Angriffe in den letzten beiden Tagen ...

Rund um die Sicherheit des Systems und die Applikationen
bpr1988
Posts: 3
Joined: 2010-01-04 20:49

Angriffe in den letzten beiden Tagen ...

Post by bpr1988 » 2010-01-04 21:13

Hallo ich wurde mehrfach in den letzten beiden Tagen angegriffen und zweimal ist der Server down gegangen. Ich habe bereits meinen SSH umgeleitet auf einen anderen Port, root login und alles ist aus, anmeldung ist nur per schluesselpaar moeglich.

ich habe fail2ban laufen, jedoch bannt er keine ips ? das obwohl ich unter /etc/fail2ban/ die config eingestellt habe fuer ssh und apache : /
Da vermehrt Angriffe auf meinen Server waren in den letzten 48 Stunden, habe ich die ganze Zeit tail -f /var/log/messages laufen und schaue immer mal wieder rauf, wenn ich surfe. Nach dem Einkaufen meinte ein Freund, dass unser Forum (www.entwickler-runde.de) down ist, ein Blick auf die Logs zeigte mir, dass ich wieder angegriffen worden bin und der Server nun Down ist. Hier einmal die letzten Log Eintraege, die ich an hatte:

Code: Select all

Jan  4 17:10:38 gameservershome sshd[16355]: reverse mapping checking getaddrinfo for fw.tablemac.com [200.13.253.122] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan  4 17:10:38 gameservershome sshd[16355]: Invalid user cvs from 200.13.253.122
Jan  4 17:12:29 gameservershome sshd[16365]: Invalid user cvs from 205.232.166.6
Jan  4 17:12:57 gameservershome sshd[16374]: Invalid user dan from 89.181.112.226
Jan  4 17:13:00 gameservershome sshd[16376]: Invalid user jenkins from 89.181.112.226
Jan  4 17:13:02 gameservershome sshd[16378]: Invalid user jonhattan from 89.181.112.226
Jan  4 17:13:05 gameservershome sshd[16380]: Invalid user allcomputersystems from 89.181.112.226
Jan  4 17:13:15 gameservershome sshd[16386]: Invalid user jai from 89.181.112.226
Jan  4 17:13:19 gameservershome sshd[16390]: Invalid user prabhu from 89.181.112.226
Jan  4 17:13:24 gameservershome sshd[16392]: Invalid user funk from 89.181.112.226
Jan  4 17:13:30 gameservershome sshd[16396]: Invalid user mhi from 89.181.112.226
Jan  4 17:13:33 gameservershome sshd[16398]: Invalid user vino from 89.181.112.226
Jan  4 17:13:41 gameservershome sshd[16401]: Invalid user inn from 89.181.112.226
Jan  4 17:13:43 gameservershome sshd[16404]: Invalid user shan from 89.181.112.226
Jan  4 17:14:37 gameservershome sshd[16438]: Invalid user cvs from 202.153.229.198
Jan  4 17:16:21 gameservershome sshd[16480]: Invalid user cvs from 196.3.166.128
Jan  4 17:18:23 gameservershome sshd[16487]: Invalid user cvs from 84.246.69.21
Jan  4 17:22:15 gameservershome sshd[16502]: Invalid user cvsup from 200.142.77.236
Jan  4 17:24:12 gameservershome sshd[16510]: reverse mapping checking getaddrinfo for static-ip-cr1901468058.cable.net.co [190.146.80.58] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan  4 17:24:12 gameservershome sshd[16510]: Invalid user cvsupin from 190.146.80.58
Jan  4 17:26:03 gameservershome sshd[16524]: Invalid user cwang from 193.174.152.195
Jan  4 17:31:58 gameservershome sshd[16614]: Invalid user cwchang from 193.138.250.159
Jan  4 17:34:05 gameservershome sshd[16623]: Invalid user cyb from 83.64.222.58
Jan  4 17:35:57 gameservershome sshd[16625]: Invalid user cyber from 199.33.217.42
Jan  4 17:37:57 gameservershome sshd[16628]: Invalid user cybev from 130.89.10.78
Jan  4 17:40:13 gameservershome sshd[16630]: Invalid user cychang from 80.37.88.65
Jan  4 17:41:58 gameservershome sshd[16656]: Invalid user cychao from 199.33.217.42
Jan  4 17:44:01 gameservershome sshd[16660]: Invalid user cychen from 60.30.26.187
Jan  4 17:46:04 gameservershome sshd[16683]: Invalid user cyeh from 93.153.215.26
Jan  4 17:48:06 gameservershome sshd[16686]: Invalid user cyh from 60.240.249.92
Jan  4 17:50:01 gameservershome sshd[16688]: Invalid user cyho from 67.63.223.23
Jan  4 17:52:02 gameservershome sshd[16692]: Invalid user cyku from 196.30.141.132
Jan  4 17:54:06 gameservershome sshd[16696]: Invalid user cylee from 70.104.137.12
Jan  4 17:56:08 gameservershome sshd[16699]: Invalid user cyliang from 84.40.139.54
Jan  4 17:58:05 gameservershome sshd[16752]: Invalid user cylin from 58.60.106.24
Jan  4 18:00:01 gameservershome /usr/sbin/cron[16764]: (root) CMD (perl /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www.entwickler-runde.de -update >> /tmp/awstatsupdate)
Jan  4 18:00:02 gameservershome sshd[16785]: Invalid user cynthia from 130.89.10.78
Jan  4 18:02:12 gameservershome sshd[16787]: Invalid user cyr from 211.115.234.143
Jan  4 18:04:06 gameservershome sshd[16798]: Invalid user cyrano from 130.89.10.78
Jan  4 18:06:11 gameservershome sshd[16801]: Invalid user cyril from 61.74.75.56
Jan  4 18:08:09 gameservershome sshd[16808]: Invalid user cyrus from 193.127.37.9
Jan  4 18:08:34 gameservershome syslog-ng[1630]: Log statistics; dropped='pipe(/dev/xconsole)=0', dropped='pipe(/dev/tty10)=0', processed='center(queued)=6542', processed='center(received)=5790', processed='destination(newsnotice)=0', processed='destination(acpid)=0', processed='destination(firewall)=3625', processed='destination(null)=0', processed='destination(mail)=782', processed='destination(mailinfo)=615', processed='destination(console)=18', processed='destination(newserr)=0', processed='destination(newscrit)=0', processed='destination(messages)=1383', processed='destination(mailwarn)=37', processed='destination(localmessages)=2', processed='destination(netmgm)=0', processed='destination(mailerr)=1', processed='destination(xconsole)=18', processed='destination(warn)=61', processed='source(src)=5790'
Jan  4 18:10:14 gameservershome sshd[16819]: Invalid user cytsao from 193.174.152.195
Jan  4 18:12:19 gameservershome sshd[16821]: Invalid user cywu from 132.230.36.60
Jan  4 18:14:20 gameservershome sshd[16848]: Invalid user d01 from 142.103.235.8
Jan  4 18:18:35 gameservershome sshd[16895]: Invalid user d03 from 87.139.25.251
Jan  4 18:20:38 gameservershome sshd[16898]: Invalid user d04 from 83.149.227.134
Jan  4 18:22:39 gameservershome sshd[16902]: Invalid user d05 from 91.90.24.250
Jan  4 18:24:50 gameservershome sshd[16907]: Invalid user daisy from 84.246.69.21
Jan  4 18:26:54 gameservershome sshd[16910]: Invalid user dak from 195.251.15.4
Jan  4 18:28:50 gameservershome named[3781]: client 193.47.99.3#36768: query (cache) 'raffael-otte.de/SOA/IN' denied
Jan  4 18:29:04 gameservershome sshd[16928]: Invalid user dale from 81.222.236.2
Jan  4 18:31:08 gameservershome sshd[16954]: Invalid user dance from 93.153.215.26
Jan  4 18:35:31 gameservershome sshd[16973]: Invalid user dance from 124.31.204.53
Jan  4 18:37:50 gameservershome sshd[16975]: reverse mapping checking getaddrinfo for static-ip-cr19014624636.cable.net.co [190.146.246.36] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan  4 18:37:50 gameservershome sshd[16975]: Invalid user dance from 190.146.246.36
Jan  4 18:40:42 gameservershome named[3781]: client 213.133.105.6#54143: query (cache) 'raffael-otte.de/SOA/IN' denied
Jan  4 18:41:46 gameservershome sshd[16985]: Invalid user dance from 213.246.42.69
Jan  4 18:43:57 gameservershome sshd[16991]: Invalid user dance from 190.34.172.5
Jan  4 18:46:05 gameservershome sshd[17024]: reverse mapping checking getaddrinfo for pbc-02-servant-slave.publiccom.cz [89.235.30.186] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan  4 18:46:05 gameservershome sshd[17024]: Invalid user daniel from 89.235.30.186
Jan  4 18:48:19 gameservershome sshd[17037]: Invalid user dank from 149.89.1.27
Jan  4 18:50:24 gameservershome sshd[17043]: Invalid user dar from 18.208.0.160
Jan  4 18:52:36 gameservershome sshd[17046]: Invalid user darin from 212.192.189.42
Jan  4 18:54:50 gameservershome sshd[17051]: Invalid user darren from 92.48.127.202
Jan  4 18:57:01 gameservershome sshd[17060]: Invalid user dashi from 195.80.118.50
Jan  4 18:59:11 gameservershome sshd[17069]: Invalid user daury from 69.112.187.173
Jan  4 19:00:01 gameservershome /usr/sbin/cron[17074]: (root) CMD (perl /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www.entwickler-runde.de -update >> /tmp/awstatsupdate)
Jan  4 19:03:37 gameservershome sshd[17098]: Invalid user davidh from 81.222.236.2
Jan  4 19:05:52 gameservershome sshd[17100]: Invalid user davidwu from 61.74.75.62
Jan  4 19:08:11 gameservershome sshd[17107]: Invalid user dawei from 217.8.61.146
Jan  4 19:08:34 gameservershome syslog-ng[1630]: Log statistics; dropped='pipe(/dev/xconsole)=0', dropped='pipe(/dev/tty10)=0', processed='center(queued)=6816', processed='center(received)=6045', processed='destination(newsnotice)=0', processed='destination(acpid)=0', processed='destination(firewall)=3825', processed='destination(null)=0', processed='destination(mail)=807', processed='destination(mailinfo)=634', processed='destination(console)=18', processed='destination(newserr)=0', processed='destination(newscrit)=0', processed='destination(messages)=1413', processed='destination(mailwarn)=37', processed='destination(localmessages)=2', processed='destination(netmgm)=0', processed='destination(mailerr)=1', processed='destination(xconsole)=18', processed='destination(warn)=61', processed='source(src)=6045'
Jan  4 19:09:31 gameservershome sshd[17111]: Invalid user test from 66.241.66.199
Jan  4 19:10:13 gameservershome sshd[17116]: Invalid user daynight from 120.132.134.130
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: renewing lease of 88.198.14.170
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: leased 88.198.14.170 for 172800 seconds
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: removing default route via 88.198.14.161 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding IP address 88.198.14.170/27
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
Jan  4 19:11:23 gameservershome ifup:     eth0      device: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 01)


Sehr haeufig ist mir in anderen logs auch folgendes aufgefallen:

Code: Select all

checking getaddrinfo for fw.tablemac.com [200.13.253.122] failed - POSSIBLE BREAK-IN ATTEMPT!
natuerlich von anderen Ip Adressen.

Was soll ich denn nun machen ?

Ich habe ein Komplettes Backup von Gestern von den Ordnern:
/srv/www/
/var/log

Wie sollte ich nun weiter vorgehen, was sollte ich einstellen?
Mein System ist OpenSuse 11.2

Roger Wilco
Administrator
Administrator
Posts: 5924
Joined: 2004-05-23 12:53

Re: Angriffe in den letzten beiden Tagen ...

Post by Roger Wilco » 2010-01-04 21:25

Das ist übliches Hintergrundrauschen an deinem sshd. Nichts ungewöhnliches oder etwas, das einem Sorgen machen müsste.

Es sieht eher so aus, als ob dein dhcpcd verrückt gespielt hat. Aus dem gleichen Grund war vermutlich auch dein Server nicht mehr zu erreichen.

bpr1988
Posts: 3
Joined: 2010-01-04 20:49

Re: Angriffe in den letzten beiden Tagen ...

Post by bpr1988 » 2010-01-04 21:28

Danke Roger Wilco fuer die schnelle Antwort.
Ich muss bestaetigen, dass bei dem letzten Absturz der gleiche Fehler vorhanden war, sprich, dass der dhcpd eine Masse an Meldungen ausgespuckt hat. Das koennte wohl damit zusammen haengen, dass ich ueber yast meinen Hostnamen und die Domaene geaendert hatte. Was meinst du ? Koennte das der plausible Grund sein?

Gruss
Bjoern

bpr1988
Posts: 3
Joined: 2010-01-04 20:49

Re: Angriffe in den letzten beiden Tagen ...

Post by bpr1988 » 2010-01-04 21:47

Auch dir ein Danke matzewe01,
ich habe hier einmal die Log von Fail2Ban. Ich habe es uebrigens NACH dem ersten Absturz installiert.

Code: Select all

 1 2010-01-03 21:15:43,683 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
  2 2010-01-04 13:41:03,997 fail2ban.server : INFO   Exiting Fail2ban
  3 2010-01-04 13:41:04,475 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
  4 2010-01-04 13:41:04,477 fail2ban.jail   : INFO   Creating new jail 'ssh-iptables'
  5 2010-01-04 13:41:04,478 fail2ban.jail   : INFO   Jail 'ssh-iptables' uses poller
  6 2010-01-04 13:41:04,516 fail2ban.filter : INFO   Set maxRetry = 5
  7 2010-01-04 13:41:04,519 fail2ban.filter : INFO   Set findtime = 600
  8 2010-01-04 13:41:04,520 fail2ban.actions: INFO   Set banTime = 600
  9 2010-01-04 13:41:04,671 fail2ban.jail   : INFO   Creating new jail 'apache-tcpwrapper'
 10 2010-01-04 13:41:04,671 fail2ban.jail   : INFO   Jail 'apache-tcpwrapper' uses poller
 11 2010-01-04 13:41:04,673 fail2ban.filter : INFO   Set maxRetry = 6
 12 2010-01-04 13:41:04,675 fail2ban.filter : INFO   Set findtime = 600
 13 2010-01-04 13:41:04,677 fail2ban.actions: INFO   Set banTime = 600
 14 2010-01-04 13:41:04,693 fail2ban.jail   : INFO   Creating new jail 'apache-badbots'
 15 2010-01-04 13:41:04,694 fail2ban.jail   : INFO   Jail 'apache-badbots' uses poller
 16 2010-01-04 13:41:04,696 fail2ban.filter : INFO   Added logfile = /var/log/apache2/kube.com-access_log
 17 2010-01-04 13:41:04,698 fail2ban.filter : INFO   Added logfile = /var/log/apache2/gameservershome-access_log
 18 2010-01-04 13:41:04,699 fail2ban.filter : INFO   Added logfile = /var/log/apache2/entwickler-runde-access_log
 19 2010-01-04 13:41:04,701 fail2ban.filter : INFO   Added logfile = /var/log/apache2/tutorialbase.bjoern-schwabe-access_log
 20 2010-01-04 13:41:04,703 fail2ban.filter : INFO   Added logfile = /var/log/apache2/phpboard-access_log
 21 2010-01-04 13:41:04,705 fail2ban.filter : INFO   Added logfile = /var/log/apache2/gameservershome.com-access_log
 22 2010-01-04 13:41:04,707 fail2ban.filter : INFO   Added logfile = /var/log/apache2/access_log
 23 2010-01-04 13:41:04,709 fail2ban.filter : INFO   Added logfile = /var/log/apache2/toplist-access_log
 24 2010-01-04 13:41:04,711 fail2ban.filter : INFO   Added logfile = /var/log/apache2/gfx-toplist.bjoern-schwabe.de-access_log
 25 2010-01-04 13:41:04,714 fail2ban.filter : INFO   Added logfile = /var/log/apache2/bjoern-schwabe-access_log
 26 2010-01-04 13:41:04,716 fail2ban.filter : INFO   Added logfile = /var/log/apache2/tutbase.bjoern-schwabe.de-access_log
 27 2010-01-04 13:41:04,719 fail2ban.filter : INFO   Added logfile = /var/log/apache2/raffael-otte-access_log
 28 2010-01-04 13:41:04,722 fail2ban.filter : INFO   Added logfile = /var/log/apache2/destiny.com-access_log
 29 2010-01-04 13:41:04,725 fail2ban.filter : INFO   Set maxRetry = 1
 30 2010-01-04 13:41:04,727 fail2ban.filter : INFO   Set findtime = 600
 31 2010-01-04 13:41:04,729 fail2ban.actions: INFO   Set banTime = 172800
 32 2010-01-04 13:41:04,795 fail2ban.jail   : INFO   Jail 'ssh-iptables' started
 33 2010-01-04 13:41:04,806 fail2ban.jail   : INFO   Jail 'apache-tcpwrapper' started
 34 2010-01-04 13:41:04,822 fail2ban.jail   : INFO   Jail 'apache-badbots' started
 35 2010-01-04 13:49:54,814 fail2ban.jail   : INFO   Jail 'apache-tcpwrapper' stopped
 36 2010-01-04 13:49:55,274 fail2ban.jail   : INFO   Jail 'apache-badbots' stopped
 37 2010-01-04 13:49:56,012 fail2ban.jail   : INFO   Jail 'ssh-iptables' stopped
 38 2010-01-04 13:49:56,029 fail2ban.server : INFO   Exiting Fail2ban
 39 2010-01-04 13:49:57,215 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
 40 2010-01-04 13:49:57,217 fail2ban.jail   : INFO   Creating new jail 'ssh-iptables'
 41 2010-01-04 13:49:57,217 fail2ban.jail   : INFO   Jail 'ssh-iptables' uses poller
 42 2010-01-04 13:49:57,255 fail2ban.filter : INFO   Set maxRetry = 5
 43 2010-01-04 13:49:57,258 fail2ban.filter : INFO   Set findtime = 600
 44 2010-01-04 13:49:57,259 fail2ban.actions: INFO   Set banTime = 600
 45 2010-01-04 13:49:57,407 fail2ban.jail   : INFO   Creating new jail 'apache-tcpwrapper'
 46 2010-01-04 13:49:57,408 fail2ban.jail   : INFO   Jail 'apache-tcpwrapper' uses poller
 47 2010-01-04 13:49:57,410 fail2ban.filter : INFO   Set maxRetry = 6
 48 2010-01-04 13:49:57,412 fail2ban.filter : INFO   Set findtime = 600
 49 2010-01-04 13:49:57,414 fail2ban.actions: INFO   Set banTime = 600
 50 2010-01-04 13:49:57,430 fail2ban.jail   : INFO   Creating new jail 'apache-badbots'
 51 2010-01-04 13:49:57,431 fail2ban.jail   : INFO   Jail 'apache-badbots' uses poller
 52 2010-01-04 13:49:57,433 fail2ban.filter : INFO   Added logfile = /var/log/apache2/kube.com-access_log
 53 2010-01-04 13:49:57,435 fail2ban.filter : INFO   Added logfile = /var/log/apache2/gameservershome-access_log
 54 2010-01-04 13:49:57,436 fail2ban.filter : INFO   Added logfile = /var/log/apache2/entwickler-runde-access_log
 55 2010-01-04 13:49:57,438 fail2ban.filter : INFO   Added logfile = /var/log/apache2/tutorialbase.bjoern-schwabe-access_log
 56 2010-01-04 13:49:57,440 fail2ban.filter : INFO   Added logfile = /var/log/apache2/phpboard-access_log
 57 2010-01-04 13:49:57,442 fail2ban.filter : INFO   Added logfile = /var/log/apache2/gameservershome.com-access_log


Ich glaube ich habe das Problem gefunden:

Code: Select all

31624 Jan  4 19:11:53 gameservershome dhcpcd[2776]: eth0: Failed to lookup hostname via DNS: Temporary failure in name resolution


Die Zeilen vor dieser Zeile sind:

Code: Select all

31575 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31576 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31577 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31578 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31579 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31580 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31581 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31582 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31583 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31584 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31585 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31586 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31587 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31588 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31589 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31590 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31591 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31592 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31593 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31594 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31595 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31596 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31597 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31598 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31599 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31600 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31601 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31602 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31603 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31604 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31605 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31606 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31607 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31608 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31609 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31610 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31611 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31612 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31613 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31614 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31615 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/32 metric 0
31616 Jan  4 19:11:23 gameservershome dhcpcd[2776]: eth0: adding route to 0.0.0.0/0 metric 0
31617 Jan  4 19:11:23 gameservershome ifup:     eth0      device: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev       01)
31618 Jan  4 19:11:23 gameservershome SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
31619 Jan  4 19:11:23 gameservershome SuSEfirewall2: using default zone 'ext' for interface eth0
31620 Jan  4 19:11:24 gameservershome SuSEfirewall2: batch committing...
31621 Jan  4 19:11:24 gameservershome SuSEfirewall2: Firewall rules successfully set
31622 Jan  4 19:11:25 gameservershome syslog-ng[1630]: Configuration reload request received, reloading configuration;
31623 Jan  4 19:11:25 gameservershome syslog-ng[1630]: New configuration initialized;


und danach :

Code: Select all

31625 Jan  4 19:12:27 gameservershome kernel: klogd 1.4.1, ---------- state change ----------
31626 Jan  4 19:25:41 gameservershome syslog-ng[1590]: syslog-ng starting up; version='2.0.9'
31627 Jan  4 19:25:42 gameservershome SuSEfirewall2: batch committing...
31628 Jan  4 19:25:42 gameservershome SuSEfirewall2: Firewall rules set to CLOSE.
31629 Jan  4 19:25:44 gameservershome ifup:     lo
31630 Jan  4 19:25:44 gameservershome ifup:     lo
31631 Jan  4 19:25:44 gameservershome ifup: IP address: 127.0.0.1/8
31632 Jan  4 19:25:44 gameservershome ifup:
31633 Jan  4 19:25:44 gameservershome ifup:
31634 Jan  4 19:25:44 gameservershome ifup: IP address: 127.0.0.2/8
31635 Jan  4 19:25:44 gameservershome ifup:
31636 Jan  4 19:25:44 gameservershome ifup:     eth0      device: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev       01)
31637 Jan  4 19:25:44 gameservershome ifup-dhcp:     eth0      Starting DHCP4 client
31638 Jan  4 19:25:44 gameservershome dhcpcd[2381]: eth0: dhcpcd 3.2.3 starting
31639 Jan  4 19:25:44 gameservershome dhcpcd[2381]: eth0: hardware address = 00:19:db:f5:26:96
31640 Jan  4 19:25:44 gameservershome dhcpcd[2381]: eth0: broadcasting for a lease


usw.
Zwischen diesen beiden CodeAbschnitten fehlen 13 Minuten LogEintraege.
Das war der Zeitpunkt wo ich wieder nach Hause gekommen bin, mein Freund mir gesagt hat, dass der Server down ist und ich den Server neugestartet habe.

Anscheinend hat der DHCPD mit meiner neuen Einstellung ueber YAST ein Problem.
Schauen wir uns mal die Sachen vom Letzten Ausfall an:

Code: Select all

30036 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30037 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30038 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30039 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30040 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30041 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30042 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30043 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30044 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30045 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30046 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30047 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30048 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30049 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30050 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30051 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30052 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30053 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30054 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30055 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30056 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30057 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30058 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/32 metric 0
30059 Jan  3 18:40:49 gameservershome dhcpcd[16214]: eth0: adding route to 0.0.0.0/0 metric 0
30060 Jan  3 18:40:49 gameservershome ifup:     eth0      device: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev       01)
30061 Jan  3 18:40:50 gameservershome SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
30062 Jan  3 18:40:50 gameservershome SuSEfirewall2: using default zone 'ext' for interface eth0
30063 Jan  3 18:40:50 gameservershome SuSEfirewall2: batch committing...
30064 Jan  3 18:40:50 gameservershome SuSEfirewall2: Firewall rules successfully set
30065 Jan  3 18:40:51 gameservershome syslog-ng[1615]: Configuration reload request received, reloading configuration;
30066 Jan  3 18:40:51 gameservershome syslog-ng[1615]: New configuration initialized;
30067 Jan  3 18:41:19 gameservershome dhcpcd[16214]: eth0: Failed to lookup hostname via DNS: Temporary failure in name resolution


und danach:

Code: Select all

30068 Jan  3 18:41:21 gameservershome kernel: klogd 1.4.1, ---------- state change ----------
30069 Jan  3 19:00:01 gameservershome /usr/sbin/cron[31064]: (root) CMD (perl /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www.entwickler-runde.de -      update >> /tmp/awstatsupdate)
30070 Jan  3 19:08:30 gameservershome syslog-ng[1630]: syslog-ng starting up; version='2.0.9'
30071 Jan  3 19:08:30 gameservershome SuSEfirewall2: batch committing...
30072 Jan  3 19:08:30 gameservershome SuSEfirewall2: Firewall rules set to CLOSE.
30073 Jan  3 19:08:32 gameservershome ifup:     lo
30074 Jan  3 19:08:32 gameservershome ifup:     lo
30075 Jan  3 19:08:32 gameservershome ifup: IP address: 127.0.0.1/8
30076 Jan  3 19:08:32 gameservershome ifup:
30077 Jan  3 19:08:32 gameservershome ifup:
30078 Jan  3 19:08:32 gameservershome ifup: IP address: 127.0.0.2/8
30079 Jan  3 19:08:32 gameservershome ifup:
30080 Jan  3 19:08:32 gameservershome ifup:     eth0      device: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev       01)
30081 Jan  3 19:08:32 gameservershome ifup-dhcp:     eth0      Starting DHCP4 client


Gruss,
Bjoern

Anonymous

Re: Angriffe in den letzten beiden Tagen ...

Post by Anonymous » 2010-01-05 01:08

Ich hab dasselbe erlebt, aber mit fail2ban und wenig Modifikation koennte ich zumindest sowas verhindern :)
Hier ist wichtige Artikel, wie man SSH port absichern kann:
http://www.freiesmagazin.de/mobil/freie ... _absichern
Last edited by Anonymous on 2010-01-05 01:10, edited 1 time in total.