V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
Havee
V2EX  ›  问与答

浙江成肉鸡窝了?

  •  
  •   Havee · 2015-02-04 09:53:44 +08:00 · 5825 次点击
    这是一个创建于 3579 天前的主题,其中的信息可能已经有所发展或是发生改变。
    昨晚刚撸了一台韩国的vps,firewall-cmd 加了两条规则,开了一个服务以及一个端口
    结果,今天过来一看

    [root@v2k ~]# lastb | awk '{print $3}' | sort | uniq -c | sort -n | sed '1,2d'
    153 218.2.0.135
    257 8.254.73.28
    362 115.239.228.7
    615 182.100.67.112
    617 183.136.216.4
    1201 115.239.228.15
    1266 115.231.222.45
    1429 115.231.222.176
    1580 115.239.228.4
    1655 115.239.228.12
    1749 183.136.216.3
    1997 115.239.228.9
    2639 115.239.228.6
    2650 115.239.228.11
    2805 115.230.126.151
    3067 115.239.228.35
    3076 115.231.218.130
    3083 115.239.228.16
    3225 115.239.228.14
    3261 182.100.67.114
    3364 115.231.223.170
    3513 115.239.228.13
    4398 115.231.218.131
    4672 115.239.228.34

    嗯,全部浙江的 ip,何必呢,人家是限密码登录的,真想一口气将这些ip全部封了
    30 条回复    2015-02-04 20:11:20 +08:00
    bellchu
        1
    bellchu  
       2015-02-04 10:01:14 +08:00
    我昨天新开的一个服务器,只准备做个nginx的cache,还没上线。
    收获这么多IP
    REJECT all -- 103.41.124.40 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.33 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.56 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 61.174.49.106 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.45 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 50.63.185.226 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.61 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.16 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 182.100.67.115 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.50 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.111 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 62.210.113.184 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 58.218.213.249 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.18 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 220.191.204.238 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.32 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.104 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.26 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 218.65.30.107 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.25 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.21 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.58 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.30 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.102 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.39 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.31 0.0.0.0/0 reject-with icmp-port-unreachable
    REJECT all -- 103.41.124.103 0.0.0.0/0 reject-with icmp-port-unreachable
    xiaozhizhu1997
        2
    xiaozhizhu1997  
       2015-02-04 10:14:54 +08:00 via Android
    星光互联那家么。。。
    我有个OAH尼玛被世界各地甚至非洲的IP光顾啊…
    bellchu
        3
    bellchu  
       2015-02-04 10:16:56 +08:00
    @xiaozhizhu1997 有做黄站的潜质
    lonelygo
        4
    lonelygo  
       2015-02-04 10:17:26 +08:00
    不稀奇,看看这个:
    Illegal users from:
    undef: 45 times
    50.20.209.110: 1 time
    66.186.252.60 (dslsubs15-60.eatel.net): 1 time
    72.205.202.108 (wsip-72-205-202-108.no.no.cox.net): 1 time
    87.106.242.123 (s15347945.onlinehome-server.info): 39 times
    103.249.205.246: 1 time
    107.4.7.193 (c-107-4-7-193.hsd1.nm.comcast.net): 1 time
    112.78.3.196 (vps3d196-static.vdrs.net): 2 times
    115.238.55.163: 7 times
    124.158.215.84: 1 time
    149.129.21.126: 1 time
    149.129.28.76: 1 time
    149.129.41.27: 1 time
    184.75.119.243 (rrcs-184-75-119-243.nyc.biz.rr.com): 1 time
    184.183.167.206 (wsip-184-183-167-206.sd.sd.cox.net): 1 time
    195.238.181.159 (159.181.238.195.in-addr.arpa): 1 time
    200.84.139.203 (200.84.139-203.dyn.dsl.cantv.net): 1 time
    202.147.196.234 (ip-196-234.infokom.net): 1 time
    204.45.127.10: 13 times
    206.192.242.146 (dhcp242.146.minetfiber.net): 1 time
    Havee
        5
    Havee  
    OP
       2015-02-04 10:20:26 +08:00
    @lonelygo
    @xiaozhizhu1997
    @bellchu
    刚写个脚本,1分钟超过10次的,统统 reject,扔计划任务里去了
    bellchu
        6
    bellchu  
       2015-02-04 10:41:10 +08:00
    @Havee 我是一分钟超过一次非法直接reject 24H
    lonelygo
        7
    lonelygo  
       2015-02-04 11:10:18 +08:00
    @Havee @bellchu 你们好狠,你们考虑过肉鸡的感受么?
    Imivan
        8
    Imivan  
       2015-02-04 11:13:44 +08:00 via Android
    哪里有肉鸡卖。
    sxd1988
        9
    sxd1988  
       2015-02-04 11:46:02 +08:00
    如果开SSH的22端口,也是有若干的温州IP一直在尝试登陆
    kiritoalex
        10
    kiritoalex  
       2015-02-04 12:10:08 +08:00 via iPhone
    真想做一个honeypot看看到底是哪种攻击……
    zachgenius
        11
    zachgenius  
       2015-02-04 12:13:54 +08:00
    昨天拉了一下lastb,我靠

    root ssh:notty 222.186.21.100 Tue Feb 3 01:12 - 01:12 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:12 - 01:12 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:12 - 01:12 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:12 - 01:12 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:12 - 01:12 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:12 - 01:12 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:12 - 01:12 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:11 - 01:11 (00:00)
    ...
    root ssh:notty 222.186.21.100 Tue Feb 3 01:01 - 01:01 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:01 - 01:01 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:01 - 01:01 (00:00)
    root ssh:notty 222.186.21.100 Tue Feb 3 01:01 - 01:01 (00:00)
    prueba ssh:notty 71-82-151-208.dh Mon Feb 2 23:57 - 23:57 (00:00)
    prueba ssh:notty 71-82-151-208.dh Mon Feb 2 23:57 - 23:57 (00:00)
    postgres ssh:notty 71-82-151-208.dh Mon Feb 2 20:46 - 20:46 (00:00)
    postgres ssh:notty 71-82-151-208.dh Mon Feb 2 20:46 - 20:46 (00:00)
    support ssh:notty 187.111.5.130 Mon Feb 2 20:14 - 20:14 (00:00)
    support ssh:notty 187.111.5.130 Mon Feb 2 20:14 - 20:14 (00:00)
    postfix ssh:notty 71-82-151-208.dh Mon Feb 2 17:34 - 17:34 (00:00)
    student ssh:notty 187.111.5.130 Mon Feb 2 17:01 - 17:01 (00:00)
    student ssh:notty 187.111.5.130 Mon Feb 2 17:01 - 17:01 (00:00)
    office ssh:notty 71-82-151-208.dh Mon Feb 2 11:32 - 11:32 (00:00)
    office ssh:notty 71-82-151-208.dh Mon Feb 2 11:32 - 11:32 (00:00)
    natalia ssh:notty 71-82-151-208.dh Mon Feb 2 08:21 - 08:21 (00:00)
    natalia ssh:notty 71-82-151-208.dh Mon Feb 2 08:21 - 08:21 (00:00)
    ......

    感觉全是江苏镇江的用脚本在跑。。。而且我的几个服务器发现这种批量的不良登陆的行为就发生从1月到现在。。。还有这帮尝试用Natalia啊什么student啊还有用dick尝试登陆的。。。
    vex911
        12
    vex911  
       2015-02-04 12:20:25 +08:00
    那个不是肉鸡吧,是阿里云服务器的IP。
    cevincheung
        13
    cevincheung  
       2015-02-04 12:23:59 +08:00
    xbmc ssh:notty Wed Feb 4 06:56 - 06:56 (00:00) ip-50-63-185-226.ip.secureserver.net
    xbian ssh:notty Wed Feb 4 06:54 - 06:54 (00:00) ip-50-63-185-226.ip.secureserver.net
    vyatta ssh:notty Wed Feb 4 06:52 - 06:52 (00:00) ip-50-63-185-226.ip.secureserver.net
    ubnt ssh:notty Wed Feb 4 06:50 - 06:50 (00:00) ip-50-63-185-226.ip.secureserver.net
    ts3srv ssh:notty Wed Feb 4 06:48 - 06:48 (00:00) ip-50-63-185-226.ip.secureserver.net
    ts3 ssh:notty Wed Feb 4 06:46 - 06:46 (00:00) ip-50-63-185-226.ip.secureserver.net
    ts ssh:notty Wed Feb 4 06:44 - 06:44 (00:00) ip-50-63-185-226.ip.secureserver.net
    test ssh:notty Wed Feb 4 06:42 - 06:42 (00:00) ip-50-63-185-226.ip.secureserver.net
    teamspea ssh:notty Wed Feb 4 06:40 - 06:40 (00:00) ip-50-63-185-226.ip.secureserver.net
    support ssh:notty Wed Feb 4 06:38 - 06:38 (00:00) ip-50-63-185-226.ip.secureserver.net
    smtp ssh:notty Wed Feb 4 06:34 - 06:34 (00:00) ip-50-63-185-226.ip.secureserver.net
    send ssh:notty Wed Feb 4 06:32 - 06:32 (00:00) ip-50-63-185-226.ip.secureserver.net
    sebastia ssh:notty Wed Feb 4 06:29 - 06:29 (00:00) ip-50-63-185-226.ip.secureserver.net
    sales ssh:notty Wed Feb 4 06:27 - 06:27 (00:00) ip-50-63-185-226.ip.secureserver.net
    postgres ssh:notty Wed Feb 4 05:57 - 05:57 (00:00) ip-50-63-185-226.ip.secureserver.net
    pi ssh:notty Wed Feb 4 05:55 - 05:55 (00:00) ip-50-63-185-226.ip.secureserver.net
    oracle ssh:notty Wed Feb 4 05:53 - 05:53 (00:00) ip-50-63-185-226.ip.secureserver.net
    nagios ssh:notty Wed Feb 4 05:51 - 05:51 (00:00) ip-50-63-185-226.ip.secureserver.net
    log ssh:notty Wed Feb 4 05:47 - 05:47 (00:00) ip-50-63-185-226.ip.secureserver.net
    karaf ssh:notty Wed Feb 4 05:45 - 05:45 (00:00) ip-50-63-185-226.ip.secureserver.net
    jack ssh:notty Wed Feb 4 05:43 - 05:43 (00:00) ip-50-63-185-226.ip.secureserver.net
    info ssh:notty Wed Feb 4 05:41 - 05:41 (00:00) ip-50-63-185-226.ip.secureserver.net
    guest ssh:notty Wed Feb 4 05:39 - 05:39 (00:00) ip-50-63-185-226.ip.secureserver.net
    ftp ssh:notty Wed Feb 4 05:34 - 05:34 (00:00) ip-50-63-185-226.ip.secureserver.net
    dreamer ssh:notty Wed Feb 4 05:32 - 05:32 (00:00) ip-50-63-185-226.ip.secureserver.net
    default ssh:notty Wed Feb 4 05:30 - 05:30 (00:00) ip-50-63-185-226.ip.secureserver.net
    debug ssh:notty Wed Feb 4 05:28 - 05:28 (00:00) ip-50-63-185-226.ip.secureserver.net
    david ssh:notty Wed Feb 4 05:26 - 05:26 (00:00) ip-50-63-185-226.ip.secureserver.net
    cisco ssh:notty Wed Feb 4 05:24 - 05:24 (00:00) ip-50-63-185-226.ip.secureserver.net
    christia ssh:notty Wed Feb 4 05:21 - 05:21 (00:00) ip-50-63-185-226.ip.secureserver.net
    bob ssh:notty Wed Feb 4 05:19 - 05:19 (00:00) ip-50-63-185-226.ip.secureserver.net
    arbab ssh:notty Wed Feb 4 05:15 - 05:15 (00:00) ip-50-63-185-226.ip.secureserver.net
    alex ssh:notty Wed Feb 4 05:13 - 05:13 (00:00) ip-50-63-185-226.ip.secureserver.net
    administ ssh:notty Wed Feb 4 05:11 - 05:11 (00:00) ip-50-63-185-226.ip.secureserver.net
    admin ssh:notty Wed Feb 4 05:09 - 05:09 (00:00) ip-50-63-185-226.ip.secureserver.net
    admin ssh:notty Wed Feb 4 05:07 - 05:07 (00:00) ip-50-63-185-226.ip.secureserver.net
    admin ssh:notty Wed Feb 4 05:04 - 05:04 (00:00) ip-50-63-185-226.ip.secureserver.net
    aaron ssh:notty Wed Feb 4 05:01 - 05:01 (00:00) ip-50-63-185-226.ip.secureserver.net
    PlcmSpIp ssh:notty Wed Feb 4 04:58 - 04:58 (00:00) ip-50-63-185-226.ip.secureserver.net
    xbmc ssh:notty Wed Feb 4 02:34 - 02:34 (00:00) 220.191.204.238
    xbian ssh:notty Wed Feb 4 02:30 - 02:30 (00:00) 220.191.204.238
    vyatta ssh:notty Wed Feb 4 02:26 - 02:26 (00:00) 220.191.204.238
    ubnt ssh:notty Wed Feb 4 02:22 - 02:22 (00:00) 220.191.204.238
    ts3srv ssh:notty Wed Feb 4 02:18 - 02:18 (00:00) 220.191.204.238
    ts3 ssh:notty Wed Feb 4 02:14 - 02:14 (00:00) 220.191.204.238
    ts ssh:notty Wed Feb 4 02:10 - 02:10 (00:00) 220.191.204.238
    test ssh:notty Wed Feb 4 02:06 - 02:06 (00:00) 220.191.204.238
    support ssh:notty Wed Feb 4 01:59 - 01:59 (00:00) 220.191.204.238
    postgres ssh:notty Wed Feb 4 01:01 - 01:01 (00:00) 220.191.204.238
    pi ssh:notty Wed Feb 4 00:58 - 00:58 (00:00) 220.191.204.238
    oracle ssh:notty Wed Feb 4 00:54 - 00:54 (00:00) 220.191.204.238
    log ssh:notty Wed Feb 4 00:42 - 00:42 (00:00) 220.191.204.238
    karaf ssh:notty Wed Feb 4 00:38 - 00:38 (00:00) 220.191.204.238
    jack ssh:notty Wed Feb 4 00:34 - 00:34 (00:00) 220.191.204.238
    info ssh:notty Wed Feb 4 00:30 - 00:30 (00:00) 220.191.204.238
    guest ssh:notty Wed Feb 4 00:26 - 00:26 (00:00) 220.191.204.238
    ftp ssh:notty Wed Feb 4 00:18 - 00:18 (00:00) 220.191.204.238
    dreamer ssh:notty Wed Feb 4 00:14 - 00:14 (00:00) 220.191.204.238
    default ssh:notty Wed Feb 4 00:10 - 00:10 (00:00) 220.191.204.238
    debug ssh:notty Wed Feb 4 00:06 - 00:06 (00:00) 220.191.204.238
    david ssh:notty Wed Feb 4 00:03 - 00:03 (00:00) 220.191.204.238
    cisco ssh:notty Tue Feb 3 23:59 - 23:59 (00:00) 220.191.204.238
    christia ssh:notty Tue Feb 3 23:55 - 23:55 (00:00) 220.191.204.238
    bob ssh:notty Tue Feb 3 23:51 - 23:51 (00:00) 220.191.204.238
    arbab ssh:notty Tue Feb 3 23:43 - 23:43 (00:00) 220.191.204.238
    alex ssh:notty Tue Feb 3 23:39 - 23:39 (00:00) 220.191.204.238
    administ ssh:notty Tue Feb 3 23:35 - 23:35 (00:00) 220.191.204.238
    admin ssh:notty Tue Feb 3 23:31 - 23:31 (00:00) 220.191.204.238
    admin ssh:notty Tue Feb 3 23:27 - 23:27 (00:00) 220.191.204.238
    admin ssh:notty Tue Feb 3 23:23 - 23:23 (00:00) 220.191.204.238
    aaron ssh:notty Tue Feb 3 23:19 - 23:19 (00:00) 220.191.204.238
    PlcmSpIp ssh:notty Tue Feb 3 23:15 - 23:15 (00:00) 220.191.204.238
    shoutcas ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    shoutcas ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    www ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    www ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    www ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    jedi ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    jedi ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    albert ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    albert ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    melissa ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    melissa ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    matrix ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    matrix ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    matrix ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    matrix ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    matrix ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    sybase ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    sybase ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    demo ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    demo ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    demo ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    demo ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    demo ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    hadoop ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    hadoop ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    hadoop ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    hadoop ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    hadoop ssh:notty Tue Feb 3 22:18 - 22:18 (00:00) 114.80.101.44
    oracle ssh:notty Tue Feb 3 22:17 - 22:17 (00:00) 114.80.101.44
    user3 ssh:notty Tue Feb 3 22:17 - 22:17 (00:00) 114.80.101.44
    user2 ssh:notty Tue Feb 3 22:17 - 22:17 (00:00) 114.80.101.44
    user1 ssh:notty Tue Feb 3 22:17 - 22:17 (00:00) 114.80.101.44
    user03 ssh:notty Tue Feb 3 22:17 - 22:17 (00:00) 114.80.101.44
    user02 ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    user3 ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    user2 ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    user01 ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    user1 ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    ubuntu ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    postgres ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    suporte ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    student ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    student ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    suporte ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    postgres ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    nagios ssh:notty Tue Feb 3 22:16 - 22:16 (00:00) 114.80.101.44
    jasontse
        14
    jasontse  
       2015-02-04 12:32:25 +08:00 via iPad
    还有福建也是鸡窝
    codegear
        15
    codegear  
       2015-02-04 12:41:23 +08:00
    一看吓一跳
    国外有泰国、韩国
    国内有成都、绍兴、镇江

    一天5w次,要吃不消了
    lingo
        16
    lingo  
       2015-02-04 12:46:10 +08:00
    @bellchu 我的跟你的差不多,103.41.124.*这个范围的特别多。。。
    hjc4869
        17
    hjc4869  
       2015-02-04 12:56:51 +08:00
    fail2ban不好用?
    fashioncj
        18
    fashioncj  
       2015-02-04 13:35:49 +08:00
    @lingo 同意。。我的也是~
    fashioncj
        19
    fashioncj  
       2015-02-04 13:39:01 +08:00
    ssh简直爆炸
    ![sinaimg]( )
    bellchu
        20
    bellchu  
       2015-02-04 13:50:49 +08:00
    @lingo 貌似是香港的IP。以前没这么多SSH尝试的,就去年开始,只要是在亚太的服务器,我基本每天都能收获很多。 北美的服务器都是OpenVPN的尝试。
    dongge
        21
    dongge  
       2015-02-04 13:55:05 +08:00 via Android
    @vex911 头像。。。。。
    lingo233
        22
    lingo233  
       2015-02-04 14:59:51 +08:00
    我这边比你们好一点只有一个兰州ip比较多来了624次
    abcbit
        23
    abcbit  
       2015-02-04 15:16:21 +08:00 via iPhone
    鎮江的服務器一個月才200多,不掃你掃誰?
    chunchu
        24
    chunchu  
       2015-02-04 15:54:59 +08:00
    3 173-164-76-202-o
    7 218.65.30.73
    7 62-210-211-45.re
    10 194.58.88.86
    12 222.161.4.148
    24 74.118.195.210
    25 117.21.225.137
    30 46.227.188.23
    32 195-154-169-120.
    90 ms012.moonshot.f
    120 222.92.213.131
    fvladlpa
        25
    fvladlpa  
       2015-02-04 17:06:20 +08:00 via iPhone
    @kiritoalex 看什么端口开放,22,21,80居多
    lbp0200
        26
    lbp0200  
       2015-02-04 17:19:14 +08:00
    我换了端口
    kiritoalex
        27
    kiritoalex  
       2015-02-04 17:31:43 +08:00
    @fvladlpa OK,看来主要还是FTP,SSH和HTTP端口。。。
    话说如果加了操作系统指纹分析就可以更有效地指定攻击类型了。。。
    wulin
        28
    wulin  
       2015-02-04 17:48:50 +08:00
    看了下我的,ssh端口改掉了还有尝试的。最蛋疼的是last发现有外省ip,改密码去了....
    Havee
        29
    Havee  
    OP
       2015-02-04 17:50:35 +08:00
    @wulin 囧,ssh 禁掉密码登录,切记
    Halry
        30
    Halry  
       2015-02-04 20:11:20 +08:00 via Android
    我看了下我也有一堆。。。
    设了只有证书登录怎么还能尝试,什么回事?
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5326 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 45ms · UTC 08:34 · PVG 16:34 · LAX 00:34 · JFK 03:34
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.