web-dev-qa-db-ja.com

それは私だけですか、それとも人々は私のサーバーをハッキングしようとしていましたか?

この種のハッキングの試みは、通常の重要ではないサーバーでは正常ですか?今日、auth.logを確認しました。

Jul  1 15:02:22 webserver sshd[5094]: Did not receive identification string from 188.165.243.46
Jul  1 15:03:51 webserver sshd[5095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=iota10.iotanet.net  user=root
Jul  1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 15:03:51 webserver sshd[5095]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 15:03:54 webserver sshd[5095]: Failed password for root from 188.165.243.46 port 53281 ssh2
Jul  1 15:03:54 webserver sshd[5095]: Received disconnect from 188.165.243.46: 11: Bye Bye [preauth]
Jul  1 16:33:07 webserver sshd[5302]: Invalid user guest from 62.93.6.226
Jul  1 16:33:07 webserver sshd[5302]: input_userauth_request: invalid user guest [preauth]
Jul  1 16:33:07 webserver sshd[5302]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:07 webserver sshd[5302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:07 webserver sshd[5302]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:07 webserver sshd[5302]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:09 webserver sshd[5302]: Failed password for invalid user guest from 62.93.6.226 port 59027 ssh2
Jul  1 16:33:09 webserver sshd[5302]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:10 webserver sshd[5304]: Invalid user guest from 62.93.6.226
Jul  1 16:33:10 webserver sshd[5304]: input_userauth_request: invalid user guest [preauth]
Jul  1 16:33:10 webserver sshd[5304]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:10 webserver sshd[5304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:10 webserver sshd[5304]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:10 webserver sshd[5304]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:12 webserver sshd[5304]: Failed password for invalid user guest from 62.93.6.226 port 60980 ssh2
Jul  1 16:33:13 webserver sshd[5304]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:14 webserver sshd[5306]: Invalid user guest from 62.93.6.226
Jul  1 16:33:14 webserver sshd[5306]: input_userauth_request: invalid user guest [preauth]
Jul  1 16:33:14 webserver sshd[5306]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:14 webserver sshd[5306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:14 webserver sshd[5306]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:14 webserver sshd[5306]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:16 webserver sshd[5306]: Failed password for invalid user guest from 62.93.6.226 port 34999 ssh2
Jul  1 16:33:16 webserver sshd[5306]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:17 webserver sshd[5308]: Invalid user test from 62.93.6.226
Jul  1 16:33:17 webserver sshd[5308]: input_userauth_request: invalid user test [preauth]
Jul  1 16:33:17 webserver sshd[5308]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:17 webserver sshd[5308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:17 webserver sshd[5308]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:17 webserver sshd[5308]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:19 webserver sshd[5308]: Failed password for invalid user test from 62.93.6.226 port 36760 ssh2
Jul  1 16:33:19 webserver sshd[5308]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:20 webserver sshd[5310]: Invalid user test from 62.93.6.226
Jul  1 16:33:20 webserver sshd[5310]: input_userauth_request: invalid user test [preauth]
Jul  1 16:33:20 webserver sshd[5310]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:20 webserver sshd[5310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:20 webserver sshd[5310]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:20 webserver sshd[5310]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:22 webserver sshd[5310]: Failed password for invalid user test from 62.93.6.226 port 38595 ssh2
Jul  1 16:33:22 webserver sshd[5310]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:23 webserver sshd[5312]: Invalid user test from 62.93.6.226
Jul  1 16:33:23 webserver sshd[5312]: input_userauth_request: invalid user test [preauth]
Jul  1 16:33:23 webserver sshd[5312]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:23 webserver sshd[5312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:23 webserver sshd[5312]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:23 webserver sshd[5312]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:26 webserver sshd[5312]: Failed password for invalid user test from 62.93.6.226 port 40238 ssh2
Jul  1 16:33:26 webserver sshd[5312]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:27 webserver sshd[5314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=ftp
Jul  1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:27 webserver sshd[5314]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:29 webserver sshd[5314]: Failed password for ftp from 62.93.6.226 port 42089 ssh2
Jul  1 16:33:29 webserver sshd[5314]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:30 webserver sshd[5316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=ftp
Jul  1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:30 webserver sshd[5316]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:32 webserver sshd[5316]: Failed password for ftp from 62.93.6.226 port 43379 ssh2
Jul  1 16:33:32 webserver sshd[5316]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:33 webserver sshd[5318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=ftp
Jul  1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:33 webserver sshd[5318]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:35 webserver sshd[5318]: Failed password for ftp from 62.93.6.226 port 44670 ssh2
Jul  1 16:33:35 webserver sshd[5318]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:36 webserver sshd[5320]: Invalid user ftpuser from 62.93.6.226
Jul  1 16:33:36 webserver sshd[5320]: input_userauth_request: invalid user ftpuser [preauth]
Jul  1 16:33:36 webserver sshd[5320]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:36 webserver sshd[5320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:36 webserver sshd[5320]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:36 webserver sshd[5320]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:38 webserver sshd[5320]: Failed password for invalid user ftpuser from 62.93.6.226 port 46318 ssh2
Jul  1 16:33:38 webserver sshd[5320]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:39 webserver sshd[5322]: Invalid user ftpuser from 62.93.6.226
Jul  1 16:33:39 webserver sshd[5322]: input_userauth_request: invalid user ftpuser [preauth]
Jul  1 16:33:39 webserver sshd[5322]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:39 webserver sshd[5322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:39 webserver sshd[5322]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:39 webserver sshd[5322]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:41 webserver sshd[5322]: Failed password for invalid user ftpuser from 62.93.6.226 port 47653 ssh2
Jul  1 16:33:41 webserver sshd[5322]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:43 webserver sshd[5324]: Invalid user ftpuser from 62.93.6.226
Jul  1 16:33:43 webserver sshd[5324]: input_userauth_request: invalid user ftpuser [preauth]
Jul  1 16:33:43 webserver sshd[5324]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:43 webserver sshd[5324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:43 webserver sshd[5324]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:43 webserver sshd[5324]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:45 webserver sshd[5324]: Failed password for invalid user ftpuser from 62.93.6.226 port 49269 ssh2
Jul  1 16:33:45 webserver sshd[5324]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:46 webserver sshd[5326]: Invalid user library from 62.93.6.226
Jul  1 16:33:46 webserver sshd[5326]: input_userauth_request: invalid user library [preauth]
Jul  1 16:33:46 webserver sshd[5326]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:46 webserver sshd[5326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:46 webserver sshd[5326]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:46 webserver sshd[5326]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:48 webserver sshd[5326]: Failed password for invalid user library from 62.93.6.226 port 50591 ssh2
Jul  1 16:33:48 webserver sshd[5326]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:49 webserver sshd[5328]: Invalid user library from 62.93.6.226
Jul  1 16:33:49 webserver sshd[5328]: input_userauth_request: invalid user library [preauth]
Jul  1 16:33:49 webserver sshd[5328]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:49 webserver sshd[5328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:49 webserver sshd[5328]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:49 webserver sshd[5328]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:51 webserver sshd[5328]: Failed password for invalid user library from 62.93.6.226 port 51906 ssh2
Jul  1 16:33:51 webserver sshd[5328]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:52 webserver sshd[5330]: Invalid user library from 62.93.6.226
Jul  1 16:33:52 webserver sshd[5330]: input_userauth_request: invalid user library [preauth]
Jul  1 16:33:52 webserver sshd[5330]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:33:52 webserver sshd[5330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:33:52 webserver sshd[5330]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:52 webserver sshd[5330]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:54 webserver sshd[5330]: Failed password for invalid user library from 62.93.6.226 port 53246 ssh2
Jul  1 16:33:55 webserver sshd[5330]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:56 webserver sshd[5332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=mysql
Jul  1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:56 webserver sshd[5332]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:33:58 webserver sshd[5332]: Failed password for mysql from 62.93.6.226 port 54760 ssh2
Jul  1 16:33:58 webserver sshd[5332]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:33:59 webserver sshd[5334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=mysql
Jul  1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:33:59 webserver sshd[5334]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:34:02 webserver sshd[5334]: Failed password for mysql from 62.93.6.226 port 56357 ssh2
Jul  1 16:34:02 webserver sshd[5334]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:34:03 webserver sshd[5336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de  user=mysql
Jul  1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:34:03 webserver sshd[5336]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Jul  1 16:34:05 webserver sshd[5336]: Failed password for mysql from 62.93.6.226 port 58251 ssh2
Jul  1 16:34:05 webserver sshd[5336]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:34:06 webserver sshd[5338]: Invalid user support from 62.93.6.226
Jul  1 16:34:06 webserver sshd[5338]: input_userauth_request: invalid user support [preauth]
Jul  1 16:34:06 webserver sshd[5338]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:34:06 webserver sshd[5338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:34:06 webserver sshd[5338]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:34:06 webserver sshd[5338]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:34:08 webserver sshd[5338]: Failed password for invalid user support from 62.93.6.226 port 59741 ssh2
Jul  1 16:34:08 webserver sshd[5338]: Received disconnect from 62.93.6.226: 11: Bye Bye [preauth]
Jul  1 16:34:10 webserver sshd[5340]: Invalid user support from 62.93.6.226
Jul  1 16:34:10 webserver sshd[5340]: input_userauth_request: invalid user support [preauth]
Jul  1 16:34:10 webserver sshd[5340]: pam_unix(sshd:auth): check pass; user unknown
Jul  1 16:34:10 webserver sshd[5340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=leon.servertools24.de 
Jul  1 16:34:10 webserver sshd[5340]: pam_winbind(sshd:auth): getting password (0x00000388)
Jul  1 16:34:10 webserver sshd[5340]: pam_winbind(sshd:auth): pam_get_item returned a password
Jul  1 16:34:12 webserver sshd[5340]: Failed password for invalid user support from 62.93.6.226 port 33112 ssh2
1
user173118

試みることは意図を意味します。明らかに何かが試みられましたが、それは誰かが大胆でおそらく間違っていました:62.93.6.226188.165.243.46で実行されているゾンビからのスクリプト化された試みはおそらくボットネットを介して接続します。

他のニュースでは、/etc/ssh/sshd_configでパスワード認証を無効にし、公開鍵の使用を学びます。

3
Evan Carroll