speckthehut
Hacker
Hallo!
Ich habe mir mal aus "Spaß" den SSH Port zurück auf 22 verlegt. Nicht weil ich dem Wahnsinn verfallen bin, sondern damit ich mal verstehe was da genau geschieht wenn ich Angegriffen werde.
Habt ihr eine Ahnung was genau da passiert? Und sollte Fail2Ban da nicht eingreifen? Oder muss ich mir dabei keine Sorgen machen?
Oder der andere Chinaboy
Die IP´s habe ich Absichtlich nicht versteckt ;o)
Ich bin der Meinung das bei solchen; nennen wir sie "Angriffsversuche" die Option der sshd_conf "Maxtartups" oder "MaxAuthtries" greifen sollte. Doch der Chinamen wird ja nicht Abgeblockt. Fail2Ban läuft auch und das zuverlässig wenn Username und oder Passwort mit geschickt werden. Doch bei solchen Verbindungen ohne Userdaten passiert da scheinbar nichts. Diese Verbindungen gehen teils 20 Minuten und länger weiter.
Und keine Sorge. Alles läuft üner 2048 Bit Private Key´s :emoticon-0183-swear
Wäre toll wenn mir da jemand einen Tipp geben könnte wie ich sowas unterbinden kann, oder ob man einfach damit Leben muss.
Kuss und Gruß!
Ich habe mir mal aus "Spaß" den SSH Port zurück auf 22 verlegt. Nicht weil ich dem Wahnsinn verfallen bin, sondern damit ich mal verstehe was da genau geschieht wenn ich Angegriffen werde.
Habt ihr eine Ahnung was genau da passiert? Und sollte Fail2Ban da nicht eingreifen? Oder muss ich mir dabei keine Sorgen machen?
Apr 18 02:50:59 serv1 sshd[31523]: Connection from 118.194.63.144 port 38049
Apr 18 02:51:02 serv1 sshd[31523]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:03 serv1 sshd[31525]: Set /proc/self/oom_adj to 0
Apr 18 02:51:03 serv1 sshd[31525]: Connection from 118.194.63.144 port 38248
Apr 18 02:51:06 serv1 sshd[31525]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:07 serv1 sshd[31527]: Set /proc/self/oom_adj to 0
Apr 18 02:51:07 serv1 sshd[31527]: Connection from 118.194.63.144 port 38518
Apr 18 02:51:09 serv1 sshd[31527]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:10 serv1 sshd[31529]: Set /proc/self/oom_adj to 0
Apr 18 02:51:10 serv1 sshd[31529]: Connection from 118.194.63.144 port 38638
Apr 18 02:51:13 serv1 sshd[31529]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:14 serv1 sshd[31531]: Set /proc/self/oom_adj to 0
Apr 18 02:51:14 serv1 sshd[31531]: Connection from 118.194.63.144 port 38880
Apr 18 02:51:16 serv1 sshd[31531]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:17 serv1 sshd[31533]: Set /proc/self/oom_adj to 0
Apr 18 02:51:17 serv1 sshd[31533]: Connection from 118.194.63.144 port 39088
Apr 18 02:51:20 serv1 sshd[31533]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:20 serv1 sshd[31533]: Invalid user stefna from 118.194.63.144
Apr 18 02:51:21 serv1 sshd[31535]: Set /proc/self/oom_adj to 0
Apr 18 02:51:21 serv1 sshd[31535]: Connection from 118.194.63.144 port 39256
Apr 18 02:51:23 serv1 sshd[31535]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:24 serv1 sshd[31537]: Set /proc/self/oom_adj to 0
Apr 18 02:51:24 serv1 sshd[31537]: Connection from 118.194.63.144 port 39522
Apr 18 02:51:27 serv1 sshd[31537]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:02 serv1 sshd[31523]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:03 serv1 sshd[31525]: Set /proc/self/oom_adj to 0
Apr 18 02:51:03 serv1 sshd[31525]: Connection from 118.194.63.144 port 38248
Apr 18 02:51:06 serv1 sshd[31525]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:07 serv1 sshd[31527]: Set /proc/self/oom_adj to 0
Apr 18 02:51:07 serv1 sshd[31527]: Connection from 118.194.63.144 port 38518
Apr 18 02:51:09 serv1 sshd[31527]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:10 serv1 sshd[31529]: Set /proc/self/oom_adj to 0
Apr 18 02:51:10 serv1 sshd[31529]: Connection from 118.194.63.144 port 38638
Apr 18 02:51:13 serv1 sshd[31529]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:14 serv1 sshd[31531]: Set /proc/self/oom_adj to 0
Apr 18 02:51:14 serv1 sshd[31531]: Connection from 118.194.63.144 port 38880
Apr 18 02:51:16 serv1 sshd[31531]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:17 serv1 sshd[31533]: Set /proc/self/oom_adj to 0
Apr 18 02:51:17 serv1 sshd[31533]: Connection from 118.194.63.144 port 39088
Apr 18 02:51:20 serv1 sshd[31533]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:20 serv1 sshd[31533]: Invalid user stefna from 118.194.63.144
Apr 18 02:51:21 serv1 sshd[31535]: Set /proc/self/oom_adj to 0
Apr 18 02:51:21 serv1 sshd[31535]: Connection from 118.194.63.144 port 39256
Apr 18 02:51:23 serv1 sshd[31535]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 18 02:51:24 serv1 sshd[31537]: Set /proc/self/oom_adj to 0
Apr 18 02:51:24 serv1 sshd[31537]: Connection from 118.194.63.144 port 39522
Apr 18 02:51:27 serv1 sshd[31537]: reverse mapping checking getaddrinfo for ptr144.63.dnion.com [118.194.63.144] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 17 19:23:40 serv1 sshd[31047]: Connection from 203.126.99.216 port 35986
Apr 17 19:23:43 serv1 sshd[31049]: Set /proc/self/oom_adj to 0
Apr 17 19:23:43 serv1 sshd[31049]: Connection from 203.126.99.216 port 36056
Apr 17 19:23:46 serv1 sshd[31051]: Set /proc/self/oom_adj to 0
Apr 17 19:23:46 serv1 sshd[31051]: Connection from 203.126.99.216 port 36105
Apr 17 19:23:49 serv1 sshd[31053]: Set /proc/self/oom_adj to 0
Apr 17 19:23:49 serv1 sshd[31053]: Connection from 203.126.99.216 port 36176
Apr 17 19:23:52 serv1 sshd[31055]: Set /proc/self/oom_adj to 0
Apr 17 19:23:52 serv1 sshd[31055]: Connection from 203.126.99.216 port 36243
Apr 17 19:23:55 serv1 sshd[31057]: Set /proc/self/oom_adj to 0
Apr 17 19:23:55 serv1 sshd[31057]: Connection from 203.126.99.216 port 36307
Apr 17 19:23:58 serv1 sshd[31059]: Set /proc/self/oom_adj to 0
Apr 17 19:23:58 serv1 sshd[31059]: Connection from 203.126.99.216 port 36403
Apr 17 19:24:02 serv1 sshd[31061]: Set /proc/self/oom_adj to 0
Apr 17 19:24:02 serv1 sshd[31061]: Connection from 203.126.99.216 port 36484
Apr 17 19:24:05 serv1 sshd[31063]: Set /proc/self/oom_adj to 0
Apr 17 19:24:05 serv1 sshd[31063]: Connection from 203.126.99.216 port 36551
Apr 17 19:24:08 serv1 sshd[31065]: Set /proc/self/oom_adj to 0
Apr 17 19:24:08 serv1 sshd[31065]: Connection from 203.126.99.216 port 36616
Apr 17 19:24:10 serv1 sshd[31067]: Set /proc/self/oom_adj to 0
Apr 17 19:24:10 serv1 sshd[31067]: Connection from 203.126.99.216 port 36680
Apr 17 19:24:13 serv1 sshd[31069]: Set /proc/self/oom_adj to 0
Apr 17 19:24:13 serv1 sshd[31069]: Connection from 203.126.99.216 port 36745
Apr 17 19:24:16 serv1 sshd[31071]: Set /proc/self/oom_adj to 0
Apr 17 19:24:16 serv1 sshd[31071]: Connection from 203.126.99.216 port 36813
Apr 17 19:24:19 serv1 sshd[31073]: Set /proc/self/oom_adj to 0
Apr 17 19:24:19 serv1 sshd[31073]: Connection from 203.126.99.216 port 36880
Apr 17 19:24:22 serv1 sshd[31075]: Set /proc/self/oom_adj to 0
Apr 17 19:24:22 serv1 sshd[31075]: Connection from 203.126.99.216 port 36947
Apr 17 19:24:25 serv1 sshd[31077]: Set /proc/self/oom_adj to 0
Apr 17 19:24:25 serv1 sshd[31077]: Connection from 203.126.99.216 port 37007
Apr 17 19:24:27 serv1 sshd[31079]: Set /proc/self/oom_adj to 0
Apr 17 19:24:27 serv1 sshd[31079]: Connection from 203.126.99.216 port 37074
Apr 17 19:24:31 serv1 sshd[31081]: Set /proc/self/oom_adj to 0
Apr 17 19:24:31 serv1 sshd[31081]: Connection from 203.126.99.216 port 37148
Apr 17 19:24:35 serv1 sshd[31083]: Set /proc/self/oom_adj to 0
Apr 17 19:24:35 serv1 sshd[31083]: Connection from 203.126.99.216 port 37247
Apr 17 19:24:38 serv1 sshd[31085]: Set /proc/self/oom_adj to 0
Apr 17 19:24:38 serv1 sshd[31085]: Connection from 203.126.99.216 port 37301
Apr 17 19:24:41 serv1 sshd[31087]: Set /proc/self/oom_adj to 0
Apr 17 19:23:43 serv1 sshd[31049]: Set /proc/self/oom_adj to 0
Apr 17 19:23:43 serv1 sshd[31049]: Connection from 203.126.99.216 port 36056
Apr 17 19:23:46 serv1 sshd[31051]: Set /proc/self/oom_adj to 0
Apr 17 19:23:46 serv1 sshd[31051]: Connection from 203.126.99.216 port 36105
Apr 17 19:23:49 serv1 sshd[31053]: Set /proc/self/oom_adj to 0
Apr 17 19:23:49 serv1 sshd[31053]: Connection from 203.126.99.216 port 36176
Apr 17 19:23:52 serv1 sshd[31055]: Set /proc/self/oom_adj to 0
Apr 17 19:23:52 serv1 sshd[31055]: Connection from 203.126.99.216 port 36243
Apr 17 19:23:55 serv1 sshd[31057]: Set /proc/self/oom_adj to 0
Apr 17 19:23:55 serv1 sshd[31057]: Connection from 203.126.99.216 port 36307
Apr 17 19:23:58 serv1 sshd[31059]: Set /proc/self/oom_adj to 0
Apr 17 19:23:58 serv1 sshd[31059]: Connection from 203.126.99.216 port 36403
Apr 17 19:24:02 serv1 sshd[31061]: Set /proc/self/oom_adj to 0
Apr 17 19:24:02 serv1 sshd[31061]: Connection from 203.126.99.216 port 36484
Apr 17 19:24:05 serv1 sshd[31063]: Set /proc/self/oom_adj to 0
Apr 17 19:24:05 serv1 sshd[31063]: Connection from 203.126.99.216 port 36551
Apr 17 19:24:08 serv1 sshd[31065]: Set /proc/self/oom_adj to 0
Apr 17 19:24:08 serv1 sshd[31065]: Connection from 203.126.99.216 port 36616
Apr 17 19:24:10 serv1 sshd[31067]: Set /proc/self/oom_adj to 0
Apr 17 19:24:10 serv1 sshd[31067]: Connection from 203.126.99.216 port 36680
Apr 17 19:24:13 serv1 sshd[31069]: Set /proc/self/oom_adj to 0
Apr 17 19:24:13 serv1 sshd[31069]: Connection from 203.126.99.216 port 36745
Apr 17 19:24:16 serv1 sshd[31071]: Set /proc/self/oom_adj to 0
Apr 17 19:24:16 serv1 sshd[31071]: Connection from 203.126.99.216 port 36813
Apr 17 19:24:19 serv1 sshd[31073]: Set /proc/self/oom_adj to 0
Apr 17 19:24:19 serv1 sshd[31073]: Connection from 203.126.99.216 port 36880
Apr 17 19:24:22 serv1 sshd[31075]: Set /proc/self/oom_adj to 0
Apr 17 19:24:22 serv1 sshd[31075]: Connection from 203.126.99.216 port 36947
Apr 17 19:24:25 serv1 sshd[31077]: Set /proc/self/oom_adj to 0
Apr 17 19:24:25 serv1 sshd[31077]: Connection from 203.126.99.216 port 37007
Apr 17 19:24:27 serv1 sshd[31079]: Set /proc/self/oom_adj to 0
Apr 17 19:24:27 serv1 sshd[31079]: Connection from 203.126.99.216 port 37074
Apr 17 19:24:31 serv1 sshd[31081]: Set /proc/self/oom_adj to 0
Apr 17 19:24:31 serv1 sshd[31081]: Connection from 203.126.99.216 port 37148
Apr 17 19:24:35 serv1 sshd[31083]: Set /proc/self/oom_adj to 0
Apr 17 19:24:35 serv1 sshd[31083]: Connection from 203.126.99.216 port 37247
Apr 17 19:24:38 serv1 sshd[31085]: Set /proc/self/oom_adj to 0
Apr 17 19:24:38 serv1 sshd[31085]: Connection from 203.126.99.216 port 37301
Apr 17 19:24:41 serv1 sshd[31087]: Set /proc/self/oom_adj to 0
Die IP´s habe ich Absichtlich nicht versteckt ;o)
Ich bin der Meinung das bei solchen; nennen wir sie "Angriffsversuche" die Option der sshd_conf "Maxtartups" oder "MaxAuthtries" greifen sollte. Doch der Chinamen wird ja nicht Abgeblockt. Fail2Ban läuft auch und das zuverlässig wenn Username und oder Passwort mit geschickt werden. Doch bei solchen Verbindungen ohne Userdaten passiert da scheinbar nichts. Diese Verbindungen gehen teils 20 Minuten und länger weiter.
Und keine Sorge. Alles läuft üner 2048 Bit Private Key´s :emoticon-0183-swear
Wäre toll wenn mir da jemand einen Tipp geben könnte wie ich sowas unterbinden kann, oder ob man einfach damit Leben muss.
Kuss und Gruß!