Només necessitem executar aquesta comanda per fer-nos una idea de les vegades que truquen a la porta per entrar sense demanar permís.
cat /var/log/auth.log | grep ssh | less |
Exemples reals d’una màquina: Clarament, l’atac està basat en diccionari.
Feb 4 13:58:55 sshd[10832]: Invalid user lammer from 189.26.114.186 Feb 4 13:58:55 sshd[10832]: reverse mapping checking getaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT! Feb 4 13:58:56 sshd[10849]: Invalid user reebok from 189.26.114.186 Feb 4 13:58:56 sshd[10849]: reverse mapping checking getaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT! Feb 4 13:58:57 sshd[10844]: Invalid user summer from 189.26.114.186 Feb 4 13:58:57 sshd[10844]: reverse mapping checking etaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT! Feb 4 13:58:59 sshd[10838]: Invalid user bots from 189.26.114.186 Feb 4 13:58:59 sshd[10838]: reverse mapping checking getaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT! Feb 4 13:59:01 sshd[10857]: Invalid user lamer from 189.26.114.186 Feb 4 13:59:01 sshd[10857]: reverse mapping checking getaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT! Feb 4 13:59:02 sshd[10863]: Invalid user nike from 189.26.114.186 Feb 4 13:59:02 sshd[10863]: reverse mapping checking getaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT! |
Un altre, aquest diset vegades provant el compte d’admin:
Feb 5 14:50:51 sshd[8378]: Invalid user admin from 61.153.153.188 Feb 5 14:50:54 sshd[8384]: Invalid user admin from 61.153.153.188 Feb 5 14:50:57 sshd[8390]: Invalid user admin from 61.153.153.188 Feb 5 14:51:00 sshd[8396]: Invalid user admin from 61.153.153.188 Feb 5 14:51:03 sshd[8402]: Invalid user admin from 61.153.153.188 Feb 5 14:51:06 sshd[8408]: Invalid user admin from 61.153.153.188 Feb 5 14:51:09 sshd[8414]: Invalid user admin from 61.153.153.188 Feb 5 14:51:12 sshd[8421]: Invalid user admin from 61.153.153.188 Feb 5 14:51:15 sshd[8427]: Invalid user admin from 61.153.153.188 Feb 5 14:51:18 sshd[8433]: Invalid user admin from 61.153.153.188 Feb 5 14:51:22 sshd[8439]: Invalid user admin from 61.153.153.188 Feb 5 14:51:25 sshd[8445]: Invalid user admin from 61.153.153.188 Feb 5 14:51:28 sshd[8451]: Invalid user admin from 61.153.153.188 Feb 5 14:51:31 sshd[8457]: Invalid user admin from 61.153.153.188 Feb 5 14:51:34 sshd[8463]: Invalid user admin from 61.153.153.188 Feb 5 14:51:49 sshd[8493]: Invalid user admin from 61.153.153.188 Feb 5 14:51:52 sshd[8499]: Invalid user admin from 61.153.153.188 |
Cal fer alguna cosa, no?
Feb 10 16:27:02 sshd[8834]: Invalid user cyrus from 210.51.184.105 Feb 10 16:27:05 sshd[8840]: Invalid user hermes from 210.51.184.105 Feb 10 16:27:08 sshd[8846]: Invalid user test from 210.51.184.105 Feb 10 16:27:11 sshd[8852]: Invalid user test from 210.51.184.105 Feb 10 16:27:19 sshd[8864]: Invalid user sid from 210.51.184.105 Feb 10 16:27:22 sshd[8870]: Invalid user vincent from 210.51.184.105 Feb 10 16:27:30 sshd[8882]: Invalid user stella from 210.51.184.105 Feb 10 16:27:33 sshd[8888]: Invalid user ernie from 210.51.184.105 Feb 10 16:28:00 sshd[8936]: Invalid user nokia from 210.51.184.105 Feb 10 16:28:03 sshd[8942]: Invalid user nokia from 210.51.184.105 |
Feb 11 16:29:13 sshd[14918]: Invalid user test from 218.56.61.114 Feb 11 16:29:16 sshd[14924]: Invalid user guest from 218.56.61.114 Feb 11 16:29:20 sshd[14930]: Invalid user admin from 218.56.61.114 Feb 11 16:29:23 sshd[14936]: Invalid user admin from 218.56.61.114 Feb 11 16:29:26 sshd[14942]: Invalid user user from 218.56.61.114 Feb 11 16:29:40 sshd[14966]: Invalid user test from 218.56.61.114 |
Resum, en questió d’una setmana: 189.26.114.186, 61.153.153.188, 210.51.184.105 i 218.56.61.114
Fernando | 
Tuesday, 17th of February 2009 | Tags: