Latest Tweets

La configuració del sshd per defecte no mola!

Només necessitem executar aquesta comanda per fer-nos una idea de les vegades que truquen a la porta per entrar sense demanar permís.

cat /var/log/auth.log | grep ssh | less

Exemples reals d’una màquina: Clarament, l’atac està basat en diccionari.

Feb  4 13:58:55  sshd[10832]: Invalid user lammer from 189.26.114.186
Feb  4 13:58:55  sshd[10832]: reverse mapping checking getaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Feb  4 13:58:56  sshd[10849]: Invalid user reebok from 189.26.114.186
Feb  4 13:58:56  sshd[10849]: reverse mapping checking getaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Feb  4 13:58:57  sshd[10844]: Invalid user summer from 189.26.114.186
Feb  4 13:58:57  sshd[10844]: reverse mapping checking etaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Feb  4 13:58:59  sshd[10838]: Invalid user bots from 189.26.114.186
Feb  4 13:58:59  sshd[10838]: reverse mapping checking getaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Feb  4 13:59:01  sshd[10857]: Invalid user lamer from 189.26.114.186
Feb  4 13:59:01  sshd[10857]: reverse mapping checking getaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Feb  4 13:59:02  sshd[10863]: Invalid user nike from 189.26.114.186
Feb  4 13:59:02  sshd[10863]: reverse mapping checking getaddrinfo for stpcengenharia186.static.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!

Un altre, aquest diset vegades provant el compte d’admin:

Feb  5 14:50:51  sshd[8378]: Invalid user admin from 61.153.153.188
Feb  5 14:50:54  sshd[8384]: Invalid user admin from 61.153.153.188
Feb  5 14:50:57  sshd[8390]: Invalid user admin from 61.153.153.188
Feb  5 14:51:00  sshd[8396]: Invalid user admin from 61.153.153.188
Feb  5 14:51:03  sshd[8402]: Invalid user admin from 61.153.153.188
Feb  5 14:51:06  sshd[8408]: Invalid user admin from 61.153.153.188
Feb  5 14:51:09  sshd[8414]: Invalid user admin from 61.153.153.188
Feb  5 14:51:12  sshd[8421]: Invalid user admin from 61.153.153.188
Feb  5 14:51:15  sshd[8427]: Invalid user admin from 61.153.153.188
Feb  5 14:51:18  sshd[8433]: Invalid user admin from 61.153.153.188
Feb  5 14:51:22  sshd[8439]: Invalid user admin from 61.153.153.188
Feb  5 14:51:25  sshd[8445]: Invalid user admin from 61.153.153.188
Feb  5 14:51:28  sshd[8451]: Invalid user admin from 61.153.153.188
Feb  5 14:51:31  sshd[8457]: Invalid user admin from 61.153.153.188
Feb  5 14:51:34  sshd[8463]: Invalid user admin from 61.153.153.188
Feb  5 14:51:49  sshd[8493]: Invalid user admin from 61.153.153.188
Feb  5 14:51:52  sshd[8499]: Invalid user admin from 61.153.153.188

Cal fer alguna cosa, no?

Feb 10 16:27:02  sshd[8834]: Invalid user cyrus from 210.51.184.105
Feb 10 16:27:05  sshd[8840]: Invalid user hermes from 210.51.184.105
Feb 10 16:27:08  sshd[8846]: Invalid user test from 210.51.184.105
Feb 10 16:27:11  sshd[8852]: Invalid user test from 210.51.184.105
Feb 10 16:27:19  sshd[8864]: Invalid user sid from 210.51.184.105
Feb 10 16:27:22  sshd[8870]: Invalid user vincent from 210.51.184.105
Feb 10 16:27:30  sshd[8882]: Invalid user stella from 210.51.184.105
Feb 10 16:27:33  sshd[8888]: Invalid user ernie from 210.51.184.105
Feb 10 16:28:00  sshd[8936]: Invalid user nokia from 210.51.184.105
Feb 10 16:28:03  sshd[8942]: Invalid user nokia from 210.51.184.105
Feb 11 16:29:13  sshd[14918]: Invalid user test from 218.56.61.114
Feb 11 16:29:16  sshd[14924]: Invalid user guest from 218.56.61.114
Feb 11 16:29:20  sshd[14930]: Invalid user admin from 218.56.61.114
Feb 11 16:29:23  sshd[14936]: Invalid user admin from 218.56.61.114
Feb 11 16:29:26  sshd[14942]: Invalid user user from 218.56.61.114
Feb 11 16:29:40  sshd[14966]: Invalid user test from 218.56.61.114

Resum, en questió d’una setmana: 189.26.114.186, 61.153.153.188, 210.51.184.105 i 218.56.61.114