嘟嘟社区

云筏cloudraft 0.1小鸡被ssh爆破了

moe

本帖最后由 emptysuns 于 2022-1-7 14:11 编辑

刚在论坛发了帖子
ssh就被正在爆破
你是真的闲
https://hostloc.com/forum.php?mo … ;page=3#pid11760668
通过ipv4 nat 过来的看不到源ip

  1. Jan  7 05:59:49 node3459-vzvps-189 sshd[34476]: Received disconnect from 172.31.1.17 port 38852:11: Normal Shutdown, Thank you for playing [preauth]
  2. Jan  7 05:59:49 node3459-vzvps-189 sshd[34476]: Disconnected from invalid user rym 172.31.1.17 port 38852 [preauth]
  3. Jan  7 05:59:49 node3459-vzvps-189 sshd[34651]: Invalid user liangt from 172.31.1.17 port 60402
  4. Jan  7 05:59:49 node3459-vzvps-189 sshd[34651]: pam_unix(sshd:auth): check pass; user unknown
  5. Jan  7 05:59:49 node3459-vzvps-189 sshd[34651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.31.1.17
  6. Jan  7 05:59:49 node3459-vzvps-189 sshd[34543]: Received disconnect from 172.31.1.17 port 40782:11: Normal Shutdown, Thank you for playing [preauth]
  7. Jan  7 05:59:49 node3459-vzvps-189 sshd[34543]: Disconnected from invalid user szl 172.31.1.17 port 40782 [preauth]
  8. Jan  7 05:59:49 node3459-vzvps-189 sshd[34565]: Failed password for invalid user xiaoke_wh from 172.31.1.17 port 51330 ssh2
  9. Jan  7 05:59:49 node3459-vzvps-189 sshd[34517]: Received disconnect from 172.31.1.17 port 45702:11: Normal Shutdown, Thank you for playing [preauth]
  10. Jan  7 05:59:49 node3459-vzvps-189 sshd[34517]: Disconnected from invalid user fangh 172.31.1.17 port 45702 [preauth]
  11. Jan  7 05:59:49 node3459-vzvps-189 sshd[34519]: Received disconnect from 172.31.1.17 port 43088:11: Normal Shutdown, Thank you for playing [preauth]
  12. Jan  7 05:59:49 node3459-vzvps-189 sshd[34519]: Disconnected from invalid user ypy 172.31.1.17 port 43088 [preauth]
  13. Jan  7 05:59:49 node3459-vzvps-189 sshd[34549]: Invalid user hwl-cgy from 172.31.1.17 port 50308
  14. Jan  7 05:59:49 node3459-vzvps-189 sshd[34628]: Invalid user jxl from 172.31.1.17 port 57194
  15. Jan  7 05:59:49 node3459-vzvps-189 sshd[34549]: pam_unix(sshd:auth): check pass; user unknown
  16. Jan  7 05:59:49 node3459-vzvps-189 sshd[34549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.31.1.17
  17. Jan  7 05:59:49 node3459-vzvps-189 sshd[34628]: pam_unix(sshd:auth): check pass; user unknown
  18. Jan  7 05:59:49 node3459-vzvps-189 sshd[34628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.31.1.17
  19. Jan  7 05:59:49 node3459-vzvps-189 sshd[34338]: Received disconnect from 172.31.1.17 port 48664:11: Normal Shutdown, Thank you for playing [preauth]
  20. Jan  7 05:59:49 node3459-vzvps-189 sshd[34338]: Disconnected from invalid user qinsiqing 172.31.1.17 port 48664 [preauth]
  21. Jan  7 05:59:49 node3459-vzvps-189 sshd[34541]: Failed password for invalid user zsw from 172.31.1.17 port 48884 ssh2
  22. Jan  7 05:59:49 node3459-vzvps-189 sshd[34626]: Failed password for invalid user zhangjing from 172.31.1.17 port 56754 ssh
  23. [email protected]:/var/log# date
  24. Fri 07 Jan 2022 06:00:43 AM UTC

复制代码

现在已经停了。估计是针对        ipv4网关us-host-1.paas-us.cloud.ac.cn 进行扫的
云筏客户可以来瞅瞅
爆破好,祝早破。
6位数字公网V4我也没见谁爆破成功了
不方便看源ip的话还不方便用fail2ban
自己改端口
关机保平安

MoeWang 发表于 2022-1-7 14:05
不方便看源ip的话还不方便用fail2ban

fail2ban, 云筏放出的试用鸡,根本性能不足,随随便便都能被打满cpu,删掉v4中转了,看看这位有本事扫v6地址不