今天我注意到我的 /var/log/secure 文件越来越大。这很奇怪,当我检查尾巴时,我得到了这样的东西:
Sep 6 18:37:58 asdf sshd[17615]: Failed password for root from 200.85.122.11 port 36126 ssh2
Sep 6 18:37:58 asdf sshd[17616]: Received disconnect from 200.85.122.11: 11: Bye Bye
Sep 6 18:38:00 asdf sshd[17618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.122.11 user=root
Sep 6 18:38:02 asdf sshd[17618]: Failed password for root from 200.85.122.11 port 36445 ssh2
Sep 6 18:38:02 asdf sshd[17619]: Received disconnect from 200.85.122.11: 11: Bye Bye
Sep 6 18:38:04 asdf sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.122.11 user=root
Sep 6 18:38:06 asdf sshd[17623]: Failed password for root from 200.85.122.11 port 36776 ssh2
Sep 6 18:38:06 asdf sshd[17624]: Received disconnect from 200.85.122.11: 11: Bye Bye
Sep 6 18:38:08 asdf sshd[17626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.122.11 user=root
Sep 6 18:38:10 asdf sshd[17626]: Failed password for root from 200.85.122.11 port 37072 ssh2
Sep 6 18:38:11 asdf sshd[17627]: Received disconnect from 200.85.122.11: 11: Bye Bye
Sep 6 18:38:13 asdf sshd[17689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.122.11 user=root
Sep 6 18:38:15 asdf sshd[17689]: Failed password for root from 200.85.122.11 port 37390 ssh2
Sep 6 18:38:15 asdf sshd[17690]: Received disconnect from 200.85.122.11: 11: Bye Bye
Sep 6 18:38:17 asdf sshd[17700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.122.11 user=root
这看起来好像有人试图找到我的服务器的密码。
如何在多次尝试登录失败后阻止 IP(例如,如果在过去一小时内 10 次尝试登录失败,但是现在我的 VPS 每分钟至少收到 100 个失败的登录请求)。实际上,密码对于暴力破解来说太长太复杂了,但我不确定这种暴力破解是否会导致服务器负载。