Donc j'ai tapé journalctl
après SSH (ING) dans le serveur et obtenu la sortie suivante: (SO est une personne qui essaie de pirater le système ou est-elle de mon côté?) (Notez également que le timing indique 5 heures du matin? Mais probablement Aucun de nous ne se connecte à System à cette époque? Donc quelque chose d'Apache/Ubuntu?)
Apr 30 05:38:59 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
Apr 30 05:38:56 bosc-chat sshd[13592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12 user=root
Apr 30 05:38:55 bosc-chat sshd[13590]: Failed password for root from 218.92.0.133 port 52094 ssh2
Apr 30 05:38:54 bosc-chat sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133 user=root
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM service(sshd) ignoring max retries; 6 > 3
Apr 30 05:38:53 bosc-chat sshd[13566]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.82.12 user=root
Apr 30 05:38:53 bosc-chat sshd[13566]: Disconnecting authenticating user root 58.242.82.12 port 58191: Too many authentication failures [preauth]
Apr 30 05:38:53 bosc-chat sshd[13566]: error: maximum authentication attempts exceeded for root from 58.242.82.12 port 58191 ssh2 [preauth]
Apr 30 05:38:53 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM service(sshd) ignoring max retries; 6 > 3
Apr 30 05:38:50 bosc-chat sshd[13558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133 user=root
Apr 30 05:38:50 bosc-chat sshd[13558]: Disconnecting authenticating user root 218.92.0.133 port 24314: Too many authentication failures [preauth]
Apr 30 05:38:50 bosc-chat sshd[13558]: error: maximum authentication attempts exceeded for root from 218.92.0.133 port 24314 ssh2 [preauth]
Apr 30 05:38:50 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:50 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:47 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:47 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:45 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:44 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:42 bosc-chat sshd[13560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207 user=root
Apr 30 05:38:42 bosc-chat sshd[13560]: Disconnected from authenticating user root 218.92.0.207 port 40772 [preauth]
Apr 30 05:38:42 bosc-chat sshd[13560]: Received disconnect from 218.92.0.207 port 40772:11: [preauth]
Apr 30 05:38:42 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:42 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
Apr 30 05:38:41 bosc-chat sshd[13558]: Failed password for root from 218.92.0.133 port 24314 ssh2
Apr 30 05:38:40 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
Apr 30 05:38:40 bosc-chat sshd[13566]: Failed password for root from 58.242.82.12 port 58191 ssh2
Apr 30 05:38:38 bosc-chat sshd[13560]: Failed password for root from 218.92.0.207 port 40772 ssh2
Apr 30 05:38:38 bosc-chat sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Si quelqu'un essaie vraiment de pirater, il y a quelque chose que je peux faire à ce sujet?
Merci beaucoup!
Oui, quelqu'un essaie activement de deviner votre mot de passe root.
Certaines étapes que vous pouvez faire pour atténuer la possibilité de vous faire pirater:
Je suis sûr qu'il y a d'autres choses que vous pouvez faire pour durcir votre serveur, mais ce sera un bon départ.