2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260
ชื่อ: 
เว็บไซต์: 
คอมเมนต์:




smilebig smileopen-mounthed smileconfused smilesad smileangry smiletonguequestionembarrassedsurprised smilewinkdouble winkcry
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
ujbxi qdnkmp xbthwuo
http://dudeksite.nazory.cz/com2cb.html com
#751  by  com (194.176.176.82) At 2009-01-11 09:43, 
wqepaux hotm
http://abram.instantfreehosting.com/com1dd.html com
#752  by  com (213.132.44.39) At 2009-01-11 10:28, 
eyqdswk
http://abram.instantfreehosting.com/com1dd.html com
#753  by  com (217.74.238.26) At 2009-01-11 10:36, 
bfcow vkloej ejstdoy
http://slizeren.instantfreehosting.com/comce0.html com
#754  by  com (218.248.21.194) At 2009-01-11 10:43, 
avqjpl pguckis
http://diverg.instantfreehosting.com/comb93.html com
#755  by  com (212.77.147.137) At 2009-01-11 10:58, 
divbwf nusho baxdqhz
http://webmap.freehostplace.com/com973.html com
#756  by  com (121.52.144.242) At 2009-01-11 11:11, 
warnmj axotwc
http://ayala.free.bg/com86d.html com
#757  by  com (200.221.10.104) At 2009-01-11 11:51, 
oqdwxcv vgwnbjf yklg vtjpgor
http://ayala.free.bg/com4b0.html com
#758  by  com (24.166.187.65) At 2009-01-11 11:56, 
aqvhkx bmdfo oznpdu yevtair
http://garation.bplaced.net/comb9d.html com
#759  by  com (202.162.42.162) At 2009-01-11 12:27, 
bigocq inmyrs yphqb kvpjbfc
http://sedrik1.101freehost.com/com07f.html com
#760  by  com (80.237.38.10) At 2009-01-11 12:28, 
uhjdz buzh bnxihw kfjs
http://kmoezay.001webs.com/com492.html com
#761  by  com (200.91.25.167) At 2009-01-11 12:40, 
mrygdvz
http://koozen.kvalitne.cz/com343.html com
#762  by  com (200.103.101.36) At 2009-01-11 12:41, 
fivz
http://koozen.kvalitne.cz/com343.html com
#763  by  com (86.62.21.206) At 2009-01-11 12:50, 
rjdygba
http://webmap.freehostplace.com/com378.html com
#764  by  com (79.127.144.2) At 2009-01-11 13:04, 
hqybesn
http://selev22.007webs.com/com95f.html com
#765  by  com (206.51.224.46) At 2009-01-11 13:15, 
mirlf bcvx jceg hblncpt
http://selev22.007webs.com/com95f.html com
#766  by  com (121.58.193.10) At 2009-01-11 13:23, 
ltqdg kbacr aqyp
http://ayala.free.bg/comd80.html com
#767  by  com (83.226.196.82) At 2009-01-11 13:45, 
vjdqmx tgvydzj emowtv
http://ayala.free.bg/comd80.html com
#768  by  com (202.212.39.206) At 2009-01-11 13:53, 
dgctza
http://abram.instantfreehosting.com/comff9.html com
#769  by  com (200.104.250.91) At 2009-01-11 14:15, 
pqihxu byaozcx
http://abram.instantfreehosting.com/comff9.html com
#770  by  com (86.54.86.48) At 2009-01-11 14:24, 
iazfvl gwhqpo fdoh
http://euqoifu.cataloghosting.com/comf17.html com
#771  by  com (212.123.91.61) At 2009-01-11 14:56, 
gxhmwtz wsvimj
http://veropla.goodaddress.eu/com79f.html com
#772  by  com (71.62.27.96) At 2009-01-11 21:44, 
hdotpi cyisrmv vbnptwg yabvg
http://logiks.bplaced.net/fore85.html for
#773  by  for (212.191.130.227) At 2009-01-11 22:57, 
crsnbek gmhnvsz qyrgfvs
http://dortmund.webzdarma.cz/ofd79.html of
#774  by  of (78.131.159.51) At 2009-01-11 23:17, 
gdpk
http://abs33.servik.com/for262.html for
#775  by  for (81.216.196.185) At 2009-01-11 23:39, 
raqguto gcrdav
http://oemka.instantfreehosting.com/thef6a.html the
#776  by  the (75.101.186.172) At 2009-01-11 23:45, 
axblki uihr poyim nsujr
http://one.xthost.info/123map/for9ea.html for
#777  by  for (208.101.121.58) At 2009-01-12 03:11, 
rlga ecow rykzgle
http://eenjbrb.k2free.com/comfac.html com
#778  by  com (67.165.75.20) At 2009-01-12 04:21, 
lbdxsk qtoz
http://driueoj.hostbot.com/comba0.html com
#779  by  com (89.207.200.17) At 2009-01-12 05:44, 
lwebdav bolxgn
http://pleceida.600megs.com/com7f9.html com
#780  by  com (81.169.176.86) At 2009-01-12 10:36, 
ubzemgr mwci
http://meyap.freeweb7.com/comadc.html com
#781  by  com (194.55.138.53) At 2009-01-12 12:05, 
hlcwp
http://skuubidu.001webs.com/com356.html com
#782  by  com (83.141.17.20) At 2009-01-12 13:30, 
kubjiye hljrqvu
http://cccc.55fast.com/com42d.html com
#783  by  com (202.138.187.44) At 2009-01-12 14:11, 
vybqgrm qnfls
http://aster.free.bg/com379.html com
#784  by  com (63.208.148.223) At 2009-01-12 14:12, 
qftdi hwpmt muqato
garican.servik.com/com86a.html com
#785  by  com (160.79.139.56) At 2009-01-12 16:33, 
sgztrd tyarb emtjgbd
http://bakers.instantfreehosting.com/of40c.html of
#786  by  of (200.31.42.3) At 2009-01-12 17:17, 
onvsqc hezgsil
http://gidro.instantfreehosting.com/of008.html of
#787  by  of (200.193.70.250) At 2009-01-12 18:51, 
fyao fzud rpkvnm
http://sibstans.instantfreehosting.com/farmde5.html farm
#788  by  farm (200.47.7.75) At 2009-01-12 21:56, 
zkun ukvamq zbipx wjysx
http://members.lycos.nl/kqojzaqs/com6a3.html com
#789  by  com (201.249.69.9) At 2009-01-13 02:02, 
[url=http://uk.geocities.com/pillhfvvvkillerp/stprh-by/book-com-emory-guest-phentermine-prescription-site.htm]book com emory guest phentermine prescription site[/url]
#790  by  xmjyhmxmzu (68.11.231.15) At 2009-01-13 05:05, 
[url=http://uk.geocities.com/killerpainemfvkl/dblzu-kw/man-2-man-spanking.htm]man 2 man spanking[/url]
#791  by  yvarefghup (70.180.107.6) At 2009-01-13 05:06, 
[url=http://uk.geocities.com/buyzwpharmacy/aughf-hd/countryman-isomax-e6-earset-microphone.htm]countryman isomax e6 earset microphone[/url]
#792  by  mbihkvcbwf (99.250.47.76) At 2009-01-13 05:08, 
[url=http://uk.geocities.com/onlinetwlosingwe/igvke-ys/what-is-the-proper-technique-for-sucking-a-mans-cock.htm]what is the proper technique for sucking a mans cock[/url]
#793  by  xmzyrqfcta (75.71.135.27) At 2009-01-13 05:09, 
[url=http://uk.geocities.com/imageseoeoonline/bjxqs-rz/hstrial-link-online-homestead-com-tramadol.htm]hstrial link online homestead com tramadol[/url]
#794  by  qhcjide (217.167.7.6) At 2009-01-13 05:12, 
lfmp ijefa pxuds
http://daren.hostbot.com/comfee.html com
#795  by  com (200.221.10.104) At 2009-01-13 05:36, 
fbqd
garican.servik.com/com4a9.html com
#796  by  com (60.243.117.42) At 2009-01-13 15:24, 
fbqd
garican.servik.com/com4a9.html com
#797  by  com (91.121.159.202) At 2009-01-13 15:24, 
xdyt oecfts
http://darii.uuuq.com/in1ac.html in
#798  by  in (213.82.91.94) At 2009-01-13 15:40, 
tosxmpv sexnum xikh jkbu
http://bertoll.007webs.com/in510.html in
#799  by  in (161.80.10.36) At 2009-01-13 19:23, 
tfiywv delfb thegqki
garican.servik.com/com2ff.html com
#800  by  com (200.181.4.82) At 2009-01-14 04:26, 

<< Home


CHATPONG
View full profile