这是一个创建于 3330 天前的主题,其中的信息可能已经有所发展或是发生改变。
频繁发动 SSH 攻击的 IP :
'222.186.26.174',
'5.153.45.166', ---超频繁
'61.244.49.137',
'65.181.124.194',
'89.248.168.148',
'93.174.93.20',
'93.174.93.239',
‘ 94.102.49.105',
IP :
'103.27.27.36',
'109.198.89.138',
'109.206.110.182',
'113.16.198.91',
'115.192.254.60',
'115.196.212.222',
'115.204.116.111',
'115.211.124.13',
'116.54.200.75',
'119.120.131.169',
'122.234.78.194',
'122.243.188.48',
'123.194.228.7',
'123.246.65.254',
'123.96.138.216',
'125.107.139.88',
'125.121.148.164',
'125.69.14.84',
'131.100.240.2',
'134.3.167.24',
'138.188.18.168',
'138.219.54.164',
'14.102.4.94',
'14.114.130.39',
'168.167.133.22',
'171.221.248.58',
'177.11.44.73',
'177.155.209.223',
'177.155.222.206',
'177.91.57.156',
'178.234.75.75',
'178.234.80.10',
'178.251.42.124',
'183.103.186.115',
'183.129.154.42',
'183.154.64.175',
'187.102.25.228',
'187.111.55.175',
'187.111.56.143',
'187.63.160.1',
'188.26.248.162',
'188.60.122.13',
'193.43.234.249',
'199.48.164.30',
'211.181.166.246',
'216.134.234.218',
'216.36.186.252',
'218.72.108.132',
'222.186.26.174',
'222.209.56.59',
'31.204.150.106',
'37.76.170.125',
'42.203.43.118',
'43.229.53.15',
'43.252.242.4',
'46.48.180.11',
'5.139.150.237',
'5.139.36.239',
'5.139.61.161',
'5.153.45.166',
'58.30.243.89',
'60.176.2.154',
'60.182.212.178',
'61.153.122.139',
'61.244.49.137',
'65.181.124.194',
'77.120.133.250',
'78.98.127.45',
'84.197.167.42',
'86.77.221.29',
'89.204.81.71',
'89.248.168.148',
'93.174.93.20',
'93.174.93.239',
'94.102.49.105'
19 条回复 • 2015-10-06 22:01:11 +08:00
 |
1
feather12315 2015-09-27 00:47:00 +08:00 via Android
楼主目的邪恶
|
 |
2
alect 2015-09-27 00:49:29 +08:00
昨天刚被破了 ssh 。。。几个小时带宽占尽,跑了 1TB 多的流量。。
 |
 |
3
xrui 2015-09-27 00:49:49 +08:00 via Android
我 fail2ban 和 denyhosts 的 log 怎么也得上千条了
|
 |
4
paperpeper OP @feather12315 哈哈,以供赏玩
|
|
5
paperpeper OP @alect 这是最恶心的
|
 |
6
xmoon 2015-09-27 02:04:38 +08:00
我现在主力的 vps 不用 22 买来到现在 密码加密 至今没人扫
|
|
7
paperpeper OP @xmoon 不用 22 ,其他端口不是也会被扫描到吗?
|
 |
8
kslr 2015-09-27 03:21:17 +08:00 via Android
@paperpeper 大部分都是批量撒网
|
 |
9
xierch 2015-09-27 03:58:36 +08:00
我的 fail2ban 日志也不短 _(:з」∠)_
|
 |
10
lavadore 2015-09-27 04:38:59 +08:00
@paperpeper 大部分都是只扫 22 的,除非有人针对你一台机器扫
|
 |
11
kiritoalex 2015-09-27 05:47:12 +08:00 via Android
其实可以分为某 墙和黑客部署的服务器
我当时部署捕蝇草时发现中国 IP 居多,也难怪被美国所诟病,不知道的还真的以为 xxxxxxxxi |
 |
12
Jocktaa 2015-09-27 08:25:47 +08:00
端口改掉 使用证书登陆
|
 |
13
shenqi 2015-09-27 08:32:28 +08:00
看了下,没我的 ip ,放心了。
|
 |
14
Bardon 2015-09-27 08:36:04 +08:00
就是肉鸡,批量扫 ip 用的
一般开 22 端口的, 24 小时, ip 就达到一个数量级了,改端口能避免 |
 |
15
Starduster 2015-09-27 09:00:37 +08:00
|
|
16
kiritoalex 2015-09-27 09:30:49 +08:00
|
 |
17
htfy96 2015-09-27 11:28:12 +08:00
|
 |
18
xiaozhizhu1997 2015-09-27 11:32:47 +08:00
@kiritoalex 国内有的机房对这种行为管得很宽,比如 222.186.x.x 的镇江电信
|
 |
19
lenovo 2015-10-06 22:01:11 +08:00
把我 3 台 VPS 的 SSH log 统计了一下
https://github.com/CNMan/ssh/blob/master/IP_location.csv |
Select Language