ
Feb 3 08:45:04 ns1 proftpd[1892]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - Maximum login attempts (3) exceeded
Feb 3 08:45:16 ns1 proftpd[1900]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - USER Administrator: no such user found from 62.99.164.138.sh.interxion.inode.at [62.99.164.138] to 192.168.1.2:21
Feb 3 08:45:17 ns1 last message repeated 2 times
Feb 3 08:45:17 ns1 proftpd[1900]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - Maximum login attempts (3) exceeded
Feb 3 08:45:28 ns1 proftpd[1901]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - USER Administrator: no such user found from 62.99.164.138.sh.interxion.inode.at [62.99.164.138] to 192.168.1.2:21
Feb 3 08:45:30 ns1 last message repeated 2 times
Feb 3 08:45:30 ns1 proftpd[1901]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - Maximum login attempts (3) exceeded
Feb 3 08:45:41 ns1 proftpd[1902]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - USER Administrator: no such user found from 62.99.164.138.sh.interxion.inode.at [62.99.164.138] to 192.168.1.2:21
Feb 3 08:45:43 ns1 last message repeated 2 times
Feb 3 08:45:43 ns1 proftpd[1902]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - Maximum login attempts (3) exceeded
Feb 3 08:45:55 ns1 proftpd[1903]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - USER Administrator: no such user found from 62.99.164.138.sh.interxion.inode.at [62.99.164.138] to 192.168.1.2:21
Feb 3 08:45:56 ns1 last message repeated 2 times
Feb 3 08:45:56 ns1 proftpd[1903]: ns1.maruz.net (62.99.164.138.sh.interxion.inode.at[62.99.164.138]) - Maximum login attempts (3) exceeded
ということで、ftp と ssh に対して本格対処しました。今度は前々から構想のあった「IPホイホイ」付きでw
IPホイホイでアタックを仕掛けてきたヴァカIPを晒していますが、そのIPに対して田代h(ry とか うぃ(ry とかやっちゃだめだぞ?いいか?絶対だぞ?やるなよ?!wwwww
by
maru
—
posted at
2008-02-16 23:55
last modified
2008-02-19 22:57
- The URL to Trackback this entry is:
- http://www.maruz.net/blog/179/tbping