关于 ssh 日志/var/log/secure 的攻击日志
saleacy · 2022-04-05 12:28:43 +08:00 via Android · 1499 次点击这是一个创建于 952 天前的主题,其中的信息可能已经有所发展或是发生改变。
我服务器暴露公网的,今天看 secure 日志发现了以下错误
sshd[15979]: Bad protocol version identification 'GET / HTTP/1.1' from 209.17.96.58 port 52775
sshd[30025]: Bad protocol version identification '\026\003\001\002' from 39.103.146.185 port 60166
sshd[30026]: Bad protocol version identification 'GET / HTTP/1.1' from 39.103.146.185 port 60168
sshd[30027]: Bad protocol version identification 'GET / HTTP/2' from 39.103.146.185 port 60176
sshd[30028]: Bad protocol version identification '\026\003\001\002' from 39.103.146.185 port 60178
sshd[30029]: Bad protocol version identification 'GET / HTTP/1.1' from 39.103.146.185 port 60186
sshd[30030]: Bad protocol version identification 'GET / HTTP/2' from 39.103.146.185 port 60190
这是啥攻击方式,有大佬清楚吗?
sshd[15979]: Bad protocol version identification 'GET / HTTP/1.1' from 209.17.96.58 port 52775
sshd[30025]: Bad protocol version identification '\026\003\001\002' from 39.103.146.185 port 60166
sshd[30026]: Bad protocol version identification 'GET / HTTP/1.1' from 39.103.146.185 port 60168
sshd[30027]: Bad protocol version identification 'GET / HTTP/2' from 39.103.146.185 port 60176
sshd[30028]: Bad protocol version identification '\026\003\001\002' from 39.103.146.185 port 60178
sshd[30029]: Bad protocol version identification 'GET / HTTP/1.1' from 39.103.146.185 port 60186
sshd[30030]: Bad protocol version identification 'GET / HTTP/2' from 39.103.146.185 port 60190
这是啥攻击方式,有大佬清楚吗?
4 条回复 • 2022-04-06 05:24:40 +08:00
 |
1
jim9606 2022-04-05 13:08:42 +08:00  2
各种自动端口扫描器,也可以说“互联网背景辐射”。
一般来说连记日志的价值都没有。 |
 |
2
polaa 2022-04-05 13:33:12 +08:00 2
不是攻击,网络空间资产测绘而已
|
 |
3
AlphaTauriHonda 2022-04-05 15:56:25 +08:00
39.103.146.185 不知道这个 Aliyun 北京的服务器在扫描什么,HTTP 和 HTTPS 吗?
|
 |
4
ferstar 2022-04-06 05:24:40 +08:00 via Android
换到 443 端口,世界安静了😏,用 nginx 回落
|
Select Language