恩山无线论坛

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
当贝投影
查看: 653|回复: 20

最近路由频繁嗝屁,然后想起来看看日志,这是不是被爆破了,要怎么整呢

[复制链接]
发表于 2022-5-15 07:10 | 显示全部楼层 |阅读模式
最近路由频繁嗝屁,然后想起来看看日志,这是不是被爆破了,要怎么整呢


Sun May 15 01:16:24 2022 auth.info sshd[11944]: Received disconnect from 139.28.231.174 port 54266:11: Bye Bye [preauth]
Sun May 15 01:16:24 2022 auth.info sshd[11944]: Disconnected from invalid user vagrant 139.28.231.174 port 54266 [preauth]
Sun May 15 01:16:25 2022 auth.info sshd[11961]: Invalid user support from 139.28.231.174 port 54316
Sun May 15 01:16:25 2022 auth.err sshd[11961]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:25 2022 auth.info sshd[11961]: Failed password for invalid user support from 139.28.231.174 port 54316 ssh2
Sun May 15 01:16:25 2022 auth.info sshd[11961]: Received disconnect from 139.28.231.174 port 54316:11: Bye Bye [preauth]
Sun May 15 01:16:25 2022 auth.info sshd[11961]: Disconnected from invalid user support 139.28.231.174 port 54316 [preauth]
Sun May 15 01:16:27 2022 auth.info sshd[11978]: Invalid user debian from 139.28.231.174 port 54394
Sun May 15 01:16:27 2022 auth.err sshd[11978]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:27 2022 auth.info sshd[11978]: Failed password for invalid user debian from 139.28.231.174 port 54394 ssh2
Sun May 15 01:16:27 2022 auth.info sshd[11978]: Received disconnect from 139.28.231.174 port 54394:11: Bye Bye [preauth]
Sun May 15 01:16:27 2022 auth.info sshd[11978]: Disconnected from invalid user debian 139.28.231.174 port 54394 [preauth]
Sun May 15 01:16:29 2022 auth.info sshd[11998]: Invalid user ubuntu from 139.28.231.174 port 54524
Sun May 15 01:16:29 2022 auth.err sshd[11998]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:29 2022 auth.info sshd[11998]: Failed password for invalid user ubuntu from 139.28.231.174 port 54524 ssh2
Sun May 15 01:16:29 2022 auth.info sshd[11998]: Received disconnect from 139.28.231.174 port 54524:11: Bye Bye [preauth]
Sun May 15 01:16:29 2022 auth.info sshd[11998]: Disconnected from invalid user ubuntu 139.28.231.174 port 54524 [preauth]
Sun May 15 01:16:31 2022 auth.info sshd[12019]: Invalid user debian from 139.28.231.174 port 54646
Sun May 15 01:16:31 2022 auth.err sshd[12019]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:31 2022 auth.info sshd[12019]: Failed password for invalid user debian from 139.28.231.174 port 54646 ssh2
Sun May 15 01:16:31 2022 auth.info sshd[12019]: Received disconnect from 139.28.231.174 port 54646:11: Bye Bye [preauth]
Sun May 15 01:16:31 2022 auth.info sshd[12019]: Disconnected from invalid user debian 139.28.231.174 port 54646 [preauth]
Sun May 15 01:16:33 2022 auth.info sshd[12036]: Invalid user ubuntu from 139.28.231.174 port 54716
Sun May 15 01:16:33 2022 auth.err sshd[12036]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:33 2022 auth.info sshd[12036]: Failed password for invalid user ubuntu from 139.28.231.174 port 54716 ssh2
Sun May 15 01:16:33 2022 auth.info sshd[12036]: Received disconnect from 139.28.231.174 port 54716:11: Bye Bye [preauth]
Sun May 15 01:16:33 2022 auth.info sshd[12036]: Disconnected from invalid user ubuntu 139.28.231.174 port 54716 [preauth]
Sun May 15 01:16:34 2022 auth.info sshd[12072]: Invalid user alarm from 139.28.231.174 port 54788
Sun May 15 01:16:34 2022 auth.err sshd[12072]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:34 2022 auth.info sshd[12072]: Failed password for invalid user alarm from 139.28.231.174 port 54788 ssh2
Sun May 15 01:16:35 2022 auth.info sshd[12072]: Received disconnect from 139.28.231.174 port 54788:11: Bye Bye [preauth]
Sun May 15 01:16:35 2022 auth.info sshd[12072]: Disconnected from invalid user alarm 139.28.231.174 port 54788 [preauth]
Sun May 15 01:16:36 2022 auth.info sshd[12093]: Invalid user guest from 139.28.231.174 port 54854
Sun May 15 01:16:36 2022 auth.err sshd[12093]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:36 2022 auth.info sshd[12093]: Failed password for invalid user guest from 139.28.231.174 port 54854 ssh2
Sun May 15 01:16:36 2022 auth.info sshd[12093]: Received disconnect from 139.28.231.174 port 54854:11: Bye Bye [preauth]
Sun May 15 01:16:36 2022 auth.info sshd[12093]: Disconnected from invalid user guest 139.28.231.174 port 54854 [preauth]
Sun May 15 01:16:38 2022 auth.info sshd[12110]: Invalid user test from 139.28.231.174 port 54934
Sun May 15 01:16:38 2022 auth.err sshd[12110]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:38 2022 auth.info sshd[12110]: Failed password for invalid user test from 139.28.231.174 port 54934 ssh2
Sun May 15 01:16:38 2022 auth.info sshd[12110]: Received disconnect from 139.28.231.174 port 54934:11: Bye Bye [preauth]
Sun May 15 01:16:38 2022 auth.info sshd[12110]: Disconnected from invalid user test 139.28.231.174 port 54934 [preauth]
Sun May 15 01:16:39 2022 auth.info sshd[12127]: Invalid user cirros from 139.28.231.174 port 55040
Sun May 15 01:16:39 2022 auth.err sshd[12127]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:39 2022 auth.info sshd[12127]: Failed password for invalid user cirros from 139.28.231.174 port 55040 ssh2
Sun May 15 01:16:40 2022 auth.info sshd[12127]: Received disconnect from 139.28.231.174 port 55040:11: Bye Bye [preauth]
Sun May 15 01:16:40 2022 auth.info sshd[12127]: Disconnected from invalid user cirros 139.28.231.174 port 55040 [preauth]
Sun May 15 01:16:41 2022 auth.info sshd[12151]: Invalid user cirros from 139.28.231.174 port 55146
Sun May 15 01:16:41 2022 auth.err sshd[12151]: error: Could not get shadow information for NOUSER
Sun May 15 01:16:41 2022 auth.info sshd[12151]: Failed password for invalid user cirros from 139.28.231.174 port 55146 ssh2
Sun May 15 01:16:42 2022 auth.info sshd[12151]: Received disconnect from 139.28.231.174 port 55146:11: Bye Bye [preauth]
Sun May 15 01:16:42 2022 auth.info sshd[12151]: Disconnected from invalid user cirros 139.28.231.174 port 55146 [preauth]
Sun May 15 01:30:30 2022 auth.err sshd[13587]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 01:30:30 2022 auth.info sshd[13587]: Connection closed by 141.98.10.175 port 33620
Sun May 15 01:30:51 2022 auth.info sshd[13647]: Unable to negotiate with 141.98.10.175 port 44480: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 01:52:20 2022 auth.err sshd[15897]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 01:52:20 2022 auth.info sshd[15897]: Connection closed by 46.19.139.42 port 37972
Sun May 15 01:52:46 2022 auth.info sshd[15961]: Unable to negotiate with 46.19.139.42 port 39262: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:06:00 2022 auth.info sshd[17340]: Failed password for root from 111.67.207.224 port 53594 ssh2
Sun May 15 02:06:00 2022 auth.info sshd[17340]: Received disconnect from 111.67.207.224 port 53594:11:  [preauth]
Sun May 15 02:06:00 2022 auth.info sshd[17340]: Disconnected from authenticating user root 111.67.207.224 port 53594 [preauth]
Sun May 15 02:07:41 2022 auth.err sshd[17534]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 02:07:41 2022 auth.info sshd[17534]: Connection closed by 46.19.139.42 port 58978
Sun May 15 02:07:57 2022 auth.info sshd[17571]: Unable to negotiate with 46.19.139.42 port 54886: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:15:42 2022 auth.err sshd[18406]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 02:15:42 2022 auth.info sshd[18406]: Connection closed by 141.98.10.157 port 34988
Sun May 15 02:22:17 2022 auth.info sshd[19101]: Failed password for root from 111.67.207.224 port 55102 ssh2
Sun May 15 02:22:17 2022 auth.info sshd[19101]: Received disconnect from 111.67.207.224 port 55102:11:  [preauth]
Sun May 15 02:22:17 2022 auth.info sshd[19101]: Disconnected from authenticating user root 111.67.207.224 port 55102 [preauth]
Sun May 15 02:24:15 2022 auth.err sshd[19324]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 02:24:15 2022 auth.info sshd[19324]: Connection closed by 157.245.102.177 port 43646
Sun May 15 02:27:10 2022 auth.err sshd[19650]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 02:27:10 2022 auth.info sshd[19650]: Connection closed by 179.43.167.74 port 45408
Sun May 15 02:27:26 2022 auth.info sshd[19687]: Unable to negotiate with 179.43.167.74 port 42448: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:27:42 2022 auth.info sshd[19737]: Unable to negotiate with 179.43.167.74 port 36070: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:32:29 2022 auth.err sshd[20231]: error: kex_exchange_identification: Connection closed by remote host
Sun May 15 02:32:29 2022 auth.info sshd[20231]: Connection closed by 20.91.186.105 port 41428
Sun May 15 02:32:53 2022 auth.info sshd[20291]: Unable to negotiate with 20.91.186.105 port 48408: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:32:59 2022 auth.info sshd[20315]: Unable to negotiate with 20.91.186.105 port 57958: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:05 2022 auth.info sshd[20355]: Unable to negotiate with 20.91.186.105 port 39280: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:12 2022 auth.info sshd[20387]: Unable to negotiate with 20.91.186.105 port 48830: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:20 2022 auth.info sshd[20418]: Unable to negotiate with 20.91.186.105 port 58382: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:27 2022 auth.info sshd[20442]: Unable to negotiate with 20.91.186.105 port 39708: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:34 2022 auth.info sshd[20466]: Unable to negotiate with 20.91.186.105 port 49264: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:42 2022 auth.info sshd[20506]: Unable to negotiate with 20.91.186.105 port 58820: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:49 2022 auth.info sshd[20533]: Unable to negotiate with 20.91.186.105 port 40138: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:33:57 2022 auth.info sshd[20561]: Unable to negotiate with 20.91.186.105 port 49698: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:05 2022 auth.info sshd[20601]: Unable to negotiate with 20.91.186.105 port 59248: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:13 2022 auth.info sshd[20625]: Unable to negotiate with 20.91.186.105 port 40566: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:20 2022 auth.info sshd[20656]: Unable to negotiate with 20.91.186.105 port 50126: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:32 2022 auth.info sshd[20683]: Unable to negotiate with 20.91.186.105 port 59678: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:37 2022 auth.info sshd[20720]: Unable to negotiate with 20.91.186.105 port 41008: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:45 2022 auth.info sshd[20751]: Unable to negotiate with 20.91.186.105 port 50568: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:34:54 2022 auth.info sshd[20775]: Unable to negotiate with 20.91.186.105 port 60122: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:35:03 2022 auth.info sshd[20806]: Unable to negotiate with 20.91.186.105 port 41448: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:35:11 2022 auth.info sshd[20846]: Unable to negotiate with 20.91.186.105 port 51002: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Sun May 15 02:35:20 2022 auth.info sshd[20873]: Unable to negotiate with 20.91.186.105 port 60554: no matching key exchange method found. Their offer: diffie-

我的恩山、我的无线 The best wifi forum is right here.
发表于 2022-5-15 08:29 | 显示全部楼层
是遭到了攻击,直接开启了外部ssh?首先把外部进来的ping禁用掉,然后把ssh映射成高位端口或者不映射
我的恩山、我的无线 The best wifi forum is right here.
发表于 2022-5-15 09:16 | 显示全部楼层
被爆破了  不要暴露在公网就好了
我的恩山、我的无线 The best wifi forum is right here.
发表于 2022-5-15 09:16 | 显示全部楼层
用不到远程ssh的话,系统,管理权,SSH 访问,接口 选择 lan,端口号也可以改一下
我的恩山、我的无线 The best wifi forum is right here.
发表于 2022-5-15 10:07 | 显示全部楼层
被攻击ssh端口很正常…
你没必要的话,
就不要把ssh端口在外网暴露。

实在有需要就禁用密码登录,
只使用公钥证书登录,

再有就是把端口设置在30000-50000左右,
尽量给攻击者增加难度。

点评

按照这个思路,我改了端口,取消了密码登陆,用了秘钥,然后在看看会不会有连接。  详情 回复 发表于 2022-5-15 11:59
嗯,我尝试修改下,  详情 回复 发表于 2022-5-15 11:52
我的恩山、我的无线 The best wifi forum is right here.
发表于 2022-5-15 10:14 | 显示全部楼层
有远程ssh需求,最好是先连微批恩建立局域网环境,然后再连ssh
我的恩山、我的无线 The best wifi forum is right here.
 楼主| 发表于 2022-5-15 11:52 | 显示全部楼层
gaze 发表于 2022-5-15 10:07
被攻击ssh端口很正常…
你没必要的话,
就不要把ssh端口在外网暴露。

嗯,我尝试修改下,
我的恩山、我的无线 The best wifi forum is right here.
 楼主| 发表于 2022-5-15 11:59 | 显示全部楼层
gaze 发表于 2022-5-15 10:07
被攻击ssh端口很正常…
你没必要的话,
就不要把ssh端口在外网暴露。

按照这个思路,我改了端口,取消了密码登陆,用了秘钥,然后在看看会不会有连接。
我的恩山、我的无线 The best wifi forum is right here.
发表于 2022-5-15 16:39 | 显示全部楼层
水晶 发表于 2022-5-15 11:59
按照这个思路,我改了端口,取消了密码登陆,用了秘钥,然后在看看会不会有连接。

有肯定还是有的,
但是你不必担心了。
现在的RSA公钥体系,
估计黑客得算个几百年才能破解…^_^

点评

没解决 ,还是有,但是这样的话 日志会被堆满,然后 要不了一天我路由就假死,我需要重启,哎搞一天了  详情 回复 发表于 2022-5-15 22:19
我的恩山、我的无线 The best wifi forum is right here.
 楼主| 发表于 2022-5-15 22:19 | 显示全部楼层
gaze 发表于 2022-5-15 16:39
有肯定还是有的,
但是你不必担心了。
现在的RSA公钥体系,

没解决 ,还是有,但是这样的话 日志会被堆满,然后  要不了一天我路由就假死,我需要重启,哎搞一天了
我的恩山、我的无线 The best wifi forum is right here.
发表于 2022-5-15 22:24 | 显示全部楼层
你这是固定ip吗?
这么招惹黑客?

如果是动态ip,不至于吧?

实在不行如果你非要对外开ssh服务的话,可以考虑『敲端口』方式…

点评

我现在是直接把防火墙里的 入站数据拒绝了,不知道会有什么影响  详情 回复 发表于 2022-5-15 22:28
不是,我是拨号的,问题是重播,要不了多长时间就有了,ssh基本不用,关不掉。我吧drop哪一样禁止了,还是会有。所以我都纳闷了。  详情 回复 发表于 2022-5-15 22:27
我的恩山、我的无线 The best wifi forum is right here.
 楼主| 发表于 2022-5-15 22:27 | 显示全部楼层
gaze 发表于 2022-5-15 22:24
你这是固定ip吗?
这么招惹黑客?

不是,我是拨号的,问题是重播,要不了多长时间就有了,ssh基本不用,关不掉。我吧drop哪一样禁止了,还是会有。所以我都纳闷了。
我的恩山、我的无线 The best wifi forum is right here.
 楼主| 发表于 2022-5-15 22:28 | 显示全部楼层
gaze 发表于 2022-5-15 22:24
你这是固定ip吗?
这么招惹黑客?

我现在是直接把防火墙里的 入站数据拒绝了,不知道会有什么影响
我的恩山、我的无线 The best wifi forum is right here.
发表于 2022-5-15 22:28 | 显示全部楼层
至于LOG爆满问题,
你可以修改sshd_config里面的

SyslogFacility AUTH
LogLevel INFO

把log的水平改为QUIET从而不记录sshd的log

这样就不会把你的系统日志撑满了。


我的恩山、我的无线 The best wifi forum is right here.
发表于 2022-5-15 22:32 | 显示全部楼层
黑客攻击,不用管它,
没有证书的登录,sshd直接就拒绝了,,,根本就没有可能攻入你的路由器。

实在嫌烦,
可以设置失败次数和禁止时间,
缺省好像是3次,然后禁止2分钟…

你可以改为失败2次,禁止15分钟…

如此一来,
没啥黑客会对你这个ip地址有兴趣了…

点评

这个怎么设置次数的呢,老哥有啥别的联系方式没,想沟通下,这个搞的头疼  详情 回复 发表于 2022-5-15 22:33
我的恩山、我的无线 The best wifi forum is right here.
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|手机版|小黑屋|Archiver|恩山无线论坛(常州市恩山计算机开发有限公司版权所有) ( 苏ICP备05084872号 )|网站地图

GMT+8, 2022-6-30 06:51

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表