让傀儡机去洗洗睡吧


DenyHosts在这里.

sshd:
Authentication Failures:
unknown (124.124.59.60): 8496 Time(s)
root (124.124.59.60): 1166 Time(s)
mail (124.124.59.60): 67 Time(s)
mysql (124.124.59.60): 67 Time(s)
nobody (124.124.59.60): 62 Time(s)
……

“我最讨厌你们这些劫匪了,一点技术含量都没有。” 当你看到某人或某傀儡机一遍一遍又一遍的蒙你的登录账号(俗称暴力破解), 你也会这么想吧.

Google了一下, 原来Centos已经包含了简单且有效的解决方案. 如果还没有安装DenyHosts可以一步安装:

sudo yum install denyhosts

缺省配置(/etc/denyhosts.conf)基本可用, 改一下接收报告的Email地址, 就启动吧:

sudo chkconfig –levels 2345 denyhosts on
sudo service denyhosts start

首次启动可能时间长一些, 因为要分析全部的日志文件. 之后, 和那些”别有用心”的肉机傀儡机说再见吧.

Added the following hosts to /etc/hosts.deny:

111.68.108.6 (111.68.108.6.pern.pk)
115.92.190.222 (unknown)
218.14.203.206 (unknown)
41.204.167.5 (unknown)
187.17.73.102 (187-17-73-102.whservidor.com)
59.50.43.234 (unknown)
119.147.105.247 (unknown)
174.142.111.44 (ip-174-142-111-44.static.privatedns.com)
123.125.127.132 (unknown)
203.126.53.110 (unknown)
202.198.8.54 (unknown)
222.236.46.222 (unknown)
124.124.59.60 (unknown)
118.219.234.163 (unknown)
218.29.203.4 (hn.kd.ny.adsl)
222.141.118.117 (hn.kd.ny.adsl)
173.234.224.16 (ns0.rlookuphost.com)
213.5.67.2 (hosted-by.altushost.com)
202.111.175.123 (unknown)
……


2 responses to “让傀儡机去洗洗睡吧”