Logwatch を見ていたら
へんな ssh アクセス多すぎでしょ。常識的に考えて。
ssh:
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.80.245.105 user=root: 644 Time(s)
check pass; user unknown: 209 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.80.245.105 : 166 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.175.198.34 user=root: 59 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.175.198.34 : 43 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.80.245.105 user=irc: 15 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.80.245.105 user=news: 8 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.80.245.105 user=games: 7 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.80.245.105 user=daemon: 6 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.80.245.105 user=backup: 5 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.80.245.105 user=mail: 4 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.175.198.34 user=irc: 2 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.80.245.105 user=www-data: 2 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.175.198.34 user=backup: 1 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.175.198.34 user=nobody: 1 Time(s)
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.175.198.34 user=www-data: 1 Time(s)
そんなわけで
を参考に iptables を設定したところ、見事にアクセスがなくなりました。
どんだけ〜。
