最近我公司技(jì)術(shù)人(rén)員發現,我們的服務器(qì)受到多(duō)個(gè)國家(jiā)黑(hēi)客攻擊,百度搜索一下發現,由于俄烏沖突,大(dà)量黑(hēi)客暴力破解中國的服務器(qì),通(tōng)過控制(zhì)中國服務器(qì),向俄羅斯發出各類攻擊信息,在此提醒國內(nèi)的技(jì)術(shù)人(rén)員,加強網絡安全措施,不要中了惡勢力的黑(hēi)招。
下面列舉一下昨天的暴力破解的日志(zhì)信息:
[root@website01 ~]# lastb -30
root ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
root ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
root ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
root ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
root ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
root ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
room ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
room ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
room ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
room ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
room ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
room ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
room ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
room ssh:notty 167.172.184.252 Sat Apr 23 16:54 - 16:54 (00:00)
root ssh:notty 127.0.0.1 Sat Apr 23 10:52 - 10:52 (00:00)
mx ssh:notty 104.248.30.201 Fri Apr 15 14:32 - 14:32 (00:00)
mxuser ssh:notty 104.248.30.201 Fri Apr 15 14:32 - 14:32 (00:00)
mxuser ssh:notty 104.248.30.201 Fri Apr 15 14:32 - 14:32 (00:00)
mxintadm ssh:notty 104.248.30.201 Fri Apr 15 14:32 - 14:32 (00:00)
mxintadm ssh:notty 104.248.30.201 Fri Apr 15 14:32 - 14:32 (00:00)
[root@mail ~]# lastb -30
zzzezhar ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzzezhar ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzy ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzy ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzy ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzy ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzy ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzq ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzy ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzq ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzq ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzn ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzq ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzn ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzgong ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzgong ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzgong ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzgong ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzgong ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzgong ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zzg ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
zz ssh:notty 138.68.106.113 Sat Apr 23 10:16 - 10:16 (00:00)
友(yǒu)情提醒:遇到上(shàng)面的暴力破解,linux系統直接将這個(gè)IP拉黑(hēi)即可(kě),具體(tǐ)命令舉例如下(拉黑(hēi)IP:138.68.106.113):
iptables -I INPUT -s 138.68.106.113 -j DROP
如果有(yǒu)其它問題可(kě)與我們聯系。