为什么老有人尝试登录我的服务器?

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

For Existing Member Sign In

You need to sign in to view this topic

This topic created in 3680 days ago, the information mentioned may be changed or developed.

以下是截取部分数据: IP 查到是强国南方某几个省的电信 IP. 而且最少 1 秒就有 2 次左右的尝试登录. 难道是?!!!!

Apr 6 16:27:55 instance-3 sshd[2602]: Failed password for root from 183.3.202.175 port 10606 ssh2
Apr 6 16:27:58 instance-3 sshd[2602]: Failed password for root from 183.3.202.175 port 10606 ssh2
Apr 6 16:28:00 instance-3 sshd[2602]: Failed password for root from 183.3.202.175 port 10606 ssh2
Apr 6 16:28:00 instance-3 sshd[2602]: Received disconnect from 183.3.202.175: 11: [preauth]
Apr 6 16:28:03 instance-3 sshd[2604]: Failed password for root from 183.3.202.175 port 38243 ssh2
Apr 6 16:28:05 instance-3 sshd[2604]: Failed password for root from 183.3.202.175 port 38243 ssh2
Apr 6 16:28:07 instance-3 sshd[2604]: Failed password for root from 183.3.202.175 port 38243 ssh2
Apr 6 16:28:07 instance-3 sshd[2604]: Received disconnect from 183.3.202.175: 11: [preauth]
Apr 6 16:28:10 instance-3 sshd[2606]: Failed password for root from 183.3.202.175 port 62540 ssh2
Apr 6 16:28:12 instance-3 sshd[2606]: Failed password for root from 183.3.202.175 port 62540 ssh2
Apr 6 16:28:14 instance-3 sshd[2606]: Failed password for root from 183.3.202.175 port 62540 ssh2
Apr 6 16:28:14 instance-3 sshd[2606]: Received disconnect from 183.3.202.175: 11: [preauth]
Apr 6 16:29:13 instance-3 sshd[2623]: Failed password for root from 222.186.56.107 port 2405 ssh2
Apr 6 16:29:16 instance-3 sshd[2623]: Failed password for root from 222.186.56.107 port 2405 ssh2
Apr 6 16:29:18 instance-3 sshd[2623]: Failed password for root from 222.186.56.107 port 2405 ssh2
Apr 6 16:29:21 instance-3 sshd[2623]: Failed password for root from 222.186.56.107 port 2405 ssh2
Apr 6 16:29:22 instance-3 sshd[2623]: Failed password for root from 222.186.56.107 port 2405 ssh2
Apr 6 16:29:23 instance-3 sshd[2623]: fatal: Read from socket failed: Connection reset by peer [preauth]
Apr 6 16:29:26 instance-3 sshd[2625]: Failed password for root from 222.186.56.107 port 4002 ssh2
Apr 6 16:29:28 instance-3 sshd[2625]: Failed password for root from 222.186.56.107 port 4002 ssh2

Supplement 1 · Apr 8, 2016

换默认的 ssh 端口可以解决吗?

38 replies • 2016-04-08 15:56:37 +08:00

cszchen

Apr 8, 2016

也许曾经这是他的服务器

ahillgian

Apr 8, 2016

@cszchen 应该不是的. 感觉是强国的防火墙在尝试破解.

twor2

Apr 8, 2016

发 ip 不打码
你吧发帖前后的登录次数对比一下，看看是否有变化

initialdp

Apr 8, 2016

在粗暴破解你的 SSH 密码。安装 fail2ban 吧，一般这些无聊的动作都可以被封锁。

twor2

Apr 8, 2016

哦是对方 ip ，我 2 了

imWBB

Apr 8, 2016 via Android

为什么不禁用 root 和密码登录？

raincious

Apr 8, 2016

缘分啊。我的机器也在被 183.3.202 这段 IP 地址的机器扫描，而且频率非常高，感觉十分奇怪。建议各位也看看自己的服务器是不是有这个 IP 地址的访问记录。

这是 3 月份的截图：
图片太长请手动复制到地址栏://i.imgur.com/bwtJcgB.png

这是刚刚的：
图片太长请手动复制到地址栏://i.imgur.com/aQKYHid.png

`attempts` 计数低是因为程序会自动用 iptables 屏蔽 IP 地址 1.5 天时间，这期间这个 IP 就不能再访问我的服务器了。