Oct 6 08:11:10 jeruk sshd(pam_unix)[21960]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:15 jeruk sshd(pam_unix)[21963]: check pass; user unknown
Oct 6 08:11:15 jeruk sshd(pam_unix)[21963]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:20 jeruk sshd(pam_unix)[21966]: check pass; user unknown
Oct 6 08:11:20 jeruk sshd(pam_unix)[21966]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:25 jeruk sshd(pam_unix)[21968]: check pass; user unknown
Oct 6 08:11:25 jeruk sshd(pam_unix)[21968]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:30 jeruk sshd(pam_unix)[21971]: check pass; user unknown
Oct 6 08:11:30 jeruk sshd(pam_unix)[21971]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:33 jeruk kernel: Blocked: IN=eth1 OUT= MAC=00:10:18:2f:78:31:00:d0:d0:36:d3:42:08:00 SRC=61.167.49.106 DST=60.52.204.6 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=34905 DF PROTO=TCP SPT=37951 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
serangan diatas telah berjaya ditangkis dan diletakkan didalam senarai hitam.. maka kepada sesiapa penjahat yang telah gagal menceroboh kebun saya anda bakal berdepan dengan masalah. berikut adalah comand iptables bagi menangkis si penjahat2 dia alam maya ini.
/sbin/iptables -N SSH
/sbin/iptables -N SSH_BLACKLIST
/sbin/iptables -A SSH_BLACKLIST -m recent --name SSH_COUNTER --set -j LOG --log-level warn --log-prefix "Blocked: "
/sbin/iptables -A SSH_BLACKLIST -j REJECT
/sbin/iptables -A SSH -m recent --name SSH_COUNTER --update --seconds 300 -j REJECT
/sbin/iptables -A SSH -m recent --name SSH --rcheck --seconds 60 --hitcount 5 -j SSH_BLACKLIST
/sbin/iptables -A SSH -m recent --name SSH --rcheck --seconds 2 -j LOG --log-level warn --log-prefix "Added: "
/sbin/iptables -A SSH -m recent --name SSH --update --seconds 2 -j REJECT
/sbin/iptables -A SSH -m recent --name SSH_COUNTER --remove -j LOG --log-level warn --log-prefix "Removed: "
/sbin/iptables -A SSH -m recent --name SSH --set -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -p tcp -m tcp --dport 22 -j SSH
Tiada ulasan:
Catat Ulasan