eliu
joined:
2007-08-09 posted:
11478 promoted: 617 bookmarked: 187 新竹, 台灣 | 1 | subject:
一直有對岸的想入侵 |
0
0 | 2007-09-20 | quote | | |
Sep 20 08:39:30 www sshd[18646]: error: Could not get shadow information for NOUSER
Sep 20 08:39:30 www sshd[18646]: Failed password for invalid user meharunnisa from 124.42.120.27 port 47951 ssh2
Sep 20 08:39:31 www sshd[18650]: Invalid user mehbooba from 124.42.120.27
Sep 20 08:39:31 www sshd[18650]: error: Could not get shadow information for NOUSER
Sep 20 08:39:31 www sshd[18650]: Failed password for invalid user mehbooba from 124.42.120.27 port 48002 ssh2
Sep 20 08:39:33 www sshd[18654]: Invalid user naaz from 124.42.120.27
Sep 20 08:39:33 www sshd[18654]: error: Could not get shadow information for NOUSER
因為我是用 Mandriva 的 personal firewall,懶得看 IP table 到底該怎麼弄。
我不想限制只有某些 IP 才可以 login,乾脆直接 ban 這個 IP
從 xinetd 去 control, 修改 /etc/xinetd.d/sshd-xinetd
service ssh
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/sshd
server_args = -i
log_on_success += DURATION USERID
log_on_failure += USERID
nice = 10
no_access = 124.42.120.27
}
|
eliu
joined:
2007-08-09 posted:
11478 promoted: 617 bookmarked: 187 新竹, 台灣 |
我現在改成用
only_from = xxx.net
方式。
目前為止,想入侵的 IP 都是沒有登記的。
|
sendxp
joined:
2009-06-24 posted:
101 promoted: 23 bookmarked: 6 地球 | eliu大大, iptable 可以試試 shorewall, 設定一些簡單的文字檔, 它會將你的設定變成 iptable 的 script, 而且它有自己的daemon, 透過 daemon 的啟動/關閉來控制 iptable script. iptable-save 可以觀它幫你設定了那些 script, 很好用... 另外 denyhosts 可以幫你分析log自動將那些可疑的host加入 /etc/hosts.deny 中, 省掉不少事...
|
eliu
joined:
2007-08-09 posted:
11478 promoted: 617 bookmarked: 187 新竹, 台灣 |
edited: 1
|
sendxp
joined:
2009-06-24 posted:
101 promoted: 23 bookmarked: 6 地球 | 沒看到這篇, 我有點關公面前耍大刀了.....
|
eliu
joined:
2007-08-09 posted:
11478 promoted: 617 bookmarked: 187 新竹, 台灣 | sendxp | 沒看到這篇, 我有點關公面前耍大刀了..... |
不會,別這樣說
|