1. 技术文章
  2. VPS如何设置拒绝被暴力登录

VPS如何设置拒绝被暴力登录

雨燕双飞 提交于 2019-12-22 01:07:02

【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>>

本周登录vps速度非常慢,整个科学上网过程都很慢。 调查了一下,发现/var/log/secure文件大幅度增长,里面大量这种暴力攻击的log:

Oct 25 11:41:07 vultr sshd[25755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.229.172.103  user=root
Oct 25 11:41:07 vultr sshd[25755]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 25 11:41:08 vultr sshd[25755]: Failed password for root from 221.229.172.103 port 35405 ssh2
Oct 25 11:41:09 vultr sshd[25755]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 25 11:41:11 vultr sshd[25755]: Failed password for root from 221.229.172.103 port 35405 ssh2
Oct 25 11:41:11 vultr sshd[25755]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct 25 11:41:14 vultr sshd[25755]: Failed password for root from 221.229.172.103 port 35405 ssh2
Oct 25 11:41:15 vultr sshd[25755]: Received disconnect from 221.229.172.103: 11:  [preauth]

目测是有人在对此IP工具进行暴力攻击,导致带来了巨大的带宽消耗,导致网络很卡。

解决: 参考: http://www.cnblogs.com/panblack/p/secure_ssh_auto_block.html

1、先把始终允许的IP填入 /etc/hosts.allow ,这很重要!比如: sshd:yourip:allow

2、脚本 /usr/local/bin/secure_ssh.sh

复制代码

#! /bin/bash
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /usr/local/bin/black.list
for i in `cat  /usr/local/bin/black.list`
do
  IP=`echo $i |awk -F= '{print $1}'`
  NUM=`echo $i|awk -F= '{print $2}'`
  if [ ${#NUM} -gt 1 ]; then
    grep $IP /etc/hosts.deny > /dev/null
    if [ $? -gt 0 ];then
      echo "sshd:$IP:deny" >> /etc/hosts.deny
    fi
  fi
done

复制代码 3、将secure_ssh.sh脚本放入cron计划任务,每1分钟执行一次。

# crontab -e
*/1 * * * *  sh /usr/local/bin/secure_ssh.sh

最后查看 /etc/hosts.deny 可以看到如下IP,目测是被当成了肉鸡:

sshd:114.112.83.142:deny
sshd:117.135.131.60:deny
sshd:151.11.201.3:deny
sshd:180.97.220.3:deny
sshd:185.110.132.202:deny
sshd:185.110.132.93:deny
sshd:198.154.63.79:deny
sshd:198.154.63.81:deny
sshd:205.209.191.54:deny
sshd:218.83.155.86:deny
sshd:219.83.163.183:deny
sshd:221.229.172.103:deny
sshd:221.229.172.35:deny
sshd:91.224.161.69:deny
sshd:93.158.200.107:deny
标签
vps
vultr
sshd
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!