해킹시도

이지포토   
   조회 3452   추천 0    

 

218.92.1.131

178.118.158.229

14.33.133.188

177.79.4.173

177.79.8.25

179.242.37.9

218.92.1.131


특정 ip 에서 계속 로그인 시도를 하네요.


Jun 11 19:44:14 localhost sshd[32108]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:44:57 localhost sshd[3928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:44:57 localhost sshd[3928]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:44:59 localhost sshd[3928]: Failed password for root from 218.92.1.131 port 49285 ssh2

Jun 11 19:44:59 localhost sshd[3928]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:45:01 localhost sshd[3928]: Failed password for root from 218.92.1.131 port 49285 ssh2

Jun 11 19:45:01 localhost sshd[3928]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:45:03 localhost sshd[3928]: Failed password for root from 218.92.1.131 port 49285 ssh2

Jun 11 19:45:03 localhost sshd[3928]: Received disconnect from 218.92.1.131 port 49285:11:  [preauth]

Jun 11 19:45:03 localhost sshd[3928]: Disconnected from 218.92.1.131 port 49285 [preauth]

Jun 11 19:45:03 localhost sshd[3928]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:46:10 localhost sshd[4021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:46:10 localhost sshd[4021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:46:12 localhost sshd[4021]: Failed password for root from 218.92.1.131 port 54866 ssh2

Jun 11 19:46:12 localhost sshd[4021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:46:14 localhost sshd[4021]: Failed password for root from 218.92.1.131 port 54866 ssh2

Jun 11 19:46:14 localhost sshd[4021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:46:16 localhost sshd[4021]: Failed password for root from 218.92.1.131 port 54866 ssh2

Jun 11 19:46:17 localhost sshd[4021]: Received disconnect from 218.92.1.131 port 54866:11:  [preauth]

Jun 11 19:46:17 localhost sshd[4021]: Disconnected from 218.92.1.131 port 54866 [preauth]

Jun 11 19:46:17 localhost sshd[4021]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:47:08 localhost sshd[4207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:47:08 localhost sshd[4207]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:47:10 localhost sshd[4207]: Failed password for root from 218.92.1.131 port 29967 ssh2

Jun 11 19:47:11 localhost sshd[4207]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:47:13 localhost sshd[4207]: Failed password for root from 218.92.1.131 port 29967 ssh2

Jun 11 19:47:13 localhost sshd[4207]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:47:15 localhost sshd[4207]: Failed password for root from 218.92.1.131 port 29967 ssh2

Jun 11 19:47:15 localhost sshd[4207]: Received disconnect from 218.92.1.131 port 29967:11:  [preauth]

Jun 11 19:47:15 localhost sshd[4207]: Disconnected from 218.92.1.131 port 29967 [preauth]

Jun 11 19:47:15 localhost sshd[4207]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:48:14 localhost sshd[4294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:48:14 localhost sshd[4294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:48:16 localhost sshd[4294]: Failed password for root from 218.92.1.131 port 53581 ssh2

Jun 11 19:48:16 localhost sshd[4294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:48:18 localhost sshd[4294]: Failed password for root from 218.92.1.131 port 53581 ssh2

Jun 11 19:48:18 localhost sshd[4294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Jun 11 19:48:20 localhost sshd[4294]: Failed password for root from 218.92.1.131 port 53581 ssh2

Jun 11 19:48:21 localhost sshd[4294]: Received disconnect from 218.92.1.131 port 53581:11:  [preauth]

Jun 11 19:48:21 localhost sshd[4294]: Disconnected from 218.92.1.131 port 53581 [preauth]

Jun 11 19:48:21 localhost sshd[4294]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:48:50 localhost su: pam_unix(su-l:session): session opened for user root by pluton(uid=0)

Jun 11 19:49:10 localhost sshd[4374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.1.131  user=root

Jun 11 19:49:10 localhost sshd[4374]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"



이거 해석좀 해 주세요.
이지포토
짧은글 일수록 신중하게.
허인구마틴 2019-06
아예 ssh모드를 차단하세요.
물론 특정ip만 가능하도록 하고,
통신포트 역시 바꾸어 버리세요.
전혀 사용하지 않는 자신만의 포트로...
예를들면 본인 생일 같은 4자리 숫자로...
Revione 2019-06
무작위 ssh 인증시도 봇 같은게 도나 보네요.
원격지 지정한 iptables 설정 및 ssh포트 바꾸면 보통 큰 문제 없습니다.
더 안전한걸 원하시면 컨테이너나, 내부 사설망을 박고 NAT / 포트 포워딩같은거 하면 시도 로그조차 거의 안 생겨서 깔끔하긴 합니다...
엠브리오 2019-06
fail2ban 설치하시기 바랍니다.
구글 OTP를 설정해두는 것도 좋습니다.
아니면 패스워드 대신 "인증서키"값으로만 로그인 되도록 바꾸는 것도 방법이고..
22번 포트를 다른 걸로 아예 바꾸는 것도 방법입니다.
로그인 하시면 댓글을 남길 수 있습니다


QnA
쓰기
제목Page 4567/5711
2015-12   1701170   백메가
2014-05   5166912   정은준1
2020-07   3444   IPECTER
2018-02   3444   김건우
2015-09   3444   장동건2014
2017-09   3444   해탈
2017-07   3444   마통
2015-04   3444   김윤술
2017-06   3444   메가날백
2020-01   3444   라온제나
2019-03   3444   김건우
2017-10   3444   화란
2018-06   3444   김준유
2017-08   3444   승후니도쿄
2021-01   3444   반성만
2019-07   3444   차넷컴퓨터
2019-02   3443   금콩커피
2018-08   3443   쭈니쭈누아빠
2018-08   3443   Sikieiki
2019-01   3443   2CPUI김세훈
2017-04   3443   주세홍
2016-09   3443   나몰라1
목록
쓰기