Добрый день,
Вот такие жалобы поступили на сервер:
1.
We have detected abuse from the IP address 46.182.30.74. See below for how we obtained your email address in case it is wrong. We would appreciate if you would investigate and take action as appropriate.
** THIS IP ADDRESS IS NULL ROUTED on our entire network, including peering and transit, for a period of time not exceeding 24 hours from the date and time of this email. YOU ARE NOT REQUIRED to reply to this email unless you need more information.
You can see more information on this incident by reviewing the data at http://darknet.superb.net/ip/46.182.30.74 and log lines are given below. Please ask if you require any further information.
2.
you receive this automatically generated mail based on WHOIS and/or SOA information from the IP 46.182.30.74, because a SSH bruteforce attack was executed towards our host (ID 12) from that origin.
3.
Note: Local timezone is +0300 (EEST)
May 3 20:50:16 boomer sshd[949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root
May 3 20:50:18 boomer sshd[949]: Failed password for root from 46.182.30.74 port 47011 ssh2
May 3 20:50:18 boomer sshd[950]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 3 20:50:19 boomer sshd[951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root
May 3 20:50:21 boomer sshd[951]: Failed password for root from 46.182.30.74 port 48012 ssh2
May 3 20:50:21 boomer sshd[952]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 3 20:50:21 boomer sshd[953]: Invalid user blonda from 46.182.30.74
May 3 20:50:21 boomer sshd[953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74
May 3 20:50:24 boomer sshd[953]: Failed password for invalid user blonda from 46.182.30.74 port 48980 ssh2
May 3 20:50:24 boomer sshd[954]: Received disconnect from 46.182.30.74: 11: Bye Bye
4.
In an effort to protect our service from further brute force attacks, we have blacklisted your/your clients host. Furthermore, this IP address has been uploaded to DenyHosts' centralised database. This means that this IP address will also shortly be blacklisted by any member who queries DenyHosts' central database.
Please find attached an excerpt from our logfiles. All times shown are in GMT+1:
May 4 02:46:25 holoforum sshd[12750]: User root from 46.182.30.74 not allowed because not listed in AllowUsers
May 4 02:46:25 holoforum sshd[12750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root
May 4 02:46:26 holoforum sshd[12750]: Failed password for invalid user root from 46.182.30.74 port 42583 ssh2
May 4 02:46:26 holoforum sshd[12753]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:27 holoforum sshd[12755]: User root from 46.182.30.74 not allowed because not listed in AllowUsers
May 4 02:46:27 holoforum sshd[12755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root
May 4 02:46:28 holoforum sshd[12755]: Failed password for invalid user root from 46.182.30.74 port 43782 ssh2
May 4 02:46:28 holoforum sshd[12758]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:29 holoforum sshd[12759]: Invalid user blonda from 46.182.30.74
May 4 02:46:29 holoforum sshd[12759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74
May 4 02:46:31 holoforum sshd[12759]: Failed password for invalid user blonda from 46.182.30.74 port 45010 ssh2
May 4 02:46:31 holoforum sshd[12762]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:31 holoforum sshd[12764]: User root from 46.182.30.74 not allowed because not listed in AllowUsers
May 4 02:46:31 holoforum sshd[12764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root
May 4 02:46:33 holoforum sshd[12764]: Failed password for invalid user root from 46.182.30.74 port 46337 ssh2
May 4 02:46:33 holoforum sshd[12767]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:34 holoforum sshd[12768]: Invalid user nan from 46.182.30.74
May 4 02:46:34 holoforum sshd[12768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74
May 4 02:46:35 holoforum sshd[12768]: Failed password for invalid user nan from 46.182.30.74 port 47565 ssh2
May 4 02:46:35 holoforum sshd[12771]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:36 holoforum sshd[12773]: Invalid user gusr from 46.182.30.74
May 4 02:46:36 holoforum sshd[12773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74
May 4 02:46:38 holoforum sshd[12773]: Failed password for invalid user gusr from 46.182.30.74 port 48638 ssh2
May 4 02:46:38 holoforum sshd[12776]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:39 holoforum sshd[12777]: Invalid user postgres from 46.182.30.74
May 4 02:46:39 holoforum sshd[12777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74
May 4 02:46:40 holoforum sshd[12777]: Failed password for invalid user postgres from 46.182.30.74 port 49911 ssh2
May 4 02:46:40 holoforum sshd[12780]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:41 holoforum sshd[12782]: User root from 46.182.30.74 not allowed because not listed in AllowUsers
May 4 02:46:41 holoforum sshd[12782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root
May 4 02:46:43 holoforum sshd[12782]: Failed password for invalid user root from 46.182.30.74 port 51059 ssh2
May 4 02:46:43 holoforum sshd[12785]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:43 holoforum sshd[12786]: User root from 46.182.30.74 not allowed because not listed in AllowUsers
May 4 02:46:43 holoforum sshd[12786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root
May 4 02:46:45 holoforum sshd[12786]: Failed password for invalid user root from 46.182.30.74 port 52199 ssh2
May 4 02:46:45 holoforum sshd[12789]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:46 holoforum sshd[12791]: User root from 46.182.30.74 not allowed because not listed in AllowUsers
May 4 02:46:46 holoforum sshd[12791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root
May 4 02:46:47 holoforum sshd[12791]: Failed password for invalid user root from 46.182.30.74 port 53296 ssh2
May 4 02:46:47 holoforum sshd[12794]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:48 holoforum sshd[12795]: Invalid user plesk from 46.182.30.74
May 4 02:46:48 holoforum sshd[12795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74
May 4 02:46:50 holoforum sshd[12795]: Failed password for invalid user plesk from 46.182.30.74 port 54267 ssh2
May 4 02:46:50 holoforum sshd[12798]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:51 holoforum sshd[12800]: User root from 46.182.30.74 not allowed because not listed in AllowUsers
May 4 02:46:51 holoforum sshd[12800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root
May 4 02:46:53 holoforum sshd[12800]: Failed password for invalid user root from 46.182.30.74 port 55482 ssh2
May 4 02:46:53 holoforum sshd[12803]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:53 holoforum sshd[12804]: User root from 46.182.30.74 not allowed because not listed in AllowUsers
May 4 02:46:53 holoforum sshd[12804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root
May 4 02:46:55 holoforum sshd[12804]: Failed password for invalid user root from 46.182.30.74 port 56678 ssh2
May 4 02:46:55 holoforum sshd[12807]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:56 holoforum sshd[12810]: User root from 46.182.30.74 not allowed because not listed in AllowUsers
May 4 02:46:56 holoforum sshd[12810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root
May 4 02:46:57 holoforum sshd[12810]: Failed password for invalid user root from 46.182.30.74 port 57803 ssh2
May 4 02:46:57 holoforum sshd[12814]: Received disconnect from 46.182.30.74: 11: Bye Bye
May 4 02:46:57 holoforum sshd[12838]: refused connect from 46.182.30.74 (46.182.30.74)
В общем тысячи их.
Саппорт пишет:
Исходя из жалоб поступающих к нам, следует что на Вашем сервере присутствует вредоносное ПО/код/вирусы по средствам которых происходит подключение/перебор паролей к другим сервисам от которых приходят жалобы.
Попробуйте проанализировать систему, проверить на наличие вирусов. Так же необходимо сменить все пароли. В идеале это будет переустановка системы.
Так же вы можете проверить свой сервер на предмет подозрительной активности, возможно он был скомпрометирован или используются имеющиеся на нем уязвимости.
Нужен специалист в области системного администрирования, с хорошим стажем работы. С возможностью связи по телефону, ICQ/Skype. Человек должен прекрасно разбираться в операционных системах семейства Linux. Используем в работе Debian, Centos, Apache, nginx, exim, и т.д. Крайне важно знание панелей ...
Нужен администратор для сайта на Wordpress. Адрес сайта www.osbspb.ru На начальном этапе нагрузка небольшая: наполнение контентом, изменения внутри сайта. Сайт новый, продвижение не нужно.
На данный момент настроена связка, по которой бекап падает на специальный backup-сервер, но при добавлении новых сайтов они туда уже не попадают. Необходимо доработать.
Требуется настроить сервер для работы cms Kernel Video Sharing.
есть затык с Git нужны консультации спеца разрешить конфликты при слиянии веток
Есть проблема с настройкой PHP 5 через FastCGI на IIS 6, система Server 2003 x86, ошибка 258, таймаут. Если есть желающие помочь разобраться с причиной - пишите сразу в Jabber (предпочтительно) или Skype, отблагодарю нормально.
Имеется проект - нужно его настроить по этой инструкции http://wiki.twifarmv3.ru/%D0%BD%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B9%D0%BA%D0%B8#cron В самой ферме все настроено, нужно настроить только на сервере. Панель ISPmanager.
Нужно установить права дорступа к папке, настроить почту. Стоит vesta
при чеке на port25.com выдает SPF check: pass DomainKeys check: permerror DKIM check: pass Sender-ID check: permerror SpamAssassin ...
Доброго дня, Имеется банальная проблема на серваке: не работают базы данных. Хостер - http://hetzner.de/, панель - webmin. Есть root доступ. Выдается сообщение - Сервер MySQL не запущен на вашей системе - список базы данных не может быть ...
