리눅스 해킹 시도 간단히 알아보기
- Operating System
- 2010. 2. 24.
리눅스 해킹 시도 간단히 알아보기
#cat /var/log/secure
이렇게 로그를 보면... 접속 이력을 알 수 있는데...
아래의 로그는 계속 해킹을 시도하는 모습입니다.
비밀번호를 계속 시도하는 것이죠..
저렇게 사전에 비밀번호 파일로 계속 시도하다가 맞는게 있으면 뚫리는 것이죠.
ssh 포트가 기본 22번인데..
이것을 변경하시면 보안에 도움이 많이 됩니다. 비밀번호도 어렵게 변경하시구요..
길면 길수록 안전하다는 말씀
Feb 24 10:22:08 rhel sshd[20522]: Failed password for root from 69.13.196.47 port 44655 ssh2
Feb 24 10:22:08 rhel sshd[20523]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:22:10 rhel sshd[20524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47-196-13-69.cust.propagation.net user=root
Feb 24 10:22:12 rhel sshd[20524]: Failed password for root from 69.13.196.47 port 45360 ssh2
Feb 24 10:22:12 rhel sshd[20525]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:22:14 rhel sshd[20526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47-196-13-69.cust.propagation.net user=root
Feb 24 10:22:15 rhel sshd[20526]: Failed password for root from 69.13.196.47 port 47348 ssh2
Feb 24 10:22:15 rhel sshd[20527]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:22:17 rhel sshd[20528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47-196-13-69.cust.propagation.net user=root
Feb 24 10:22:19 rhel sshd[20528]: Failed password for root from 69.13.196.47 port 47974 ssh2
Feb 24 10:22:19 rhel sshd[20529]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:22:21 rhel sshd[20530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47-196-13-69.cust.propagation.net user=root
Feb 24 10:22:23 rhel sshd[20530]: Failed password for root from 69.13.196.47 port 48980 ssh2
Feb 24 10:22:23 rhel sshd[20531]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:22:24 rhel sshd[20532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47-196-13-69.cust.propagation.net user=root
Feb 24 10:22:26 rhel sshd[20532]: Failed password for root from 69.13.196.47 port 49878 ssh2
Feb 24 10:22:26 rhel sshd[20533]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:22:28 rhel sshd[20534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47-196-13-69.cust.propagation.net user=root
Feb 24 10:22:30 rhel sshd[20534]: Failed password for root from 69.13.196.47 port 51129 ssh2
Feb 24 10:22:30 rhel sshd[20535]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:22:32 rhel sshd[20536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47-196-13-69.cust.propagation.net user=root
Feb 24 10:22:34 rhel sshd[20536]: Failed password for root from 69.13.196.47 port 52480 ssh2
Feb 24 10:22:34 rhel sshd[20537]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:22:35 rhel sshd[20538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47-196-13-69.cust.propagation.net user=root
Feb 24 10:22:38 rhel sshd[20538]: Failed password for root from 69.13.196.47 port 53876 ssh2
Feb 24 10:22:38 rhel sshd[20539]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:22:39 rhel sshd[20540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47-196-13-69.cust.propagation.net user=root
Feb 24 10:22:41 rhel sshd[20540]: Failed password for root from 69.13.196.47 port 55815 ssh2
Feb 24 10:22:42 rhel sshd[20541]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:22:43 rhel sshd[20543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47-196-13-69.cust.propagation.net user=root
Feb 24 10:22:45 rhel sshd[20543]: Failed password for root from 69.13.196.47 port 57145 ssh2
Feb 24 10:22:45 rhel sshd[20544]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:22:47 rhel sshd[20545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47-196-13-69.cust.propagation.net user=root
Feb 24 10:22:49 rhel sshd[20545]: Failed password for root from 69.13.196.47 port 57845 ssh2
Feb 24 10:22:49 rhel sshd[20546]: Received disconnect from 69.13.196.47: 11: Bye Bye
Feb 24 10:29:05 rhel sshd[20600]: Accepted password for root from 211.104.100.203 port 4358 ssh2
Feb 24 10:29:05 rhel sshd[20600]: pam_unix(sshd:session): session opened for user root by (uid=0)