今天我注意到我的/var/log/secure 文件变得越来越大。这很奇怪,当我检查尾部时,我得到了这样的东西:
Sep 6 18:37:58 asdf sshd[17615]: Failed password for root from 200.85.122.11 port 36126 ssh2
Sep 6 18:37:58 asdf sshd[17616]: Received disconnect from 200.85.122.11: 11: Bye Bye
Sep 6 18:38:00 asdf sshd[17618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.122.11 user=root
Sep 6 18:38:02 asdf sshd[17618]: Failed password for root from 200.85.122.11 port 36445 ssh2
Sep 6 18:38:02 asdf sshd[17619]: Received disconnect from 200.85.122.11: 11: Bye Bye
Sep 6 18:38:04 asdf sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.122.11 user=root
Sep 6 18:38:06 asdf sshd[17623]: Failed password for root from 200.85.122.11 port 36776 ssh2
Sep 6 18:38:06 asdf sshd[17624]: Received disconnect from 200.85.122.11: 11: Bye Bye
Sep 6 18:38:08 asdf sshd[17626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.122.11 user=root
Sep 6 18:38:10 asdf sshd[17626]: Failed password for root from 200.85.122.11 port 37072 ssh2
Sep 6 18:38:11 asdf sshd[17627]: Received disconnect from 200.85.122.11: 11: Bye Bye
Sep 6 18:38:13 asdf sshd[17689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.122.11 user=root
Sep 6 18:38:15 asdf sshd[17689]: Failed password for root from 200.85.122.11 port 37390 ssh2
Sep 6 18:38:15 asdf sshd[17690]: Received disconnect from 200.85.122.11: 11: Bye Bye
Sep 6 18:38:17 asdf sshd[17700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.122.11 user=root
这看起来好像有人试图找到我的服务器的密码。
如何在多次登录尝试失败后阻止 IP(例如,如果在过去一小时内有 10 次登录尝试失败,但是现在我的 VPS 每分钟至少收到 100 次失败的登录请求)。实际上,密码对于暴力破解来说太长太复杂,但我不确定这种暴力破解尝试是否会导致服务器负载。
最佳答案
您可以使用 iptables 设置速率限制。查看此链接:http://www.debian-administration.org/articles/187
关于security - 如何防止机器人尝试匹配密码并以 root 身份登录到服务器?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12309465/