上篇文章讲到在fail2ban日志中发现大量来自103.41.124.0网段的不同IP的攻击,针对这种自动更换ip地址的暴力破解,fail2ban的默认配置是无能为力的。但是看了下fail2ban的文档之后,发现只需要修改一下默认的配置文件,就能够实现自动屏蔽整个网段的功能,防止这种更换ip地址的暴力破解方式。下面就来动手操作一下
fail2ban日志分析
最近更新了bail2ban的策略,改为了永久禁止访问,今天查看了一下日志,结果发现有一个网段的ip地址频繁出现
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
2015-02-13 18:08:57,207 fail2ban.actions: WARNING [ssh] Ban 103.41.124.33 2015-02-13 18:09:16,248 fail2ban.actions: WARNING [ssh] Ban 103.41.124.16 2015-02-13 19:00:02,999 fail2ban.actions: WARNING [ssh] Ban 103.41.124.27 2015-02-13 19:16:27,926 fail2ban.actions: WARNING [ssh] Ban 103.41.124.35 2015-02-13 20:00:40,905 fail2ban.actions: WARNING [ssh] Ban 103.41.124.34 2015-02-13 20:00:44,936 fail2ban.actions: WARNING [ssh] Ban 103.41.124.100 2015-02-13 21:06:59,809 fail2ban.actions: WARNING [ssh] Ban 103.41.124.50 2015-02-13 21:16:57,486 fail2ban.actions: WARNING [ssh] Ban 103.41.124.43 2015-02-13 21:58:26,833 fail2ban.actions: WARNING [ssh] Ban 103.41.124.41 2015-02-13 22:49:11,007 fail2ban.actions: WARNING [ssh] Ban 103.41.124.32 2015-02-13 23:04:09,953 fail2ban.actions: WARNING [ssh] Ban 103.41.124.45 2015-02-13 23:48:15,939 fail2ban.actions: WARNING [ssh] Ban 103.41.124.31 2015-02-14 01:09:43,018 fail2ban.actions: WARNING [ssh] Ban 103.41.124.25 2015-02-14 01:10:19,081 fail2ban.actions: WARNING [ssh] Ban 103.41.124.59 2015-02-14 02:01:26,588 fail2ban.actions: WARNING [ssh] Ban 103.41.124.15 2015-02-14 02:17:38,680 fail2ban.actions: WARNING [ssh] Ban 103.41.124.55 2015-02-14 03:02:33,731 fail2ban.actions: WARNING [ssh] Ban 103.41.124.39 2015-02-14 04:04:54,910 fail2ban.actions: WARNING [ssh] Ban 103.41.124.101 2015-02-14 04:12:04,420 fail2ban.actions: WARNING [ssh] Ban 103.41.124.30 2015-02-14 04:57:14,321 fail2ban.actions: WARNING [ssh] Ban 103.41.124.19 2015-02-14 06:06:29,596 fail2ban.actions: WARNING [ssh] Ban 103.41.124.40 2015-02-14 06:48:14,308 fail2ban.actions: WARNING [ssh] Ban 103.41.124.61 2015-02-14 06:48:14,331 fail2ban.actions: WARNING [ssh] Ban 103.41.124.53 2015-02-14 07:57:25,026 fail2ban.actions: WARNING [ssh] Ban 103.41.124.20 2015-02-14 08:44:33,402 fail2ban.actions: WARNING [ssh] Ban 103.41.124.48 2015-02-14 09:48:18,648 fail2ban.actions: WARNING [ssh] Ban 103.41.124.28 2015-02-14 10:30:31,395 fail2ban.actions: WARNING [ssh] Ban 103.41.124.63 2015-02-14 12:34:26,457 fail2ban.actions: WARNING [ssh] Ban 103.41.124.111 2015-02-14 13:18:15,364 fail2ban.actions: WARNING [ssh] Ban 103.41.124.64 2015-02-14 14:16:19,407 fail2ban.actions: WARNING [ssh] Ban 103.41.124.46 2015-02-14 15:14:35,912 fail2ban.actions: WARNING [ssh] Ban 103.41.124.22 2015-02-14 15:29:50,005 fail2ban.actions: WARNING [ssh] Ban 103.41.124.42 2015-02-14 16:16:53,012 fail2ban.actions: WARNING [ssh] Ban 103.41.124.17 2015-02-14 17:09:27,315 fail2ban.actions: WARNING [ssh] Ban 103.41.124.102 |
于是去Google搜索了一下,发现这个ip段在blocklist.de上已经有很多被fail2ban禁止的记录了,估计是一个专门穷举破解SSH密码的组织。想想自动换ip这招实在很厉害,fan2ban对这类自动更换ip地址的暴力破解完全是无解的,如果能够自动屏蔽网段就好了。
Debian7下Apache2的配置方法
Debian 7下面安装的Apache2的配置方式与普通的Linux系统有些不一样,很多原本在apache2.conf里的配置现在都在不同的地方设置。下面就来一一介绍一下。
使用W3 Total Cache插件优化前后对比
在使用了Memcache作为W3 Total Cache的缓存引擎之后,页面的加载时间对比
在Debian系统的VPS主机上配置W3 Total Cache
通过上一篇文章设置完W3 Total Cache的环境之后,下面来配置W3 Total Cache的选项