Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Hackerangriffe: wie IP's sperren?
 View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Deutsches Forum (German)
View previous topic :: View next topic  
Author Message
cewlout
n00b
n00b


Joined: 18 Jul 2004
Posts: 45
PostPosted: Mon Jun 13, 2005 10:56 pm    Post subject: Hackerangriffe: wie IP's sperren? Reply with quote
Hallo Leute,

mein /var/log/messages sagt mir, dass es auf meinen Server immer so tolle ssh-bruteforce(?) Attacken gibt:

Code:

Jun 13 22:01:11 ultrasparc64 sshd[3278]: Invalid user abo from 66.111.222.212
Jun 13 22:01:12 ultrasparc64 sshd[3281]: Invalid user atai from 66.111.222.212
Jun 13 22:01:14 ultrasparc64 sshd[3284]: Invalid user ting from 66.111.222.212
Jun 13 22:01:15 ultrasparc64 sshd[3287]: Invalid user vbs from 66.111.222.212
Jun 13 22:01:16 ultrasparc64 sshd[3290]: Invalid user beball from 66.111.222.212
Jun 13 22:01:18 ultrasparc64 sshd[3293]: Invalid user gaine from 66.111.222.212
Jun 13 22:01:19 ultrasparc64 sshd[3296]: Invalid user martin from 66.111.222.212
Jun 13 22:01:20 ultrasparc64 sshd[3299]: Invalid user jimmy from 66.111.222.212
Jun 13 22:01:22 ultrasparc64 sshd[3302]: Invalid user imode from 66.111.222.212
Jun 13 22:01:23 ultrasparc64 sshd[3305]: Invalid user sue from 66.111.222.212
Jun 13 22:01:24 ultrasparc64 sshd[3308]: Invalid user fax from 66.111.222.212
Jun 13 22:01:25 ultrasparc64 sshd[3311]: Invalid user summer from 66.111.222.212
Jun 13 22:01:27 ultrasparc64 sshd[3314]: Invalid user wang from 66.111.222.212
Jun 13 22:01:28 ultrasparc64 sshd[3317]: Invalid user superstar from 66.111.222.212
Jun 13 22:01:29 ultrasparc64 sshd[3320]: Invalid user rd from 66.111.222.212
Jun 13 22:01:31 ultrasparc64 sshd[3323]: Invalid user finance from 66.111.222.212
Jun 13 22:01:32 ultrasparc64 sshd[3326]: Invalid user malisa from 66.111.222.212
Jun 13 22:01:33 ultrasparc64 sshd[3329]: Invalid user jacky from 66.111.222.212
Jun 13 22:01:35 ultrasparc64 sshd[3332]: Invalid user tracy from 66.111.222.212
Jun 13 22:01:36 ultrasparc64 sshd[3335]: Invalid user aircop from 66.111.222.212
Jun 13 22:01:37 ultrasparc64 sshd[3338]: Invalid user wen from 66.111.222.212
Jun 13 22:01:39 ultrasparc64 sshd[3341]: Invalid user jang from 66.111.222.212
Jun 13 22:01:40 ultrasparc64 sshd[3344]: Invalid user iring from 66.111.222.212
Jun 13 22:01:41 ultrasparc64 sshd[3347]: Invalid user supermbox from 66.111.222.212
Jun 13 22:01:42 ultrasparc64 sshd[3350]: Invalid user pos from 66.111.222.212
Jun 13 22:01:44 ultrasparc64 sshd[3353]: Invalid user netinfo from 66.111.222.212
Jun 13 22:01:45 ultrasparc64 sshd[3356]: Invalid user micropayment from 66.111.222.212
Jun 13 22:01:46 ultrasparc64 sshd[3359]: Invalid user paypal from 66.111.222.212
Jun 13 22:01:48 ultrasparc64 sshd[3362]: Invalid user media from 66.111.222.212
Jun 13 22:01:49 ultrasparc64 sshd[3365]: Invalid user investor from 66.111.222.212
Jun 13 22:01:50 ultrasparc64 sshd[3368]: Invalid user windows from 66.111.222.212
Jun 13 22:01:52 ultrasparc64 sshd[3371]: Invalid user epaper from 66.111.222.212
Jun 13 22:01:53 ultrasparc64 sshd[3374]: Invalid user chkengine from 66.111.222.212
Jun 13 22:01:54 ultrasparc64 sshd[3377]: Invalid user rosa from 66.111.222.212
Jun 13 22:01:56 ultrasparc64 sshd[3380]: Invalid user desktop from 66.111.222.212
Jun 13 22:01:57 ultrasparc64 sshd[3383]: Invalid user anonymous from 66.111.222.212
Jun 13 22:01:58 ultrasparc64 sshd[3386]: Invalid user passwd from 66.111.222.212
Jun 13 22:02:00 ultrasparc64 sshd[3389]: Invalid user chuck from 66.111.222.212
Jun 13 22:02:01 ultrasparc64 sshd[3392]: Invalid user darkman from 66.111.222.212
Jun 13 22:02:02 ultrasparc64 sshd[3395]: Invalid user hostmaster from 66.111.222.212
Jun 13 22:02:03 ultrasparc64 sshd[3398]: Invalid user jeffrey from 66.111.222.212
Jun 13 22:02:05 ultrasparc64 sshd[3401]: Invalid user loverd from 66.111.222.212
Jun 13 22:02:06 ultrasparc64 sshd[3404]: Invalid user eric from 66.111.222.212
Jun 13 22:02:07 ultrasparc64 sshd[3407]: Invalid user lauren from 66.111.222.212
Jun 13 22:02:09 ultrasparc64 sshd[3410]: Invalid user mark from 66.111.222.212
Jun 13 22:02:10 ultrasparc64 sshd[3413]: Invalid user sin from 66.111.222.212
Jun 13 22:02:11 ultrasparc64 sshd[3416]: Invalid user richer from 66.111.222.212
Jun 13 22:02:13 ultrasparc64 sshd[3419]: Invalid user fluffy from 66.111.222.212
Jun 13 22:02:14 ultrasparc64 sshd[3422]: Invalid user gold from 66.111.222.212
Jun 13 22:02:15 ultrasparc64 sshd[3425]: Invalid user aur from 66.111.222.212
Jun 13 22:02:17 ultrasparc64 sshd[3428]: Invalid user tomcat from 66.111.222.212
Jun 13 22:02:18 ultrasparc64 sshd[3431]: Invalid user cosinus from 66.111.222.212
Jun 13 22:02:19 ultrasparc64 sshd[3434]: Invalid user sinus from 66.111.222.212
Jun 13 22:02:20 ultrasparc64 sshd[3437]: Invalid user squirrelmail from 66.111.222.212
Jun 13 22:02:22 ultrasparc64 sshd[3440]: Invalid user trash from 66.111.222.212
Jun 13 22:02:23 ultrasparc64 sshd[3443]: Invalid user kent from 66.111.222.212
Jun 13 22:02:24 ultrasparc64 sshd[3446]: Invalid user ace from 66.111.222.212
Jun 13 22:02:26 ultrasparc64 sshd[3449]: Invalid user zip from 66.111.222.212
Jun 13 22:02:27 ultrasparc64 sshd[3452]: Invalid user backup from 66.111.222.212
Jun 13 22:02:28 ultrasparc64 sshd[3455]: Invalid user fish from 66.111.222.212
Jun 13 22:02:30 ultrasparc64 sshd[3458]: Invalid user java from 66.111.222.212
Jun 13 22:02:31 ultrasparc64 sshd[3461]: Invalid user online from 66.111.222.212
Jun 13 22:02:32 ultrasparc64 sshd[3464]: Invalid user oracle from 66.111.222.212
Jun 13 22:02:34 ultrasparc64 sshd[3467]: Invalid user seongjin from 66.111.222.212
Jun 13 22:02:35 ultrasparc64 sshd[3470]: Invalid user sun from 66.111.222.212
Jun 13 22:02:36 ultrasparc64 sshd[3473]: Invalid user susan from 66.111.222.212
Jun 13 22:02:37 ultrasparc64 sshd[3476]: Invalid user temp from 66.111.222.212
Jun 13 22:02:39 ultrasparc64 sshd[3479]: Invalid user town from 66.111.222.212
Jun 13 22:02:40 ultrasparc64 sshd[3482]: Invalid user lady from 66.111.222.212
Jun 13 22:02:41 ultrasparc64 sshd[3485]: Invalid user city from 66.111.222.212
Jun 13 22:02:43 ultrasparc64 sshd[3488]: Invalid user water from 66.111.222.212
Jun 13 22:02:44 ultrasparc64 sshd[3491]: Invalid user webrun from 66.111.222.212
Jun 13 22:02:45 ultrasparc64 sshd[3494]: Invalid user callhome from 66.111.222.212
Jun 13 22:02:47 ultrasparc64 sshd[3497]: Invalid user foobar from 66.111.222.212
Jun 13 22:02:48 ultrasparc64 sshd[3500]: Invalid user ircd from 66.111.222.212
Jun 13 22:02:49 ultrasparc64 sshd[3503]: Invalid user jeni from 66.111.222.212
Jun 13 22:02:51 ultrasparc64 sshd[3506]: Invalid user nick from 66.111.222.212
Jun 13 22:02:52 ultrasparc64 sshd[3509]: Invalid user webster from 66.111.222.212
Jun 13 22:02:53 ultrasparc64 sshd[3512]: Invalid user staff from 66.111.222.212
Jun 13 22:02:54 ultrasparc64 sshd[3515]: Invalid user saito from 66.111.222.212
Jun 13 22:02:56 ultrasparc64 sshd[3518]: Invalid user support from 66.111.222.212
Jun 13 22:02:57 ultrasparc64 sshd[3521]: Invalid user x from 66.111.222.212
Jun 13 22:02:58 ultrasparc64 sshd[3524]: Invalid user bula from 66.111.222.212
Jun 13 22:03:00 ultrasparc64 sshd[3528]: Invalid user felix from 66.111.222.212
Jun 13 22:03:01 ultrasparc64 sshd[3531]: Invalid user lead from 66.111.222.212
Jun 13 22:03:02 ultrasparc64 sshd[3534]: Invalid user romeo from 66.111.222.212
Jun 13 22:03:04 ultrasparc64 sshd[3537]: Invalid user julieta from 66.111.222.212
Jun 13 22:03:05 ultrasparc64 sshd[3540]: Invalid user sarolta from 66.111.222.212
Jun 13 22:03:06 ultrasparc64 sshd[3543]: Invalid user zemba from 66.111.222.212
Jun 13 22:03:08 ultrasparc64 sshd[3546]: Invalid user amar from 66.111.222.212
Jun 13 22:03:09 ultrasparc64 sshd[3549]: Invalid user jubar from 66.111.222.212
Jun 13 22:03:10 ultrasparc64 sshd[3552]: Invalid user mckey from 66.111.222.212
Jun 13 22:03:12 ultrasparc64 sshd[3555]: Invalid user notorius from 66.111.222.212
Jun 13 22:03:13 ultrasparc64 sshd[3558]: Invalid user avenues from 66.111.222.212
Jun 13 22:03:14 ultrasparc64 sshd[3561]: Invalid user sanderson from 66.111.222.212
Jun 13 22:03:15 ultrasparc64 sshd[3564]: Invalid user courier from 66.111.222.212
Jun 13 22:03:17 ultrasparc64 sshd[3567]: Invalid user duane from 66.111.222.212
Jun 13 22:03:18 ultrasparc64 sshd[3570]: Invalid user erin from 66.111.222.212
Jun 13 22:03:19 ultrasparc64 sshd[3573]: Invalid user exim from 66.111.222.212
Jun 13 22:03:21 ultrasparc64 sshd[3576]: Invalid user greg from 66.111.222.212
Jun 13 22:03:22 ultrasparc64 sshd[3579]: Invalid user rodney from 66.111.222.212
Jun 13 22:03:23 ultrasparc64 sshd[3582]: Invalid user ryan from 66.111.222.212
Jun 13 22:03:25 ultrasparc64 sshd[3585]: Invalid user testguy from 66.111.222.212
Jun 13 22:03:26 ultrasparc64 sshd[3588]: Invalid user testgay from 66.111.222.212
Jun 13 22:03:27 ultrasparc64 sshd[3591]: Invalid user whitecanyon from 66.111.222.212
Jun 13 22:03:28 ultrasparc64 sshd[3594]: Invalid user fabrice from 66.111.222.212
Jun 13 22:03:30 ultrasparc64 sshd[3597]: Invalid user sauv from 66.111.222.212
Jun 13 22:03:31 ultrasparc64 sshd[3600]: Invalid user eddie from 66.111.222.212
Jun 13 22:03:32 ultrasparc64 sshd[3603]: Invalid user folkert from 66.111.222.212
Jun 13 22:03:34 ultrasparc64 sshd[3606]: Invalid user beleaua from 66.111.222.212
Jun 13 22:03:35 ultrasparc64 sshd[3609]: Invalid user public from 66.111.222.212
Jun 13 22:03:36 ultrasparc64 sshd[3612]: Invalid user sebestyen from 66.111.222.212
Jun 13 22:03:38 ultrasparc64 sshd[3615]: Invalid user tordai from 66.111.222.212
Jun 13 22:03:39 ultrasparc64 sshd[3618]: Invalid user filter from 66.111.222.212
Jun 13 22:03:40 ultrasparc64 sshd[3621]: Invalid user lady from 66.111.222.212
Jun 13 22:03:42 ultrasparc64 sshd[3624]: Invalid user andrew from 66.111.222.212
Jun 13 22:03:43 ultrasparc64 sshd[3627]: Invalid user com from 66.111.222.212
Jun 13 22:03:44 ultrasparc64 sshd[3630]: Invalid user net from 66.111.222.212
Jun 13 22:03:46 ultrasparc64 sshd[3633]: Invalid user us from 66.111.222.212
Jun 13 22:03:50 ultrasparc64 sshd[3636]: Invalid user doomi from 66.111.222.212
Jun 13 22:03:51 ultrasparc64 sshd[3639]: Invalid user guma from 66.111.222.212
Jun 13 22:03:52 ultrasparc64 sshd[3642]: Invalid user ina from 66.111.222.212
Jun 13 22:03:54 ultrasparc64 sshd[3645]: Invalid user skid from 66.111.222.212
Jun 13 22:03:55 ultrasparc64 sshd[3648]: Invalid user spik from 66.111.222.212
Jun 13 22:03:56 ultrasparc64 sshd[3651]: Invalid user yarul from 66.111.222.212
Jun 13 22:03:58 ultrasparc64 sshd[3654]: Invalid user zako from 66.111.222.212
Jun 13 22:03:59 ultrasparc64 sshd[3657]: Invalid user adv from 66.111.222.212


und viele mehr :-) ..


Gibts ne Möglichkeit dem sshd zu sagen, dass die IP gesperrt wird bei z.B. dem 4. Fehllogin??


Gruß,

co

P.S. Solche Dinger bekomme ich jeden Tag, ca. 400-500 "Attacken" echt ätzend
Back to top
View user's profile Send private message
stream
Guru
Guru


Joined: 04 Jan 2003
Posts: 401
PostPosted: Mon Jun 13, 2005 11:14 pm    Post subject: Reply with quote
:arrow: https://forums.gentoo.org/viewtopic-t-313354-highlight-.html
Back to top
View user's profile Send private message
cewlout
n00b
n00b


Joined: 18 Jul 2004
Posts: 45
PostPosted: Mon Jun 13, 2005 11:37 pm    Post subject: Reply with quote
upsa... thanks
Back to top
View user's profile Send private message
marc
Apprentice
Apprentice


Joined: 13 Jan 2003
Posts: 290
PostPosted: Mon Jun 13, 2005 11:47 pm    Post subject: Reply with quote
Wenn wir mal davon ausgehen das du deinen SSHD auch richtig konfiguriert hast ...
Mit IpTables geht es sehr gut, logischerweise nicht nur mir sshd.

Code:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT
# Sollte klar sein
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "Nerviger BruteForce Heini"
# Zählen wie oft versucht wird, bei 4 mal Nerviger BruteForce Heini ins Log schreiben
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60  --hitcount 4 --rttl --name SSH -j DROP
# Und natürlich Disconnect


Wenn du aber feste IPs hast die sich nur verbinden dürfen solltest du natürlich auch
Allow... Users, Hosts, Group und so weiter in die Config mit aufnehmen.
Back to top
View user's profile Send private message
psyqil
Advocate
Advocate


Joined: 26 May 2003
Posts: 2767
PostPosted: Mon Jun 13, 2005 11:49 pm    Post subject: Reply with quote
Speziell gegen den Blödsinn hilft es schon, einfach nicht Port 22 zu nutzen...
Back to top
View user's profile Send private message
slick
Bodhisattva
Bodhisattva


Joined: 20 Apr 2003
Posts: 3495
PostPosted: Tue Jun 14, 2005 6:10 am    Post subject: Reply with quote
Oder man installiert sich knock (im portage), da muss man dann nur richtig "anklopfen" das der Port aufgeht
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Deutsches Forum (German) All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy