我被警告我的服务器打破了转移限制.我认为我的Tor节点变得流行,所以我选择在本月禁用它(不是社区的最佳选择,但我需要关闭).然后我注意到服务器今晚转移了大约4GB.我用Awstats检查了Apache日志,没有相关流量(我没有在那里托管这么受欢迎的网站).我检查了邮件日志,没有人试图发送垃圾.我检查了消息日志,发现了大量的这些
Apr 29 10:17:53 marcus sshd[9281]: Did not receive identification string from 85.170.189.156 Apr 29 10:18:07 marcus sshd[9283]: Did not receive identification string from 86.208.123.132 Apr 29 10:18:24 marcus sshd[9298]: Did not receive identification string from 85.170.189.156 Apr 29 10:18:39 marcus sshd[9303]: Did not receive identification string from 86.208.123.132 Apr 29 10:18:56 marcus sshd[9306]: Did not receive identification string from 85.170.189.156 Apr 29 10:19:11 marcus sshd[9309]: Did not receive identification string from 86.208.123.132 Apr 29 10:19:18 marcus sshd[9312]: Did not receive identification string from 101.98.178.92 Apr 29 10:19:27 marcus sshd[9314]: Did not receive identification string from 85.170.189.156 Apr 29 10:19:41 marcus sshd[9317]: Did not receive identification string from 86.208.123.132 Apr 29 10:20:01 marcus sshd[9321]: Did not receive identification string from 85.170.189.156 Apr 29 10:20:13 marcus sshd[9324]: Did not receive identification string from 86.208.123.132 Apr 29 10:20:32 marcus sshd[9327]: Did not receive identification string from 85.170.189.156 Apr 29 10:20:48 marcus sshd[9331]: Did not receive identification string from 86.208.123.132 Apr 29 10:21:07 marcus sshd[9336]: Did not receive identification string from 85.170.189.156 Apr 29 10:21:20 marcus sshd[9338]: Did not receive identification string from 86.208.123.132 Apr 29 10:21:35 marcus sshd[9341]: Did not receive identification string from 85.170.189.156 Apr 29 10:21:51 marcus sshd[9344]: Did not receive identification string from 86.208.123.132 Apr 29 10:22:06 marcus sshd[9349]: Did not receive identification string from 85.170.189.156 Apr 29 10:22:23 marcus sshd[9353]: Did not receive identification string from 86.208.123.132 Apr 29 10:22:39 marcus sshd[9359]: Did not receive identification string from 85.170.189.156 Apr 29 10:22:54 marcus sshd[9361]: Did not receive identification string from 86.208.123.132 Apr 29 10:23:10 marcus sshd[9367]: Did not receive identification string from 85.170.189.156 Apr 29 10:23:29 marcus sshd[9369]: Did not receive identification string from 86.208.123.132 Apr 29 10:23:45 marcus sshd[9375]: Did not receive identification string from 85.170.189.156 Apr 29 10:24:10 marcus sshd[9387]: Did not receive identification string from 86.208.123.132 Apr 29 10:24:16 marcus sshd[9388]: Did not receive identification string from 85.170.189.156
每隔几秒钟,机器人就会试图破解我的SSH,这是不可能的,因为我需要进行pubkey身份验证.我的问题是:在这个频率下,这种流量能否在10小时的连续攻击中消耗4GB(比方说3.5)?
我已经改变了我的SSH端口并阻止了这些攻击,但我不确定我的网络消耗.我没有失控的服务运行 – 我的防火墙有点限制 – 或与滥用P2P或其他什么的人分享服务器.我担心的是每月低于400GB.
有小费吗?
解决方法
4 GB是可能的,但考虑到攻击率非常不可能.我建议安装OSSEC,它会检测中断尝试并在一定时间内自动阻止IP.