1
ssh 一分钟被打 1000 次, fail2ban 有用吗?
source link: https://www.v2ex.com/t/848484
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Apr 20 23:40:03 debian99 sshd[2443]: Failed password for invalid user liyanjun from 134.209.229.252 port 44720 ssh2
Apr 20 23:40:03 debian99 sshd[2450]: Failed password for invalid user liyaocheng from 134.209.229.252 port 44948 ssh2
Apr 20 23:40:03 debian99 sshd[2453]: Failed password for invalid user liyifei from 134.209.229.252 port 45180 ssh2
Apr 20 23:40:03 debian99 sshd[2431]: Failed password for invalid user lixy from 134.209.229.252 port 43946 ssh2
Apr 20 23:40:03 debian99 sshd[2415]: Failed password for invalid user lixiang from 134.209.229.252 port 43168 ssh2
Apr 20 23:40:03 debian99 sshd[2459]: Failed password for invalid user liyongmin from 134.209.229.252 port 45918 ssh2
Apr 20 23:40:03 debian99 sshd[2441]: Failed password for invalid user liyanhao from 134.209.229.252 port 44636 ssh2
Apr 20 23:40:03 debian99 sshd[2446]: Failed password for invalid user liyanjun from 134.209.229.252 port 44794 ssh2
@:~$ sudo cat /var/log/auth.log | grep 134.209.229.252 | grep invalid | wc -l
948
@:~$
暂时没用 fail2ban ,自己写个脚本,每一分钟扫一次 auth.log,大于 10 次就 ban ,但是有的 ip 一分钟就能尝试 1000 次,太凶残了,能限制 ssh 并发个数吗,超过 10 个,就不要管了。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK