V2EX = way to explore
V2EX 是一个关于分享和探索的地方
Sign Up Now
For Existing Member Sign In
日志里各种sshd[xxxx]: Invalid user USERNAME from x.x.x.x ,用户名还有gitolite, gitosis, 什么情况?
TankyWoo · tankywoo · Jan 14, 2014 · 4904 viewsThis topic created in 4486 days ago, the information mentioned may be changed or developed.
每分钟都有一条日志,每个用户名都摘取几条,这些都是企图暴力登录的日志?
Jan 14 09:19:32 linode-gentoo sshd[13280]: Invalid user gitolite from 91.121.203.75
Jan 14 09:20:32 linode-gentoo sshd[13418]: Invalid user gitolite from 91.121.203.75
Jan 14 09:21:37 linode-gentoo sshd[13593]: Invalid user gitolite from 91.121.203.75
Jan 14 09:28:06 linode-gentoo sshd[14601]: Invalid user gitosis from 91.121.203.75
Jan 14 09:29:17 linode-gentoo sshd[14783]: Invalid user gitosis from 91.121.203.75
Jan 14 09:30:12 linode-gentoo sshd[14966]: Invalid user gitosis from 91.121.203.75
Jan 14 11:32:19 linode-gentoo sshd[2620]: Invalid user a from 77.40.50.146
Jan 14 11:32:38 linode-gentoo sshd[2664]: Invalid user jenkins from 91.121.203.75
Jan 14 11:33:44 linode-gentoo sshd[2839]: Invalid user jenkins from 91.121.203.75
Jan 14 11:34:46 linode-gentoo sshd[3004]: Invalid user jenkins from 91.121.203.75
Jan 14 12:45:24 linode-gentoo sshd[15406]: Invalid user jira from 91.121.203.75
Jan 14 12:46:34 linode-gentoo sshd[15583]: Invalid user jira from 91.121.203.75
Jan 14 12:47:35 linode-gentoo sshd[15755]: Invalid user jira from 91.121.203.75
本地用git init --bare example.git 的简单方式搭建了几个git仓库,用户用git
git:x:1005:1005::/home/git:/usr/bin/git-shell
使用了 git-shell,禁止密码登录了,还加了相关规则,安全上应该能做的都做了,.
(详细见我以前总结的 http://tech.wutianqi.com/blog/2013/12/21/set-up-a-private-git-server-simply/ )
看监听端口也只有sshd, nginx, sendmail的端口,很好奇为啥会吸引别人来尝试用户gitolite, gitosis 这些来尝试登录?难道还能扫描到我系统里有git仓库?
Jan 14 09:19:32 linode-gentoo sshd[13280]: Invalid user gitolite from 91.121.203.75
Jan 14 09:20:32 linode-gentoo sshd[13418]: Invalid user gitolite from 91.121.203.75
Jan 14 09:21:37 linode-gentoo sshd[13593]: Invalid user gitolite from 91.121.203.75
Jan 14 09:28:06 linode-gentoo sshd[14601]: Invalid user gitosis from 91.121.203.75
Jan 14 09:29:17 linode-gentoo sshd[14783]: Invalid user gitosis from 91.121.203.75
Jan 14 09:30:12 linode-gentoo sshd[14966]: Invalid user gitosis from 91.121.203.75
Jan 14 11:32:19 linode-gentoo sshd[2620]: Invalid user a from 77.40.50.146
Jan 14 11:32:38 linode-gentoo sshd[2664]: Invalid user jenkins from 91.121.203.75
Jan 14 11:33:44 linode-gentoo sshd[2839]: Invalid user jenkins from 91.121.203.75
Jan 14 11:34:46 linode-gentoo sshd[3004]: Invalid user jenkins from 91.121.203.75
Jan 14 12:45:24 linode-gentoo sshd[15406]: Invalid user jira from 91.121.203.75
Jan 14 12:46:34 linode-gentoo sshd[15583]: Invalid user jira from 91.121.203.75
Jan 14 12:47:35 linode-gentoo sshd[15755]: Invalid user jira from 91.121.203.75
本地用git init --bare example.git 的简单方式搭建了几个git仓库,用户用git
git:x:1005:1005::/home/git:/usr/bin/git-shell
使用了 git-shell,禁止密码登录了,还加了相关规则,安全上应该能做的都做了,.
(详细见我以前总结的 http://tech.wutianqi.com/blog/2013/12/21/set-up-a-private-git-server-simply/ )
看监听端口也只有sshd, nginx, sendmail的端口,很好奇为啥会吸引别人来尝试用户gitolite, gitosis 这些来尝试登录?难道还能扫描到我系统里有git仓库?
 |
1
9hills Jan 14, 2014
甭管它,又没啥危害。。
|
 |
2
felix021 Jan 14, 2014
弄个denyhosts跑着吧。
|
 |
3
cloudzhou Jan 14, 2014
这个是扫描,没有太好的方法,我的一般策略就是使用 2222 来替代标准 22 端口
|
 |
4
vibbow Jan 15, 2014
|
Select Language