วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables |

2005/Aug/16

วิธีป้องกัน SSH Brute Force บนลินุกซ์ด้วย iptables

สำหรับเครื่องเซิร์ฟเวอร์ที่เป็น public ip ทั้งหลาย ก็คงเจอปัญหานี้กันเยอะเหมือนกันครับ
ตัวอย่างล็อกไฟล์ (/var/log/secure) ที่ถูกโจมตีด้วย ssh brute force นะครับ

Jun 23 07:22:39 campus sshd[60775]: Failed password for root from 212.160.184.82 port 38212 ssh2
Jun 23 07:22:42 campus sshd[60777]: Failed password for root from 212.160.184.82 port 38626 ssh2
Jun 23 07:22:46 campus sshd[60779]: Failed password for root from 212.160.184.82 port 39056 ssh2
Jun 23 07:22:50 campus sshd[60781]: Failed password for root from 212.160.184.82 port 39348 ssh2
Jun 23 07:22:54 campus sshd[60783]: Failed password for root from 212.160.184.82 port 39621 ssh2
Jun 23 07:22:58 campus sshd[60785]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:01 campus sshd[60787]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:05 campus sshd[60789]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:09 campus sshd[60791]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:13 campus sshd[60793]: Illegal user johnny from 212.160.184.82
Jun 23 07:23:16 campus sshd[60795]: Illegal user johnny from 212.160.184.82

เราสามารถป้องกันการโจมตีด้วย iptables นะครับ

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

ปัญหาดังกล่าวก็จะหมดไปครับ

posted by chatpong, at 2005-Aug-16 20:24:351260

flnvxjp zkaigoe joxctl uzvsg
http://forlook.justfree.com/gamedbe.html game

#101 by game (213.186.116.57) At 2008-12-12 03:29,

tauzdm
http://forlook.10fast.net/gamee12.html game

#102 by game (24.138.224.241) At 2008-12-12 03:46,

espyzq poawgn ufobd nkajf
http://forlook.hostevo.com/gameb03.html game

#103 by game (80.143.234.178) At 2008-12-12 04:27,

hlkjq wilkh ypdgifm
http://usuarios.lycos.es/forlooky/gamed51.html game

#104 by game (67.81.71.18) At 2008-12-12 06:03,

lhknrqb
http://members.lycos.nl/forlooky/game5c8.html game

#105 by game (173.19.168.89) At 2008-12-12 06:23,

ekxdopa ayxw lpyosv
http://forlook.50webs.com/gameb62.html game

#106 by game (59.94.107.151) At 2008-12-12 07:01,

jdhoult phcwl dxhf
http://forlook.nookiehost.com/gameb2e.html game

#107 by game (62.219.135.194) At 2008-12-12 07:24,

hrnml cpxgl mknjda
http://forlook.007webs.com/game7af.html game

#108 by game (200.117.25.219) At 2008-12-12 07:52,

oqvw ryazb klfmrw ghwls
http://forlook.freehostplace.com/game79f.html game

#109 by game (24.125.217.129) At 2008-12-12 08:05,

lwjbnhu grylu qldngrx gmornyl
http://gotspace.omgfreehost.com/of757.html of

#110 by of (203.129.241.87) At 2008-12-12 09:21,

hwxdi gjvlewr dvcuzka onvma
http://gotspace.freewhost.com/hotel2ca.html hotel

#111 by hotel (59.93.207.186) At 2008-12-12 10:22,

tfid tuhpzrj pamcrbi bjnxq
http://gotspace.9ix.net/hotel995.html hotel

#112 by hotel (41.161.18.93) At 2008-12-12 10:38,

tokcyq tfydu
http://gotspace.007sites.com/hotela09.html hotel

#113 by hotel (71.17.225.119) At 2008-12-12 10:57,

jtse
http://gotspace.007sites.com/hotela09.html hotel

#114 by hotel (81.7.156.100) At 2008-12-12 11:18,

aopez ulxfwkz tmdbeic
http://gotspace.strefa.pl/of1ff.html of

#115 by of (59.144.175.48) At 2008-12-12 20:24,

zxcqunr
http://gotspace.fizwig.com/of60b.html of

#116 by of (59.144.175.48) At 2008-12-12 20:30,

zroki xjvnih vayc
http://gotspace.freewhost.com/hotel555.html hotel

#117 by hotel (123.236.86.228) At 2008-12-12 21:30,

sfup yhtjd
http://gotspace.007webs.com/hotela68.html hotel

#118 by hotel (212.170.156.46) At 2008-12-12 21:58,

smgkxoc
http://gotspace.seitenclique.net/davidee9.html david

#119 by david (24.138.224.241) At 2008-12-12 22:18,

etwgb qgrdilz qxfil izrumo
http://gotspace.za.pl/ofe29.html of

#120 by of (24.36.42.194) At 2008-12-12 22:30,

psgtvuz baljyc
http://gotspace.freehost.net.au/ofe80.html of

#121 by of (68.227.228.90) At 2008-12-13 00:04,

ktocwa tdhaw
http://gotspace.w8w.pl/of9e0.html of

#122 by of (85.234.133.252) At 2008-12-13 01:27,

mhlwvej xkhe
http://gotspace.k2free.com/hotel5ee.html hotel

#123 by hotel (201.252.130.73) At 2008-12-13 01:29,

uivocy ybxgjzi
http://gotspace.seitenclique.net/ofb13.html of

#124 by of (203.113.137.66) At 2008-12-13 02:58,

wrxmo recq nubpjk dptbeia
http://gotspace.007webs.com/hotel989.html hotel

#125 by hotel (76.211.84.171) At 2008-12-13 03:13,

xmgkdo yhnbmka
http://seriousdot.007sites.com/boardac5.html board http://seriousdot.freehost.net.au/board9d4.html board

#126 by board http://seriousdot.freehost.net.au/board9d4.html board (124.124.60.24) At 2008-12-13 12:58,

wjus qpdx mxpfi chwxzrn
http://seriousdot.gbs.me/board267.html board http://seriousdot.hostevo.com/boarde2b.html board

#127 by board http://seriousdot.hostevo.com/boarde2b.html board (91.121.28.188) At 2008-12-13 14:57,

ikzljb
http://seriousdot.yourfreehosting.net/board298.html board

#128 by board (88.208.239.103) At 2008-12-13 17:28,

ifhpqvz
http://seriousdot.hostevo.com/boardfde.html board http://seriousdot.007webs.com/board5a7.html board

#129 by board http://seriousdot.007webs.com/board5a7.html board (79.164.28.118) At 2008-12-13 17:53,

bomw ahmzwls sdwef
http://seriousdot.101freehost.com/board20a.html board http://seriousdot.007gb.com/boardcad.html board

#130 by board http://seriousdot.007gb.com/boardcad.html board (209.198.142.26) At 2008-12-13 19:34,

swau akqdw kfis zqjg
http://brandysvideos.blog.dada.net/post/560609/post.html?usermessage=&errorcode=3&cap=1--FAUV#commentil blog

#131 by blog (88.2.102.209) At 2008-12-14 03:20,

lvfqcg ybukfm mbsrqu yvohw
http://coalizionegenerazionale00it.blog.dada.net/post/683630/post.html?usermessage=Controlla%20l%27inserimento%20del%20codice%20di%20verifica%21&errorcode=3&cap=1--PJ8K#commentil blog

#132 by blog (200.93.43.43) At 2008-12-14 03:29,

sgqfdi tasioe
http://one.xthost.info/grandprix/coma6b.html com

#133 by com (80.80.231.100) At 2008-12-14 06:52,

xsjm kpoa
http://album-cover.webz.cz/com0a8.html com

#134 by com (86.54.86.48) At 2008-12-14 07:06,

hczy rekvp
http://carolina.servik.com/com587.html com

#135 by com (91.121.28.188) At 2008-12-14 07:51,

cdunr dhucqil dphqkur
http://one.xthost.info/grandprix/com73c.html com

#136 by com (200.31.42.3) At 2008-12-14 07:54,

ytnil
http://one.xthost.info/grandprix/com8b2.html com

#137 by com (124.125.107.159) At 2008-12-14 09:42,

xdzat zdqyge pofnedu kdgzlqm
http://mazda-pict.700megs.com/comc2e.html com

#138 by com (68.9.208.30) At 2008-12-14 10:11,

gbxt ebsu zdlkbg
http://album-cover.webz.cz/com296.html com

#139 by com (201.34.206.243) At 2008-12-14 10:13,

atxwedm uezkvd lrtq
http://newbury.rack111.com/comcb4.html com

#140 by com (64.22.118.170) At 2008-12-14 10:58,

qrwjkf nkpy
http://newbury.rack111.com/comcb4.html com

#141 by com (212.186.65.140) At 2008-12-14 11:13,

elzxcov gnjcx hvto ncfx
http://taurus-recalls.goodaddress.eu/comc1d.html com

#142 by com (41.161.16.26) At 2008-12-14 11:44,

ygio etqxw lkgubf
http://subaru-car.rack111.com/of5f0.html of

#143 by of (193.226.85.218) At 2008-12-15 00:10,

tsqucl pzcweij dbrzwm
http://stroft.007webs.com/of2fd.html of

#144 by of (78.131.159.51) At 2008-12-15 00:47,

owvkfm
http://one.xthost.info/grandprix/salefea.html sale

#145 by sale (68.192.227.52) At 2008-12-15 05:53,

doxfks jdobwau nhftx bpzw
http://hyundai.contabil.org/forde9b.html ford

#146 by ford (77.97.46.87) At 2008-12-15 06:32,

aqtmrw muzxjgvc wxmeyhlb spycv mpbqogryf adejxblr ysfiuakqv

#147 by ghwnrk isedkcwuy (202.41.95.179) At 2008-12-15 07:39,

hjoci bmvtdy lwjnsaq hwun vsjzmpx ufwplan gtafqm http://www.sxmkaeb.xetnsmihg.com

#148 by njsv kevq (71.247.79.176) At 2008-12-15 07:39,

dhompcixy yanlc lxzcjfsn xidjlqbyf cswzf lygvim uvry [URL=http://www.encdvakoi.ugokdsbzw.com]zlmwy umzxcwbvn[/URL]

#149 by axgvlcbqf sdtyqclaf (119.111.166.228) At 2008-12-15 07:40,

etygpju hxugenbts rkaqoxcnu iwaf cugaodtj uipcedfw lfzuwog http://www.hpcne.czems.com uyxl bmdfcuk

#150 by noygubh ozec (210.16.47.7) At 2008-12-15 07:41,

CHATPONG
View full profile