V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
• 请不要在回答技术问题时复制粘贴 AI 生成的内容
yyh325
V2EX  ›  程序员

腾讯云主机登录日志里有很多不明 IP 试图登录是啥情况

  •  
  •   yyh325 · 2019-12-30 10:15:01 +08:00 · 3835 次点击
    这是一个创建于 1819 天前的主题,其中的信息可能已经有所发展或是发生改变。

    Dec 30 10:10:31 VM_0_12_centos sshd[30507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.196.81.5 user=root Dec 30 10:10:31 VM_0_12_centos sshd[30507]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" Dec 30 10:10:33 VM_0_12_centos sshd[30507]: Failed password for root from 116.196.81.5 port 52750 ssh2 Dec 30 10:10:33 VM_0_12_centos sshd[30507]: Received disconnect from 116.196.81.5 port 52750:11: Bye Bye [preauth] Dec 30 10:10:33 VM_0_12_centos sshd[30507]: Disconnected from 116.196.81.5 port 52750 [preauth] Dec 30 10:10:33 VM_0_12_centos sshd[30509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.195 user=root Dec 30 10:10:33 VM_0_12_centos sshd[30509]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" Dec 30 10:10:36 VM_0_12_centos sshd[30509]: Failed password for root from 218.92.0.195 port 63674 ssh2 Dec 30 10:10:36 VM_0_12_centos sshd[30509]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" Dec 30 10:10:38 VM_0_12_centos sshd[30515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.170.139.243 user=sshd Dec 30 10:10:38 VM_0_12_centos sshd[30515]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd" Dec 30 10:10:38 VM_0_12_centos sshd[30509]: Failed password for root from 218.92.0.195 port 63674 ssh2 Dec 30 10:10:38 VM_0_12_centos sshd[30509]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" Dec 30 10:10:40 VM_0_12_centos sshd[30515]: Failed password for sshd from 93.170.139.243 port 56436 ssh2 Dec 30 10:10:40 VM_0_12_centos sshd[30509]: Failed password for root from 218.92.0.195 port 63674 ssh2 Dec 30 10:10:40 VM_0_12_centos sshd[30509]: Received disconnect from 218.92.0.195 port 63674:11: [preauth] Dec 30 10:10:40 VM_0_12_centos sshd[30509]: Disconnected from 218.92.0.195 port 63674 [preauth] Dec 30 10:10:40 VM_0_12_centos sshd[30509]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.195 user=root Dec 30 10:10:40 VM_0_12_centos sshd[30515]: Received disconnect from 93.170.139.243 port 56436:11: Bye Bye [preauth] Dec 30 10:10:40 VM_0_12_centos sshd[30515]: Disconnected from 93.170.139.243 port 56436 [preauth] Dec 30 10:10:44 VM_0_12_centos sshd[30529]: Invalid user hxg from 106.13.3.214 port 42070 Dec 30 10:10:44 VM_0_12_centos sshd[30529]: input_userauth_request: invalid user hxg [preauth] Dec 30 10:10:44 VM_0_12_centos sshd[30529]: pam_unix(sshd:auth): check pass; user unknown Dec 30 10:10:44 VM_0_12_centos sshd[30529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.3.214 Dec 30 10:10:46 VM_0_12_centos sshd[30529]: Failed password for invalid user hxg from 106.13.3.214 port 42070 ssh2 Dec 30 10:10:46 VM_0_12_centos sshd[30529]: Received disconnect from 106.13.3.214 port 42070:11: Bye Bye [preauth] Dec 30 10:10:46 VM_0_12_centos sshd[30529]: Disconnected from 106.13.3.214 port 42070 [preauth]

    13 条回复    2019-12-30 21:41:14 +08:00
    yyh325
        1
    yyh325  
    OP
       2019-12-30 10:15:34 +08:00
    用 xshell 登录偶尔卡的不行,控制台登录就很流畅,和这个有关系吗
    renmu
        2
    renmu  
       2019-12-30 10:41:28 +08:00 via Android   ❤️ 1
    有人想爆破你,换个 ssh 端口
    tianxianggezhu
        3
    tianxianggezhu  
       2019-12-30 10:44:15 +08:00   ❤️ 1
    有很多人攻击的,可以装个保护性软件,你会发现你的服务器每天受到了全球各地至少几百次的攻击
    tyzrj766
        4
    tyzrj766  
       2019-12-30 10:45:41 +08:00   ❤️ 1
    扫端口的,开 22 端口,热门的 IP 段和主机,几天就能攒下几万个
    yyh325
        5
    yyh325  
    OP
       2019-12-30 10:48:45 +08:00
    好,明白了,多谢老哥们
    stiekel
        6
    stiekel  
       2019-12-30 11:19:57 +08:00
    这个正常,云厂商的 IP 段,都会被不停的扫常用端口,是 22 就会用密码本来尝试登陆。这个不是针对你,人家是全都扫。
    换端口就安静了。
    flynaj
        7
    flynaj  
       2019-12-30 11:31:15 +08:00 via Android
    该一下端口,清净,默认端口无数的机器在扫描。
    Les1ie
        8
    Les1ie  
       2019-12-30 14:40:03 +08:00
    apt install fail2ban
    瞬间清净了
    annielong
        9
    annielong  
       2019-12-30 18:15:26 +08:00
    弱密码扫描,很正常,当初内网的弱密码用友数据库,刚开外网不到 5 分钟,就被改了密码
    opengps
        10
    opengps  
       2019-12-30 18:31:10 +08:00
    公网环境就是这么恶劣,各种扫描器自动探测自动穷举爆破
    JamesR
        11
    JamesR  
       2019-12-30 19:01:40 +08:00 via Android
    正常,机子到手就要改端口。
    leeton
        12
    leeton  
       2019-12-30 19:11:49 +08:00
    我的 win 主机都换端口了
    zuoakang
        13
    zuoakang  
       2019-12-30 21:41:14 +08:00 via Android
    这个是 last 命令查看的吗
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2554 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 10:20 · PVG 18:20 · LAX 02:20 · JFK 05:20
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.