免费注册	查看新帖 \|


平台论坛博客文库

› 论坛 › 操作系统 › Linux系统管理 › 帮忙看下系统日志，是不是受到攻击啊

12 / 2 页下一页

最近访问板块

发新帖

查看: 2977 | 回复: 14

上一主题

下一主题

帮忙看下系统日志，是不是受到攻击啊 [复制链接]

论坛徽章:: 0

电梯直达

跳转到指定楼层

1楼 [收藏(0)] [报告]

发表于 2009-02-13 10:20 |只看该作者 |倒序浏览

这是在系统日志下面看到的...

Feb 11 20:43:07 itsm proftpd[32706]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:07 itsm proftpd[32707]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:08 itsm proftpd[32707]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:08 itsm proftpd[32708]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:09 itsm proftpd[32708]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:10 itsm proftpd[32710]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:10 itsm proftpd[32710]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:11 itsm proftpd[32712]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:11 itsm proftpd[32712]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:12 itsm proftpd[32713]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:12 itsm proftpd[32713]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:13 itsm proftpd[32715]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:14 itsm proftpd[32715]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:14 itsm proftpd[32716]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:15 itsm proftpd[32716]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:15 itsm proftpd[32718]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:16 itsm proftpd[32718]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:17 itsm proftpd[32721]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:17 itsm proftpd[32721]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:18 itsm proftpd[32724]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:18 itsm proftpd[32724]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:20 itsm proftpd[32726]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:20 itsm proftpd[32726]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:21 itsm proftpd[32730]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:21 itsm proftpd[32730]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:22 itsm proftpd[32735]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:22 itsm proftpd[32735]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:23 itsm proftpd[32737]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:23 itsm proftpd[32737]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:24 itsm proftpd[32741]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:25 itsm proftpd[32741]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:25 itsm proftpd[32742]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:26 itsm proftpd[32742]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:27 itsm proftpd[32750]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:27 itsm proftpd[32750]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:28 itsm proftpd[32752]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:28 itsm proftpd[32752]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:29 itsm proftpd[32756]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:30 itsm proftpd[32756]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:31 itsm proftpd[32758]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:31 itsm proftpd[32758]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:32 itsm proftpd[32762]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:32 itsm proftpd[32762]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:33 itsm proftpd[32764]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:34 itsm proftpd[32764]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:35 itsm proftpd[32765]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:35 itsm proftpd[32765]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:37 itsm proftpd[301]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:37 itsm proftpd[301]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:38 itsm proftpd[302]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:38 itsm proftpd[302]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:39 itsm proftpd[305]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:39 itsm proftpd[305]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:40 itsm proftpd[306]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:41 itsm proftpd[306]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:45 itsm proftpd[307]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:45 itsm proftpd[307]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:46 itsm proftpd[314]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:47 itsm proftpd[314]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:48 itsm proftpd[316]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:48 itsm proftpd[316]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:49 itsm proftpd[322]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:49 itsm proftpd[322]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:50 itsm proftpd[325]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:50 itsm proftpd[325]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'
Feb 11 20:43:52 itsm proftpd[329]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - FTP session opened.
Feb 11 20:43:52 itsm proftpd[329]: 203.105.3.101 (202.108.218.19[202.108.218.19]) - no such user 'Administrator'

[ 本帖最后由 leec1981 于 2009-2-13 10:22 编辑 ]

文库|博客

论坛徽章:: 0

2楼 [报告]

发表于 2009-02-13 10:36 |只看该作者

恩，有人在猜解你的ftp密码，不过用户名是administrator。。。

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

论坛徽章:: 1

寅虎
日期:2015-01-23 02:35:47

3楼 [报告]

发表于 2009-02-13 10:49 |只看该作者

这还算不上攻击，网络中此类行为太多了，多的数不胜数，威胁性也是比较小的，搞个规则给他限制了就是了

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

论坛徽章:: 0

4楼 [报告]

发表于 2009-02-13 10:53 |只看该作者

回复 #2 supertcy 的帖子

每隔1秒钟就试一次，对这服务器有影响吧。而且每隔一段时间IP 也会换。。

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

论坛徽章:: 0

5楼 [报告]

发表于 2009-02-13 10:57 |只看该作者

原帖由 leec1981 于 2009-2-13 10:53 发表
每隔1秒钟就试一次，对这服务器有影响吧。而且每隔一段时间IP 也会换。。

影响不大；你的密码足够复杂的话，可以不用管它；

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

论坛徽章:: 0

6楼 [报告]

发表于 2009-02-13 10:59 |只看该作者

赫赫,怎么有人用admintrator来猜解啊??
莫非他以为是瘟到死?? 那也不该是ftp啊

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

论坛徽章:: 0

7楼 [报告]

发表于 2009-02-13 11:00 |只看该作者

对,用iptables做掉他

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

论坛徽章:: 0

8楼 [报告]

发表于 2009-02-13 11:02 |只看该作者

问题不大..iptables DROP就ok

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

论坛徽章:: 0

9楼 [报告]

发表于 2009-02-13 11:24 |只看该作者

回复 #8 jianasonic 的帖子

ip 在不停的换

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

论坛徽章:: 0

10楼 [报告]

发表于 2009-02-13 12:11 |只看该作者

原帖由 leec1981 于 2009-2-13 11:24 发表
ip 在不停的换

不怕，如果你确实惦记着，iptables 里ftp端口只对你需要的几个IP开放

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

12 / 2 页下一页

发新帖

Chinaunix › 论坛 › 操作系统 › Linux系统管理 › 帮忙看下系统日志，是不是受到攻击啊

北京盛拓优讯信息技术有限公司. 版权所有京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号：11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员联系我们：huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP