Werd ich gehackt?

[schwannek]

Sieht so aus als versucht jemand mit bruteforce auf meinen server zu zu greifen,

weiss nicht obs wirklich so ist aber sieht ja danach aus :)

Code: Select all

Sep 11 12:03:35 h1322948 sshd[22106]: Illegal user t1na from 88.191.14.57
Sep 11 12:03:36 h1322948 sshd[22159]: Illegal user t1na from 88.191.14.57
Sep 11 12:03:36 h1322948 sshd[22173]: Illegal user logic from 88.191.14.57
Sep 11 12:03:37 h1322948 sshd[22186]: Illegal user diablo from 88.191.14.57
Sep 11 12:03:38 h1322948 sshd[22194]: Illegal user b1ablo from 88.191.14.57
Sep 11 12:03:39 h1322948 sshd[22203]: Illegal user paradise from 88.191.14.57
Sep 11 12:03:39 h1322948 sshd[22218]: Illegal user paradisse from 88.191.14.57
Sep 11 12:03:40 h1322948 sshd[22237]: Illegal user baggio from 88.191.14.57
Sep 11 12:03:41 h1322948 sshd[22240]: Illegal user roberto from 88.191.14.57
Sep 11 12:03:42 h1322948 sshd[22260]: Illegal user kim from 88.191.14.57
Sep 11 12:03:42 h1322948 sshd[22273]: Illegal user space from 88.191.14.57
Sep 11 12:03:43 h1322948 sshd[22285]: Illegal user globe from 88.191.14.57
Sep 11 12:03:44 h1322948 sshd[22289]: Illegal user oscar from 88.191.14.57
Sep 11 12:03:44 h1322948 sshd[22302]: Illegal user simbol from 88.191.14.57
Sep 11 12:03:45 h1322948 sshd[22315]: Illegal user addicted from 88.191.14.57
Sep 11 12:03:46 h1322948 sshd[22331]: Illegal user red from 88.191.14.57
Sep 11 12:03:47 h1322948 sshd[22334]: Illegal user pink from 88.191.14.57
Sep 11 12:03:48 h1322948 sshd[22347]: Illegal user blue from 88.191.14.57
Sep 11 12:03:49 h1322948 sshd[22364]: Illegal user postgres from 88.191.14.57
Sep 11 12:03:50 h1322948 sshd[22377]: Illegal user accept from 88.191.14.57
Sep 11 12:03:51 h1322948 sshd[22390]: Illegal user leo from 88.191.14.57
Sep 11 12:03:51 h1322948 sshd[22402]: Illegal user zeppelin from 88.191.14.57
Sep 11 12:03:52 h1322948 sshd[22410]: Illegal user hacker from 88.191.14.57
Sep 11 12:03:53 h1322948 sshd[22430]: Illegal user olga from 88.191.14.57
Sep 11 12:03:54 h1322948 sshd[22445]: Illegal user boris from 88.191.14.57
Sep 11 12:03:54 h1322948 sshd[22457]: Illegal user mathew from 88.191.14.57
Sep 11 12:03:55 h1322948 sshd[22460]: Illegal user testing from 88.191.14.57
Sep 11 12:03:56 h1322948 sshd[22473]: Illegal user galaxy from 88.191.14.57
Sep 11 12:03:57 h1322948 sshd[22504]: Illegal user venice from 88.191.14.57
Sep 11 12:03:58 h1322948 sshd[22507]: Illegal user user3 from 88.191.14.57
Sep 11 12:03:59 h1322948 sshd[22520]: Illegal user sa from 88.191.14.57
Sep 11 12:04:00 h1322948 sshd[23557]: Illegal user acer from 88.191.14.57
Sep 11 12:04:00 h1322948 sshd[23569]: Illegal user angus from 88.191.14.57
Sep 11 12:04:01 h1322948 sshd[23572]: Illegal user mars from 88.191.14.57
Sep 11 12:04:02 h1322948 sshd[23588]: Illegal user cruz from 88.191.14.57
Sep 11 12:04:03 h1322948 sshd[23601]: Illegal user danny from 88.191.14.57
Sep 11 12:04:03 h1322948 sshd[23603]: Illegal user george from 88.191.14.57

sind ziemlich viele versuche auch über andere server also andere ip's.
kann ich z.b. so einstellen das nach 2 oder 3 falschen login versuchen über die selbe ip, diese für immer gesperrt wird (ausser ich schalte sie wieder manuell frei)

[Joe User]

Nichts Neues und völlig normal...

[schwannek]

vllt völlig normal aber sollte es mir desshalb völlig am arsch vorbei gehn?

vllt haste du ja auch eine antwort auf meine frage :)

wie ich NUR meine IP zulassen kann weiss ich, würds halt trotzdem gerne so machen wie ich im beitrag oben angesprochen habe

Code: Select all

iptables -A INPUT -s 80.142.0.0/16 --dport 22 -j ACCEPT
iptables -A INPUT --dport 22 -j DROP

[miker]

Einfach mal die Forensuche bemühen, dann findest du viele Posts mit Hinweisen auf fail2ban oder denyhosts.

[Joe User]

http://www.rootforum.org/forum/viewtopi ... 101#287101