- 论坛徽章:
- 0
|
下面是我截取的/var/log/secure部分内容:
第一部分:
Sep 11 11:52:12 ssenp sshd[29960]: Failed password for invalid user pooyan from 124.127.125.2 port 47257 ssh2
Sep 11 11:52:12 ssenp sshd[29961]: Received disconnect from 124.127.125.2: 11: Bye Bye
Sep 11 11:52:12 ssenp sshd[29962]: Failed password for invalid user wwan from 124.127.125.2 port 41331 ssh2
Sep 11 11:52:12 ssenp sshd[29963]: Received disconnect from 124.127.125.2: 11: Bye Bye
Sep 11 11:52:12 ssenp sshd[29964]: Invalid user wegu from 124.127.125.2
Sep 11 11:52:12 ssenp sshd[29964]: Address 124.127.125.2 maps to mail.navinfo.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sep 11 11:52:12 ssenp sshd[29965]: input_userauth_request: invalid user wegu
Sep 11 11:52:12 ssenp sshd[29964]: pam_unix(sshd:auth): check pass; user unknown
Sep 11 11:52:12 ssenp sshd[29964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.127.125.2
Sep 11 11:52:12 ssenp sshd[29964]: pam_succeed_if(sshd:auth): error retrieving information about user wegu
Sep 11 11:52:12 ssenp sshd[29966]: Invalid user guozhe from 124.127.125.2
Sep 11 11:52:12 ssenp sshd[29966]: Address 124.127.125.2 maps to mail.navinfo.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sep 11 11:52:12 ssenp sshd[29967]: input_userauth_request: invalid user guozhe
Sep 11 11:52:12 ssenp sshd[29966]: pam_unix(sshd:auth): check pass; user unknown
Sep 11 11:52:12 ssenp sshd[29966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.127.125.2
Sep 11 11:52:12 ssenp sshd[29966]: pam_succeed_if(sshd:auth): error retrieving information about user guozhe
第二部分:
Sep 14 22:20:30 ssenp sshd[6613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sd-27673.dedibox.fr user=root
Sep 14 22:20:32 ssenp sshd[6613]: Failed password for root from 88.191.145.142 port 44339 ssh2
Sep 14 22:20:32 ssenp sshd[6614]: Received disconnect from 88.191.145.142: 11: Bye Bye
Sep 14 22:20:35 ssenp sshd[6615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sd-27673.dedibox.fr user=root
Sep 14 22:20:36 ssenp sshd[6615]: Failed password for root from 88.191.145.142 port 44644 ssh2
Sep 14 22:20:37 ssenp sshd[6616]: Received disconnect from 88.191.145.142: 11: Bye Bye
Sep 14 22:20:39 ssenp sshd[6617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sd-27673.dedibox.fr user=root
Sep 14 22:20:41 ssenp sshd[6617]: Failed password for root from 88.191.145.142 port 53963 ssh2
Sep 14 22:20:42 ssenp sshd[6618]: Received disconnect from 88.191.145.142: 11: Bye Bye
Sep 14 22:20:44 ssenp sshd[6619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sd-27673.dedibox.fr user=root
Sep 14 22:20:46 ssenp sshd[6619]: Failed password for root from 88.191.145.142 port 54251 ssh2
Sep 14 22:20:46 ssenp sshd[6620]: Received disconnect from 88.191.145.142: 11: Bye Bye
Sep 14 22:20:51 ssenp sshd[6621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sd-27673.dedibox.fr user=root
Sep 14 22:20:53 ssenp sshd[6621]: Failed password for root from 88.191.145.142 port 54537 ssh2
Sep 14 22:20:53 ssenp sshd[6622]: Received disconnect from 88.191.145.142: 11: Bye Bye
Sep 14 22:20:57 ssenp sshd[6623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sd-27673.dedibox.fr user=root
Sep 14 22:20:59 ssenp sshd[6623]: Failed password for root from 88.191.145.142 port 54933 ssh2
我的判断是有人使用ssh连接我的主机。
主机名是ssenp
其中第一段中的那些用户pooyan、wwan、wegu、guozhe....都不是我的系统用户,其中出现的ip也不是我连接的用的,也不是服务器ip
还有那个Address 124.127.125.2 maps to mail.navinfo.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!怎么解释
有知道的帮忙分析下,谢谢大家了。 |
|