最近更新了bail2ban的策略,改为了永久禁止访问,今天查看了一下日志,结果发现有一个网段的ip地址频繁出现
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
2015-02-13 18:08:57,207 fail2ban.actions: WARNING [ssh] Ban 103.41.124.33 2015-02-13 18:09:16,248 fail2ban.actions: WARNING [ssh] Ban 103.41.124.16 2015-02-13 19:00:02,999 fail2ban.actions: WARNING [ssh] Ban 103.41.124.27 2015-02-13 19:16:27,926 fail2ban.actions: WARNING [ssh] Ban 103.41.124.35 2015-02-13 20:00:40,905 fail2ban.actions: WARNING [ssh] Ban 103.41.124.34 2015-02-13 20:00:44,936 fail2ban.actions: WARNING [ssh] Ban 103.41.124.100 2015-02-13 21:06:59,809 fail2ban.actions: WARNING [ssh] Ban 103.41.124.50 2015-02-13 21:16:57,486 fail2ban.actions: WARNING [ssh] Ban 103.41.124.43 2015-02-13 21:58:26,833 fail2ban.actions: WARNING [ssh] Ban 103.41.124.41 2015-02-13 22:49:11,007 fail2ban.actions: WARNING [ssh] Ban 103.41.124.32 2015-02-13 23:04:09,953 fail2ban.actions: WARNING [ssh] Ban 103.41.124.45 2015-02-13 23:48:15,939 fail2ban.actions: WARNING [ssh] Ban 103.41.124.31 2015-02-14 01:09:43,018 fail2ban.actions: WARNING [ssh] Ban 103.41.124.25 2015-02-14 01:10:19,081 fail2ban.actions: WARNING [ssh] Ban 103.41.124.59 2015-02-14 02:01:26,588 fail2ban.actions: WARNING [ssh] Ban 103.41.124.15 2015-02-14 02:17:38,680 fail2ban.actions: WARNING [ssh] Ban 103.41.124.55 2015-02-14 03:02:33,731 fail2ban.actions: WARNING [ssh] Ban 103.41.124.39 2015-02-14 04:04:54,910 fail2ban.actions: WARNING [ssh] Ban 103.41.124.101 2015-02-14 04:12:04,420 fail2ban.actions: WARNING [ssh] Ban 103.41.124.30 2015-02-14 04:57:14,321 fail2ban.actions: WARNING [ssh] Ban 103.41.124.19 2015-02-14 06:06:29,596 fail2ban.actions: WARNING [ssh] Ban 103.41.124.40 2015-02-14 06:48:14,308 fail2ban.actions: WARNING [ssh] Ban 103.41.124.61 2015-02-14 06:48:14,331 fail2ban.actions: WARNING [ssh] Ban 103.41.124.53 2015-02-14 07:57:25,026 fail2ban.actions: WARNING [ssh] Ban 103.41.124.20 2015-02-14 08:44:33,402 fail2ban.actions: WARNING [ssh] Ban 103.41.124.48 2015-02-14 09:48:18,648 fail2ban.actions: WARNING [ssh] Ban 103.41.124.28 2015-02-14 10:30:31,395 fail2ban.actions: WARNING [ssh] Ban 103.41.124.63 2015-02-14 12:34:26,457 fail2ban.actions: WARNING [ssh] Ban 103.41.124.111 2015-02-14 13:18:15,364 fail2ban.actions: WARNING [ssh] Ban 103.41.124.64 2015-02-14 14:16:19,407 fail2ban.actions: WARNING [ssh] Ban 103.41.124.46 2015-02-14 15:14:35,912 fail2ban.actions: WARNING [ssh] Ban 103.41.124.22 2015-02-14 15:29:50,005 fail2ban.actions: WARNING [ssh] Ban 103.41.124.42 2015-02-14 16:16:53,012 fail2ban.actions: WARNING [ssh] Ban 103.41.124.17 2015-02-14 17:09:27,315 fail2ban.actions: WARNING [ssh] Ban 103.41.124.102 |
于是去Google搜索了一下,发现这个ip段在blocklist.de上已经有很多被fail2ban禁止的记录了,估计是一个专门穷举破解SSH密码的组织。想想自动换ip这招实在很厉害,fan2ban对这类自动更换ip地址的暴力破解完全是无解的,如果能够自动屏蔽网段就好了。
另外,也发现很多国内ip地址
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
2015-02-11 19:43:04,455 fail2ban.actions: WARNING [ssh] Ban 202.63.166.71 河北省秦皇岛市 秦皇岛yanda-zhengyang电子有限公司chinyon网络(秦皇岛科技大厦614号) 2015-02-11 20:07:18,074 fail2ban.actions: WARNING [ssh] Ban 183.136.216.4 浙江省绍兴市 电信 2015-02-11 20:14:18,582 fail2ban.actions: WARNING [ssh] Ban 218.87.111.107 江西省新余市 上海网宿科技股份有限公司电信CDN节点 2015-02-11 21:42:10,025 fail2ban.actions: WARNING [ssh] Ban 218.87.111.116 江西省新余市 上海网宿科技股份有限公司电信CDN节点 2015-02-11 22:01:32,379 fail2ban.actions: WARNING [ssh] Ban 183.136.216.3 浙江省绍兴市 电信 2015-02-12 00:05:56,902 fail2ban.actions: WARNING [ssh] Ban 115.239.228.9 浙江省绍兴市 电信 2015-02-12 00:12:22,383 fail2ban.actions: WARNING [ssh] Ban 222.161.4.148 吉林省 联通 2015-02-12 03:00:15,484 fail2ban.actions: WARNING [ssh] Ban 182.100.67.112 江西省新余市 电信 2015-02-12 06:17:13,829 fail2ban.actions: WARNING [ssh] Ban 115.239.228.7 浙江省绍兴市 电信 2015-02-12 15:52:58,647 fail2ban.actions: WARNING [ssh] Ban 182.100.67.115 江西省新余市 电信 2015-02-12 19:33:38,566 fail2ban.actions: WARNING [ssh] Ban 183.136.216.6 浙江省绍兴市 电信 2015-02-12 21:07:26,451 fail2ban.actions: WARNING [ssh] Ban 59.37.87.254 广东省 电信(绿色上网全省通用) 2015-02-12 21:57:12,611 fail2ban.actions: WARNING [ssh] Ban 182.100.67.114 江西省新余市 电信 2015-02-12 22:49:10,102 fail2ban.actions: WARNING [ssh] Ban 216.99.158.83 美国 加利福尼亚州洛杉矶县沃尔纳特市Psychz网络公司 2015-02-13 00:43:37,204 fail2ban.actions: WARNING [ssh] Ban 60.191.19.185 浙江省杭州市 电信 2015-02-13 02:52:18,876 fail2ban.actions: WARNING [ssh] Ban 218.87.111.109 江西省新余市 上海网宿科技股份有限公司电信CDN节点 2015-02-13 04:57:22,189 fail2ban.actions: WARNING [ssh] Ban 59.53.94.9 江西省南昌市 电信ADSL 2015-02-13 05:13:43,280 fail2ban.actions: WARNING [ssh] Ban 58.218.213.234 江苏省徐州市 电信 2015-02-13 05:48:57,402 fail2ban.actions: WARNING [ssh] Ban 87.106.178.147 2015-02-13 07:58:29,190 fail2ban.actions: WARNING [ssh] Ban 115.231.222.42 浙江省杭州市 电信 2015-02-13 08:33:54,413 fail2ban.actions: WARNING [ssh] Ban 222.186.30.115 江苏省镇江市 电信 2015-02-13 13:53:34,402 fail2ban.actions: WARNING [ssh] Ban 113.195.145.79 江西省抚州市 联通 2015-02-13 16:00:05,345 fail2ban.actions: WARNING [ssh] Ban 58.218.213.211 江苏省徐州市 电信 2015-02-13 16:49:23,286 fail2ban.actions: WARNING [ssh] Ban 61.128.110.40 新疆 电信 2015-02-13 17:50:48,264 fail2ban.actions: WARNING [ssh] Ban 87.106.217.214 2015-02-13 18:01:03,825 fail2ban.actions: WARNING [ssh] Ban 218.65.30.92 江西省新余市 电信 2015-02-13 18:07:38,113 fail2ban.actions: WARNING [ssh] Ban 219.234.80.221 北京市 电信通 2015-02-13 19:46:50,922 fail2ban.actions: WARNING [ssh] Ban 58.218.204.172 江苏省徐州市 电信 2015-02-13 20:02:58,085 fail2ban.actions: WARNING [ssh] Ban 175.99.89.178 台湾省 2015-02-13 20:49:19,873 fail2ban.actions: WARNING [ssh] Ban 210.28.160.177 江苏省苏州市常熟市 常熟理工学院 2015-02-13 21:12:06,188 fail2ban.actions: WARNING [ssh] Ban 60.164.184.44 甘肃省嘉峪关市 电信 2015-02-13 22:13:10,820 fail2ban.actions: WARNING [ssh] Ban 203.184.128.106 香港 特别行政区 2015-02-14 00:09:46,200 fail2ban.actions: WARNING [ssh] Ban 220.189.223.171 浙江省宁波市 电信 2015-02-14 00:28:34,399 fail2ban.actions: WARNING [ssh] Ban 218.65.30.107 江西省新余市 电信 2015-02-14 05:59:42,121 fail2ban.actions: WARNING [ssh] Ban 115.239.248.237 浙江省绍兴市 电信 2015-02-14 08:26:08,065 fail2ban.actions: WARNING [ssh] Ban 182.100.67.102 江西省新余市 电信 2015-02-14 12:40:43,943 fail2ban.actions: WARNING [ssh] Ban 116.255.215.240 河南省郑州市 景安网络BGP数据中心 2015-02-14 12:45:21,216 fail2ban.actions: WARNING [ssh] Ban 202.121.199.171 上海大学 新校区 2015-02-14 13:01:43,310 fail2ban.actions: WARNING [ssh] Ban 222.161.209.92 吉林省长春市 联通 2015-02-14 14:15:45,349 fail2ban.actions: WARNING [ssh] Ban 222.178.184.102 重庆市 电信 2015-02-14 16:51:01,173 fail2ban.actions: WARNING [ssh] Ban 211.140.41.28 浙江省宁波市 移动 2015-02-14 17:17:29,854 fail2ban.actions: WARNING [ssh] Ban 27.115.0.210 上海市 联通 2015-02-14 19:56:35,189 fail2ban.actions: WARNING [ssh] Ban 211.69.143.17 华中农业大学 |
估计都是被hack,然后当作肉鸡使了。统计了下,国内的ip占到了90%左右,难怪美国说中国是网络攻击大国,看来是有根据的。想起蓝翔被美国点名,其实并不是说蓝翔黑客技术有多好,反而恰恰说明蓝翔技术烂,管理不了这么多电脑,全被黑客拿来做肉鸡。
There are no comments yet