这是一个创建于 1888 天前的主题,其中的信息可能已经有所发展或是发生改变。
Centos 6 x86 bbr LA 机房
之前一直正常使用,最近发现端口在国内无法访问
一开始没在意,就换了端口继续用,过了一天不到又 closed,于是去看了日志
发现最后几次连接是由不同 IP 发来的恶意连接请求,这些请求之后端口就被 closed 了
这属于服务器被攻击吗?
log:
2019-09-21 21:08:40 WARNING unsupported addrtype 78, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 221.198.83.14:59208
2019-09-21 21:08:40 WARNING unsupported addrtype 181, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 219.143.174.157:25665
2019-09-21 21:08:40 WARNING unsupported addrtype 93, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 223.166.74.157:59194
2019-09-21 21:08:40 WARNING unsupported addrtype 209, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 171.36.133.60:59190
2019-09-21 21:08:40 WARNING unsupported addrtype 230, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 175.42.2.81:59206
2019-09-21 21:08:40 WARNING unsupported addrtype 169, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 59.173.153.107:59192
2019-09-21 21:08:40 WARNING unsupported addrtype 234, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 58.19.92.207:4857
2019-09-21 21:08:40 WARNING unsupported addrtype 50, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 36.32.3.90:59210
2019-09-21 21:08:40 WARNING unsupported addrtype 189, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 220.200.164.85:59200
2019-09-21 21:08:40 INFO connecting <8e>ÊÎO^TgH<84>&Ì8^K<81>)D:4186 from 175.152.109.65:59202
2019-09-21 21:08:40 ERROR invalid hostname: <8e>ÊÎO^TgH<84>&Ì8^K<81>)D when handling connection from 175.152.109.65:59202
2019-09-21 21:08:40 WARNING unsupported addrtype 206, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 125.84.177.43:1559
2019-09-21 21:08:40 WARNING unsupported addrtype 126, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 124.88.112.129:1759
2019-09-21 21:08:40 WARNING unsupported addrtype 142, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR can not parse header when handling connection from 124.225.43.91:59188
一些想法
- 通过限制连接次数,判断出恶意连接后,拒绝陌生 ip 的访问(比如只能连 3 次,错误超过 3 次后列入黑名单)
- 建立白名单,只允许白名单内的 IP 访问该端口
希望各位能够推荐一些方法或应用 (抱拳
2 条回复 • 2019-09-23 02:55:06 +08:00
 |
1
mason961125 2019-09-22 17:01:08 +08:00
fail2ban
|
 |
2
invalidtoken 2019-09-23 02:55:06 +08:00 via Android
被识别和探测了吧...
换个不那么古老的协议,改一下密码 |
Select Language