Mai cu spor, zic … Si cu mai multa imaginatie.
5 failed login attempts to account stealthsettings (system) — Large number of attempts from this IP: 66.111.33.91
5 failed login attempts to account Ymvista (system) — Large number of attempts from this IP: 66.111.33.91
Ma tot f*#e unu` de pe diverse IP-uri, de aproximativ 2-3 saptamani. Tot incearca sa sparga serverul, folosind userele site-urilor hostate. Cel putin asa crede el, ca numele site-urilor, trebuie sa aibe si un user pe server (id=0, eventual), si daca se poate cu o parola gen data nasterii.
Ei bine, dragul meu, afla ca la 5 incercari esuate pe sshd (asta daca stii user-ul, si daca este acceptata logarea necriptata via SSH Key si fara ip-uri filtrate), serverul executa ban / silence pe IP, pentru cateva minute. Suficient de mult, cat sa-ti blocheze performantul generator de parole.
Doua ponturi pentru tine:
1. Nici un site (cont), nu are user cu access ssh-
2. Daca ai norocul (unu la cateva miliarde) sa treci de APF (Advanced Policy Firewall) si de ochiul meu, te asigur ca o sa tragi o gura zdravana de (BFD) การตรวจจับกำลังดุร้าย-
root@server [~]# iptables -I INPUT -s 66.111.33.91 -j DROP
root@server [~]# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
root@server [~]#
ประสบความสำเร็จ
PS. Alti sfinti care au mai trecut pe la mine, in data de 27 iulie 2009.
Logwatch
Failed logins from:
60.220.224.103: 4 times
121.254.228.21: 4 times
124.125.155.201: 1 time
124.247.222.243 (124-247-222-243.del.tulipconnect.com): 105 times
211.137.183.246: 5 times
Illegal users from:
60.220.224.103: 28 times
121.254.228.21: 11 times
124.247.222.243 (124-247-222-243.del.tulipconnect.com): 2335 times
211.137.183.246: 36 times
Thanks,
การตั้งค่าการลักลอบ
