Tenho analisado meus logs ultimamente e percebi que todos os dias estou sendo alvo de ataques Brute force de vários IPs.... gostariad e saber se eu não sou o único....
Código :sshd: Authentication Failures: unknown (200.129.178.33): 441 Time(s) andre (200.129.178.33): 10 Time(s) mailman (200.129.178.33): 10 Time(s) root (210.205.6.63): 8 Time(s) squid (200.129.178.33): 6 Time(s) nobody (200.129.178.33): 3 Time(s) root (201008166141.user.veloxzone.com.br): 1 Time(s) unknown (201008166141.user.veloxzone.com.br): 1 Time(s) Invalid Users: Unknown Account: 442 Time(s)
Código :Failed logins from these: andre/password from 200.129.178.33: 10 Time(s) mailman/password from 200.129.178.33: 10 Time(s) nobody/password from 200.129.178.33: 3 Time(s) root/password from 201.8.166.141: 1 Time(s) root/password from 210.205.6.63: 8 Time(s) squid/password from 200.129.178.33: 6 Time(s) **Unmatched Entries** Invalid user diretoria from 200.129.178.33 Failed password for invalid user diretoria from 200.129.178.33 port 38207 ssh2 Invalid user diretoria from 200.129.178.33 Failed password for invalid user diretoria from 200.129.178.33 port 38256 ssh2 Invalid user diretoria from 200.129.178.33 Failed password for invalid user diretoria from 200.129.178.33 port 38306 ssh2 Invalid user diretoria from 200.129.178.33 Failed password for invalid user diretoria from 200.129.178.33 port 38367 ssh2 Invalid user diretoria from 200.129.178.33 Failed password for invalid user diretoria from 200.129.178.33 port 38413 ssh2 Invalid user diretoria from 200.129.178.33 Failed password for invalid user diretoria from 200.129.178.33 port 38486 ssh2 Invalid user diretoria from 200.129.178.33 Failed password for invalid user diretoria from 200.129.178.33 port 38535 ssh2 Invalid user diretoria from 200.129.178.33 Failed password for invalid user diretoria from 200.129.178.33 port 38583 ssh2 Invalid user diretoria from 200.129.178.33 Failed password for invalid user diretoria from 200.129.178.33 port 38634 ssh2 Invalid user diretoria from 200.129.178.33 Failed password for invalid user diretoria from 200.129.178.33 port 38681 ssh2 Invalid user diretor from 200.129.178.33 Failed password for invalid user diretor from 200.129.178.33 port 38765 ssh2 Invalid user diretor from 200.129.178.33 Failed password for invalid user diretor from 200.129.178.33 port 38853 ssh2 Invalid user diretor from 200.129.178.33 Failed password for invalid user diretor from 200.129.178.33 port 38910 ssh2 Invalid user diretor from 200.129.178.33 Failed password for invalid user diretor from 200.129.178.33 port 38951 ssh2 Invalid user diretor from 200.129.178.33 Failed password for invalid user diretor from 200.129.178.33 port 39005 ssh2 Invalid user diretor from 200.129.178.33 Failed password for invalid user diretor from 200.129.178.33 port 39051 ssh2 Invalid user diretor from 200.129.178.33 Failed password for invalid user diretor from 200.129.178.33 port 39111 ssh2 Invalid user diretor from 200.129.178.33 Failed password for invalid user diretor from 200.129.178.33 port 39155 ssh2 Invalid user diretor from 200.129.178.33 Failed password for invalid user diretor from 200.129.178.33 port 39298 ssh2 Invalid user lucas from 200.129.178.33 Failed password for invalid user lucas from 200.129.178.33 port 46338 ssh2 Invalid user lucas from 200.129.178.33 Failed password for invalid user lucas from 200.129.178.33 port 46386 ssh2 Invalid user lucas from 200.129.178.33 Failed password for invalid user lucas from 200.129.178.33 port 46465 ssh2 Invalid user mauricio from 200.129.178.33 Invalid user lucas from 200.129.178.33 Failed password for invalid user mauricio from 200.129.178.33 port 46464 ssh2 Failed password for invalid user lucas from 200.129.178.33 port 46509 ssh2 Invalid user mauricio from 200.129.178.33 Invalid user lucas from 200.129.178.33 Failed password for invalid user mauricio from 200.129.178.33 port 46544 ssh2 Failed password for invalid user lucas from 200.129.178.33 port 46556 ssh2 Invalid user mauricio from 200.129.178.33 Failed password for invalid user mauricio from 200.129.178.33 port 46594 ssh2 Invalid user mauricio from 200.129.178.33 Failed password for invalid user mauricio from 200.129.178.33 port 46672 ssh2 Invalid user mauricio from 200.129.178.33 Failed password for invalid user mauricio from 200.129.178.33 port 46756 ssh2 Invalid user mauricio from 200.129.178.33 Failed password for invalid user mauricio from 200.129.178.33 port 46835 ssh2 Invalid user mauricio from 200.129.178.33 Failed password for invalid user mauricio from 200.129.178.33 port 46875 ssh2 Invalid user mauricio from 200.129.178.33 Failed password for invalid user mauricio from 200.129.178.33 port 46997 ssh2 Invalid user mauricio from 200.129.178.33 Failed password for invalid user mauricio from 200.129.178.33 port 47053 ssh2 Invalid user edilson from 200.129.178.33 Failed password for invalid user edilson from 200.129.178.33 port 47264 ssh2 Invalid user edilson from 200.129.178.33 Failed password for invalid user edilson from 200.129.178.33 port 47311 ssh2 Invalid user edilson from 200.129.178.33 Failed password for invalid user edilson from 200.129.178.33 port 47403 ssh2 Invalid user edilson from 200.129.178.33 Failed password for invalid user edilson from 200.129.178.33 port 47493 ssh2 Invalid user edilson from 200.129.178.33 Failed password for invalid user edilson from 200.129.178.33 port 47548 ssh2 Invalid user edilson from 200.129.178.33 Failed password for invalid user edilson from 200.129.178.33 port 47596 ssh2 Invalid user edilson from 200.129.178.33 Failed password for invalid user edilson from 200.129.178.33 port 47643 ssh2 Invalid user edilson from 200.129.178.33 Failed password for invalid user edilson from 200.129.178.33 port 47687 ssh2 Invalid user edilson from 200.129.178.33 Failed password for invalid user edilson from 200.129.178.33 port 47729 ssh2 Invalid user edilson from 200.129.178.33 Failed password for invalid user edilson from 200.129.178.33 port 47795 ssh2 Invalid user edson from 200.129.178.33 Failed password for invalid user edson from 200.129.178.33 port 47851 ssh2 Invalid user edson from 200.129.178.33 Invalid user jorge from 200.129.178.33 Failed password for invalid user edson from 200.129.178.33 port 47905 ssh2 Failed password for invalid user jorge from 200.129.178.33 port 47886 ssh2
percebam que as portas vão subindo, ou seja, um script que ta fazendo issu.... o estranho que tem IP até do japão...estes logs são apenas de hj...
a lista de hj e 5 vezes maior do que esta que postei...