Denuncie   Favoritos   Indicar  

configurar o debian para bloquear ip quando errar a senha ou falhar o login

1. configurar o debian para bloquear ip quando errar a senha ou falhar o login

fernando oliveira lima
fernandooliveira
(usa Outra)

Enviado em 18/12/2011 - 21:56h

boa noite, hj sofri de uns ataques de um tipo que ficava chutando logins e senha para en questao de segundos e acabou travando minha maquina. peço que me ajudem a configurara meu servidor para quando um ip ficar chutando users e senhas ele bloquei o ip permanente. vou postar os logs da minha idrac para que possa ajudar de alguma forma e vcs verem como o cara tava atacando.

Dec 19 17:16:20 os[18520] login failed from root: '200.123.169.165'
Dec 19 16:22:16 os[17127] login failed from root: '200.123.169.165'
Dec 19 15:44:01 os[16146] login failed from oracle: '186.46.41.190'
Dec 19 15:43:57 os[16143] login failed from root: '186.46.41.190'
Dec 19 15:43:52 os[16138] login failed from root: '186.46.41.190'
Dec 19 15:43:47 os[16130] login failed from user0: '186.46.41.190'
Dec 19 15:43:43 os[16123] login failed from joyko: '186.46.41.190'
Dec 19 15:43:39 os[16120] login failed from root: '186.46.41.190'
Dec 19 15:43:34 os[16115] login failed from root: '186.46.41.190'
Dec 19 15:43:26 os[16112] login failed from root: '186.46.41.190'
Dec 19 15:43:22 os[16107] login failed from root: '186.46.41.190'
Dec 19 15:43:17 os[16099] login failed from taz: '186.46.41.190'
Dec 19 15:43:12 os[16092] login failed from tory: '186.46.41.190'
Dec 19 15:43:08 os[16089] login failed from root: '186.46.41.190'
Dec 19 15:43:04 os[16085] login failed from root: '186.46.41.190'
Dec 19 15:43:00 os[16081] login failed from sbin: '186.46.41.190'
Dec 19 15:42:55 os[16078] login failed from root: '186.46.41.190'
Dec 19 15:42:51 os[16073] login failed from root: '186.46.41.190'
Dec 19 15:42:46 os[16065] login failed from hxht: '186.46.41.190'
Dec 19 15:42:42 os[16058] login failed from sdnmuser: '186.46.41.190'
Dec 19 15:42:37 os[16055] login failed from root: '186.46.41.190'
Dec 19 15:42:33 os[16050] login failed from root: '186.46.41.190'
Dec 19 15:42:29 os[16047] login failed from root: '186.46.41.190'
Dec 19 15:42:24 os[16044] login failed from root: '186.46.41.190'
Dec 19 15:42:20 os[16039] login failed from root: '186.46.41.190'
Dec 19 15:42:14 os[16029] login failed from root: '186.46.41.190'
Dec 19 15:42:10 os[16024] login failed from root: '186.46.41.190'
Dec 19 15:42:06 os[16021] login failed from root: '186.46.41.190'
Dec 19 15:42:01 os[16016] login failed from root: '186.46.41.190'
Dec 19 15:41:57 os[16013] login failed from bin: '186.46.41.190'
Dec 19 15:41:52 os[16008] login failed from bin: '186.46.41.190'
Dec 19 15:41:48 os[16004] login failed from beach: '186.46.41.190'
Dec 19 15:41:43 os[15995] login failed from pjackson: '186.46.41.190'
Dec 19 15:41:39 os[15990] login failed from root: '186.46.41.190'
Dec 19 15:41:35 os[15987] login failed from root: '186.46.41.190'
Dec 19 15:41:30 os[15982] login failed from toor: '186.46.41.190'
Dec 19 15:41:26 os[15979] login failed from appdev: '186.46.41.190'
Dec 19 15:41:21 os[15974] login failed from root: '186.46.41.190'
Dec 19 15:41:17 os[15966] login failed from vijay: '186.46.41.190'
Dec 19 15:41:09 os[15959] login failed from monitor: '186.46.41.190'
Dec 19 15:41:05 os[15956] login failed from siva: '186.46.41.190'
Dec 19 15:41:00 os[15951] login failed from oracle: '186.46.41.190'
Dec 19 15:40:56 os[15948] login failed from root: '186.46.41.190'
Dec 19 15:40:52 os[15943] login failed from ftpuser: '186.46.41.190'
Dec 19 15:40:47 os[15940] login failed from arvind: '186.46.41.190'
Dec 19 15:40:42 os[15928] login failed from tushar: '186.46.41.190'
Dec 19 15:40:38 os[15925] login failed from luo: '186.46.41.190'
Dec 19 15:40:34 os[15922] login failed from poorva: '186.46.41.190'
Dec 19 15:40:29 os[15917] login failed from nasarul: '186.46.41.190'
Dec 19 15:40:25 os[15914] login failed from jiji: '186.46.41.190'
Dec 19 15:40:20 os[15909] login failed from sauluck: '186.46.41.190'
Dec 19 15:40:16 os[15906] login failed from rajdeep: '186.46.41.190'
Dec 19 15:40:11 os[15894] login failed from rajdeep: '186.46.41.190'
Dec 19 15:40:07 os[15891] login failed from panjabuniv: '186.46.41.190'
Dec 19 15:40:02 os[15888] login failed from nagare_uom: '186.46.41.190'
Dec 19 15:39:58 os[15883] login failed from kavitajoshi: '186.46.41.190'
Dec 19 15:39:53 os[15880] login failed from manish: '186.46.41.190'
Dec 19 15:39:48 os[15875] login failed from sanjaybhu: '186.46.41.190'
Dec 19 15:39:43 os[15865] login failed from dqss: '186.46.41.190'
Dec 19 15:39:39 os[15860] login failed from dqss: '186.46.41.190'
Dec 19 15:39:34 os[15857] login failed from eis-installer: '186.46.41.190'
Dec 19 15:39:30 os[15852] login failed from sumit: '186.46.41.190'
Dec 19 15:39:26 os[15849] login failed from ashutosh: '186.46.41.190'
Dec 19 15:39:21 os[15844] login failed from ashutosh: '186.46.41.190'
Dec 19 15:39:17 os[15841] login failed from ashutosh: '186.46.41.190'
Dec 19 15:39:12 os[15831] login failed from ashutosh: '186.46.41.190'
Dec 19 15:39:07 os[15826] login failed from tashi_iitr: '186.46.41.190'
Dec 19 15:39:03 os[15823] login failed from atomiitr: '186.46.41.190'
Dec 19 15:38:59 os[15818] login failed from ashutosh: '186.46.41.190'
Dec 19 15:38:54 os[15815] login failed from root: '186.46.41.190'
Dec 19 15:38:50 os[15810] login failed from bhushan: '186.46.41.190'
Dec 19 15:38:46 os[15807] login failed from atomiitr: '186.46.41.190'
Dec 19 15:38:40 os[15795] login failed from locuz: '186.46.41.190'
Dec 19 15:38:36 os[15792] login failed from msnayeem_iitd: '186.46.41.190'
Dec 19 15:38:31 os[15789] login failed from msnayeem_iitd: '186.46.41.190'
Dec 19 15:38:27 os[15784] login failed from psoft: '186.46.41.190'
Dec 19 15:38:22 os[15781] login failed from root: '186.46.41.190'
Dec 19 15:38:18 os[15776] login failed from test65: '186.46.41.190'
Dec 19 15:38:13 os[15773] login failed from zhouk: '186.46.41.190'
Dec 19 15:38:08 os[15761] login failed from weihaitao: '186.46.41.190'
Dec 19 15:38:04 os[15758] login failed from root: '186.46.41.190'
Dec 19 15:37:59 os[15753] login failed from hadoop: '186.46.41.190'
Dec 19 15:37:55 os[15750] login failed from webftp: '186.46.41.190'
Dec 19 15:37:50 os[15745] login failed from hqftp: '186.46.41.190'
Dec 19 15:37:46 os[15742] login failed from Bobo: '186.46.41.190'
Dec 19 15:37:42 os[15737] login failed from test: '186.46.41.190'
Dec 19 15:37:37 os[15727] login failed from kristal: '186.46.41.190'
Dec 19 15:37:32 os[15724] login failed from app: '186.46.41.190'
Dec 19 15:37:28 os[15719] login failed from app: '186.46.41.190'
Dec 19 15:37:24 os[15716] login failed from qa: '186.46.41.190'
Dec 19 15:37:19 os[15711] login failed from root: '186.46.41.190'
Dec 19 15:37:15 os[15708] login failed from root: '186.46.41.190'
Dec 19 15:37:10 os[15703] login failed from root: '186.46.41.190'
Dec 19 15:37:06 os[15693] login failed from root: '186.46.41.190'
Dec 19 15:37:01 os[15690] login failed from root: '186.46.41.190'
Dec 19 15:36:57 os[15685] login failed from root: '186.46.41.190'
Dec 19 15:36:52 os[15682] login failed from root: '186.46.41.190'
Dec 19 15:36:48 os[15677] login failed from root: '186.46.41.190'
Dec 19 15:36:44 os[15674] login failed from root: '186.46.41.190'
Dec 19 15:36:39 os[15667] login failed from root: '186.46.41.190'
Dec 19 15:36:34 os[15659] login failed from root: '186.46.41.190'
Dec 19 15:36:30 os[15654] login failed from root: '186.46.41.190'
Dec 19 15:36:25 os[15651] login failed from root: '186.46.41.190'
Dec 19 15:28:31 os[15447] login failed from root: '200.123.169.165'
Dec 19 14:34:03 os[14045] login failed from root: '200.123.169.165'
Dec 19 13:57:37 os[13107] login failed from oracle: '186.46.41.190'
Dec 19 13:57:33 os[13102] login failed from root: '186.46.41.190'
Dec 19 13:57:29 os[13099] login failed from root: '186.46.41.190'
Dec 19 13:57:24 os[13094] login failed from user0: '186.46.41.190'
Dec 19 13:57:20 os[13091] login failed from joyko: '186.46.41.190'
Dec 19 13:57:16 os[13086] login failed from root: '186.46.41.190'
Dec 19 13:57:11 os[13081] login failed from root: '186.46.41.190'
Dec 19 13:57:06 os[13073] login failed from root: '186.46.41.190'
Dec 19 13:57:02 os[13068] login failed from root: '186.46.41.190'
Dec 19 13:56:57 os[13065] login failed from taz: '186.46.41.190'
Dec 19 13:56:53 os[13060] login failed from tory: '186.46.41.190'
Dec 19 13:56:49 os[13057] login failed from root: '186.46.41.190'
Dec 19 13:56:44 os[13052] login failed from root: '186.46.41.190'
Dec 19 13:56:40 os[13047] login failed from sbin: '186.46.41.190'
Dec 19 13:56:35 os[13039] login failed from root: '186.46.41.190'
Dec 19 13:56:31 os[13034] login failed from root: '186.46.41.190'
Dec 19 13:56:27 os[13031] login failed from hxht: '186.46.41.190'
Dec 19 13:56:22 os[13026] login failed from sdnmuser: '186.46.41.190'
Dec 19 13:56:18 os[13021] login failed from root: '186.46.41.190'
Dec 19 13:56:14 os[13016] login failed from root: '186.46.41.190'
Dec 19 13:56:09 os[13013] login failed from root: '186.46.41.190'
Dec 19 13:56:05 os[13005] login failed from root: '186.46.41.190'
Dec 19 13:56:00 os[13000] login failed from root: '186.46.41.190'
Dec 19 13:55:56 os[12997] login failed from root: '186.46.41.190'
Dec 19 13:55:52 os[12992] login failed from root: '186.46.41.190'
Dec 19 13:55:47 os[12987] login failed from root: '186.46.41.190'
Dec 19 13:55:43 os[12982] login failed from root: '186.46.41.190'
Dec 19 13:55:39 os[12979] login failed from bin: '186.46.41.190'
Dec 19 13:55:34 os[12971] login failed from bin: '186.46.41.190'
Dec 19 13:55:29 os[12966] login failed from beach: '186.46.41.190'
Dec 19 13:55:25 os[12963] login failed from pjackson: '186.46.41.190'
Dec 19 13:55:21 os[12958] login failed from root: '186.46.41.190'
Dec 19 13:55:16 os[12953] login failed from root: '186.46.41.190'
Dec 19 13:55:12 os[12948] login failed from toor: '186.46.41.190'
Dec 19 13:55:08 os[12945] login failed from appdev: '186.46.41.190'
Dec 19 13:55:03 os[12935] login failed from root: '186.46.41.190'
Dec 19 13:54:58 os[12932] login failed from vijay: '186.46.41.190'
Dec 19 13:54:54 os[12929] login failed from monitor: '186.46.41.190'
Dec 19 13:54:50 os[12924] login failed from siva: '186.46.41.190'
Dec 19 13:54:45 os[12919] login failed from oracle: '186.46.41.190'
Dec 19 13:54:41 os[12914] login failed from root: '186.46.41.190'
Dec 19 13:54:36 os[12911] login failed from ftpuser: '186.46.41.190'
Dec 19 13:54:31 os[12901] login failed from arvind: '186.46.41.190'
Dec 19 13:54:27 os[12898] login failed from tushar: '186.46.41.190'
Dec 19 13:54:22 os[12893] login failed from luo: '186.46.41.190'
Dec 19 13:54:18 os[12890] login failed from poorva: '186.46.41.190'
Dec 19 13:54:14 os[12885] login failed from nasarul: '186.46.41.190'
Dec 19 13:54:09 os[12880] login failed from jiji: '186.46.41.190'
Dec 19 13:54:05 os[12877] login failed from sauluck: '186.46.41.190'
Dec 19 13:54:00 os[12867] login failed from rajdeep: '186.46.41.190'
Dec 19 13:53:55 os[12864] login failed from rajdeep: '186.46.41.190'
Dec 19 13:53:51 os[12859] login failed from panjabuniv: '186.46.41.190'
Dec 19 13:53:46 os[12854] login failed from nagare_uom: '186.46.41.190'
Dec 19 13:53:42 os[12849] login failed from kavitajoshi: '186.46.41.190'
Dec 19 13:53:38 os[12846] login failed from manish: '186.46.41.190'
Dec 19 13:53:33 os[12838] login failed from sanjaybhu: '186.46.41.190'
Dec 19 13:53:29 os[12833] login failed from dqss: '186.46.41.190'
Dec 19 13:53:24 os[12830] login failed from dqss: '186.46.41.190'
Dec 19 13:53:20 os[12825] login failed from eis-installer: '186.46.41.190'
Dec 19 13:53:15 os[12820] login failed from sumit: '186.46.41.190'
Dec 19 13:53:11 os[12815] login failed from ashutosh: '186.46.41.190'
Dec 19 13:53:06 os[12812] login failed from ashutosh: '186.46.41.190'
Dec 19 13:53:01 os[12802] login failed from ashutosh: '186.46.41.190'
Dec 19 13:52:57 os[12799] login failed from ashutosh: '186.46.41.190'
Dec 19 13:52:52 os[12794] login failed from tashi_iitr: '186.46.41.190'
Dec 19 13:52:47 os[12791] login failed from atomiitr: '186.46.41.190'
Dec 19 13:52:43 os[12786] login failed from ashutosh: '186.46.41.190'
Dec 19 13:52:39 os[12781] login failed from root: '186.46.41.190'
Dec 19 13:52:34 os[12778] login failed from bhushan: '186.46.41.190'
Dec 19 13:52:29 os[12768] login failed from atomiitr: '186.46.41.190'
Dec 19 13:52:25 os[12765] login failed from locuz: '186.46.41.190'
Dec 19 13:52:20 os[12760] login failed from msnayeem_iitd: '186.46.41.190'
Dec 19 13:52:16 os[12755] login failed from msnayeem_iitd: '186.46.41.190'
Dec 19 13:52:12 os[12752] login failed from psoft: '186.46.41.190'
Dec 19 13:52:07 os[12747] login failed from root: '186.46.41.190'
Dec 19 13:52:03 os[12744] login failed from test65: '186.46.41.190'
Dec 19 13:51:58 os[12734] login failed from zhouk: '186.46.41.190'
Dec 19 13:51:53 os[12731] login failed from weihaitao: '186.46.41.190'
Dec 19 13:51:49 os[12726] login failed from root: '186.46.41.190'
Dec 19 13:51:44 os[12721] login failed from hadoop: '186.46.41.190'
Dec 19 13:51:40 os[12716] login failed from webftp: '186.46.41.190'
Dec 19 13:51:36 os[12713] login failed from hqftp: '186.46.41.190'
Dec 19 13:51:31 os[12710] login failed from Bobo: '186.46.41.190'
Dec 19 13:51:26 os[12700] login failed from test: '186.46.41.190'
Dec 19 13:51:22 os[12697] login failed from kristal: '186.46.41.190'
Dec 19 13:51:17 os[12692] login failed from app: '186.46.41.190'
Dec 19 13:51:13 os[12687] login failed from app: '186.46.41.190'
Dec 19 13:51:09 os[12682] login failed from qa: '186.46.41.190'
Dec 19 13:51:04 os[12679] login failed from root: '186.46.41.190'
Dec 19 13:51:00 os[12674] login failed from root: '186.46.41.190'
Dec 19 13:50:55 os[12666] login failed from root: '186.46.41.190'
Dec 19 13:50:50 os[12661] login failed from root: '186.46.41.190'
Dec 19 13:50:46 os[12656] login failed from root: '186.46.41.190'
Dec 19 13:50:42 os[12653] login failed from root: '186.46.41.190'
Dec 19 13:50:37 os[12648] login failed from root: '186.46.41.190'
Dec 19 13:50:33 os[12645] login failed from root: '186.46.41.190'
Dec 19 13:50:29 os[12640] login failed from root: '186.46.41.190'
Dec 19 13:50:24 os[12632] login failed from root: '186.46.41.190'
Dec 19 13:50:19 os[12627] login failed from root: '186.46.41.190'
Dec 19 13:50:15 os[12622] login failed from root: '186.46.41.190'
Dec 19 13:50:10 os[12619] login failed from root: '186.46.41.190'
Dec 19 13:40:46 os[12378] login failed from root: '200.123.169.165'
Dec 19 12:48:00 os[11018] login failed from root: '200.123.169.165'
Dec 19 12:22:05 os[10350] login failed from root: '200.123.169.165'
Dec 19 11:14:22 os[8611] login failed from root: '200.123.169.165'
Dec 19 10:21:47 os[7262] login failed from root: '200.123.169.165'
Dec 19 09:28:55 os[5904] login failed from root: '200.123.169.165'
Dec 19 08:35:50 os[4537] login failed from root: '200.123.169.165'
Dec 19 07:42:26 os[3166] login failed from admin: '200.123.169.165'
Dec 19 07:08:27 os[2285] login failed from test: '183.60.161.140'
Dec 19 07:08:21 os[2282] login failed from oracle: '183.60.161.140'
Dec 19 07:08:16 os[2277] login failed from root: '183.60.161.140'
Dec 19 07:08:11 os[2274] login failed from root: '183.60.161.140'
Dec 19 07:08:06 os[2267] login failed from root: '183.60.161.140'
Dec 19 07:08:01 os[2259] login failed from root: '183.60.161.140'
Dec 19 07:07:56 os[2254] login failed from root: '183.60.161.140'
Dec 19 07:07:50 os[2251] login failed from root: '183.60.161.140'
Dec 19 07:07:45 os[2246] login failed from root: '183.60.161.140'
Dec 19 07:07:40 os[2243] login failed from root: '183.60.161.140'
Dec 19 07:07:35 os[2236] login failed from root: '183.60.161.140'
Dec 19 07:07:30 os[2228] login failed from root: '183.60.161.140'
Dec 19 07:07:25 os[2223] login failed from root: '183.60.161.140'
Dec 19 07:07:20 os[2220] login failed from root: '183.60.161.140'
Dec 19 07:07:15 os[2215] login failed from root: '183.60.161.140'
Dec 19 06:48:42 os[1738] login failed from admin: '200.123.169.165'
Dec 19 05:55:03 os[32707] login failed from admin: '200.123.169.165'
Dec 19 05:01:52 os[31345] login failed from admin: '200.123.169.165'
Dec 19 04:08:51 os[29978] login failed from root: '200.123.169.165'
Dec 19 03:16:44 os[28644] login failed from root: '200.123.169.165'
Dec 19 02:24:28 os[27299] login failed from root: '200.123.169.165'
Dec 18 22:28:10 os[21239] login failed from root: '180.210.34.50'
Dec 18 22:28:04 os[21231] login failed from root: '180.210.34.50'
Dec 18 22:27:59 os[21224] login failed from root: '180.210.34.50'
Dec 18 22:27:54 os[21221] login failed from root: '180.210.34.50'
Dec 18 22:27:49 os[21216] login failed from root: '180.210.34.50'
Dec 18 22:27:44 os[21213] login failed from root: '180.210.34.50'
Dec 18 22:27:39 os[21208] login failed from root: '180.210.34.50'
Dec 18 22:27:33 os[21200] login failed from root: '180.210.34.50'
Dec 18 22:27:28 os[21193] login failed from root: '180.210.34.50'
Dec 18 22:27:24 os[21190] login failed from root: '180.210.34.50'
Dec 18 22:27:19 os[21185] login failed from minecraft: '180.210.34.50'
Dec 18 22:27:14 os[21182] login failed from root: '180.210.34.50'
Dec 18 22:27:09 os[21177] login failed from root: '180.210.34.50'
Dec 18 22:27:03 os[21169] login failed from root: '180.210.34.50'
Dec 18 22:26:58 os[21162] login failed from root: '180.210.34.50'
Dec 18 22:26:53 os[21159] login failed from root: '180.210.34.50'
Dec 18 22:26:48 os[21154] login failed from root: '180.210.34.50'
Dec 18 22:26:43 os[21151] login failed from root: '180.210.34.50'
Dec 18 22:26:38 os[21146] login failed from root: '180.210.34.50'
Dec 18 22:26:32 os[21138] login failed from root: '180.210.34.50'
Dec 18 22:26:27 os[21131] login failed from backup: '180.210.34.50'
Dec 18 22:26:22 os[21128] login failed from root: '180.210.34.50'
Dec 18 22:26:17 os[21123] login failed from root: '180.210.34.50'
Dec 18 22:26:12 os[21120] login failed from root: '180.210.34.50'
Dec 18 22:26:07 os[21115] login failed from root: '180.210.34.50'
Dec 18 22:26:02 os[21107] login failed from root: '180.210.34.50'
Dec 18 22:25:57 os[21100] login failed from root: '180.210.34.50'
Dec 18 22:25:52 os[21097] login failed from cron: '180.210.34.50'
Dec 18 22:25:47 os[21092] login failed from root: '180.210.34.50'
Dec 18 22:25:42 os[21089] login failed from root: '180.210.34.50'
Dec 18 22:25:37 os[21084] login failed from root: '180.210.34.50'
Dec 18 22:25:32 os[21080] login failed from root: '180.210.34.50'

me ajudem por favor.

0 0
  • Quote

    •   


    2. Re: configurar o debian para bloquear ip quando errar a senha ou falhar o login

    Edimar
    dimasdaros
    (usa Arch Linux)

    Enviado em 18/12/2011 - 22:29h

    Opa, tudo certo?

    Nas minhas lidas pelos artigos aqui do VoL e pela internet alheia, fiquei conhecendo um software muito bom que auxilia nessas questões, o Fail2Ban, tenho instalado ele no meu servidor, não somente para ssh, como também para FTP e vários outros serviços. Você configura quantas tentativas inválidas serão aceitas, após passar deste limite ele cria uma regra no iptables bloqueando acesso daquele IP pelo tempo definido por você. Show de bola o aplicativo.

    Aqui mesmo no VoL existem alguns artigos sobre configuração dele. Fiz uma busca e achei esses dois aqui, com eles consegue colocar rodar facilmente, é tranquilo.

    http://www.vivaolinux.com.br/artigo/Bloqueio-de-repetidas-tentativas-de-login-ao-seu-Linux?pagina=1
    http://www.vivaolinux.com.br/artigo/Protecao-utilizando-fail2ban-contra-ataques-do-tipo

    Qualquer dúvida ou alguma outra coisa só falar aew xD
    abraço
    t+

    0 0
  • Quote

    • 3. Re: configurar o debian para bloquear ip quando errar a senha ou falhar o login

    fernando oliveira lima
    fernandooliveira
    (usa Outra)

    Enviado em 18/12/2011 - 23:31h

    amigo instalei, configurei e dei restart com o comando sudo /etc/init.d/fail2ban restart

    e mesmo assim nao deu certo pois eu mesmo errei varias vezes a senha do root para testar e nao bloqueou meu ip =/

    sera que é pq mudei a porta do aceço ssh como tentativa de melhorar a segurança ?

    nos logs ele diz que baniu mais eu continuo com aceço

    2011-12-18 23:32:35,791 fail2ban.actions: WARNING [ssh] Ban 187.41.118.92
    2011-12-18 23:32:45,806 fail2ban.actions: WARNING [ssh] 187.41.118.92 already banned

    help-me plis

    obrigado

    0 0
  • Quote

    • 4. Re: configurar o debian para bloquear ip quando errar a senha ou falhar o login

    Reginaldo de Matias
    saitam
    (usa Slackware)

    Enviado em 19/12/2011 - 10:05h

    para acesso ssh, recomendo utilizar a técnica Port knocking, vc estabelece as portas em cada etapa para liberar acesso ssh, como se fosse um labirinto.
    Assim, somente terá acesso ssh se enviar um pacote para portas estabelecidas na mesma ordem e dentro do tempo, fazendo corretamente será aberto porta do ssh para o acesso.

    Da uma conferida na configuração Port-knocking ssh com iptables

    http://www.vivaolinux.com.br/dica/Port-knocking-para-SSH-rapido-e-facil-com-iptables

    0 0
  • Quote

    • 5. Re: configurar o debian para bloquear ip quando errar a senha ou falhar o login

    Edimar
    dimasdaros
    (usa Arch Linux)

    Enviado em 19/12/2011 - 11:48h

    a ideia do saitam eh super valida =)

    0 0
  • Quote

    • 6. Re: configurar o debian para bloquear ip quando errar a senha ou falhar o login

    fernando oliveira lima
    fernandooliveira
    (usa Outra)

    Enviado em 19/12/2011 - 14:24h

    e como vou fazer para entrar? nao entendi muito esta solução.. ela nao bani o ip ,? pois meu problema é que fica de 3 em 3 segundos tentando um aceço hj sofri novamnete com o mesmo problema.. fica tentando e tenta tanto que trava o sistema operacionao ficando assim tudo fora do ar...

    Dec 19 07:55:05 os[9865] login failed from passwd: '190.248.133.126'
    Dec 19 07:54:58 os[9860] login failed from bin: '190.248.133.126'
    Dec 19 07:54:52 os[9855] login failed from src: '190.248.133.126'
    Dec 19 07:54:44 os[9845] login failed from ts: '190.248.133.126'
    Dec 19 07:54:37 os[9842] login failed from ts3: '190.248.133.126'
    Dec 19 07:54:30 os[9837] login failed from ts3: '190.248.133.126'
    Dec 19 07:54:24 os[9830] login failed from ts2: '190.248.133.126'
    Dec 19 07:54:17 os[9827] login failed from svn: '190.248.133.126'
    Dec 19 07:54:10 os[9817] login failed from ubuntu: '190.248.133.126'
    Dec 19 07:54:04 os[9812] login failed from zenoss: '190.248.133.126'
    Dec 19 07:53:57 os[9807] login failed from ftp1: '190.248.133.126'
    Dec 19 07:53:50 os[9802] login failed from ftp1: '190.248.133.126'
    Dec 19 07:53:42 os[9792] login failed from ftp1: '190.248.133.126'
    Dec 19 07:53:36 os[9789] login failed from ftp1: '190.248.133.126'
    Dec 19 07:53:29 os[9784] login failed from ftp1: '190.248.133.126'
    Dec 19 07:53:23 os[9777] login failed from postgres: '190.248.133.126'
    Dec 19 07:53:16 os[9774] login failed from postgres: '190.248.133.126'
    Dec 19 07:53:08 os[9764] login failed from postgres: '190.248.133.126'
    Dec 19 07:53:01 os[9759] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:52:55 os[9754] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:52:48 os[9749] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:52:41 os[9739] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:52:34 os[9736] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:52:27 os[9731] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:52:21 os[9724] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:52:14 os[9721] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:52:07 os[9711] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:52:00 os[9706] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:51:53 os[9701] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:51:47 os[9696] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:51:39 os[9686] login failed from teamspeak: '190.248.133.126'
    Dec 19 07:51:33 os[9683] login failed from root: '190.248.133.126'
    Dec 19 07:51:26 os[9676] login failed from root: '190.248.133.126'
    Dec 19 07:51:19 os[9671] login failed from root: '190.248.133.126'
    Dec 19 07:51:13 os[9668] login failed from root: '190.248.133.126'
    Dec 19 07:51:05 os[9658] login failed from root: '190.248.133.126'
    Dec 19 07:50:58 os[9653] login failed from root: '190.248.133.126'
    Dec 19 07:50:52 os[9648] login failed from root: '190.248.133.126'
    Dec 19 07:50:45 os[9643] login failed from root: '190.248.133.126'
    Dec 19 07:50:38 os[9638] login failed from root: '190.248.133.126'
    Dec 19 07:50:31 os[9630] login failed from root: '190.248.133.126'
    Dec 19 07:50:24 os[9623] login failed from root: '190.248.133.126'
    Dec 19 07:50:18 os[9618] login failed from root: '190.248.133.126'
    Dec 19 07:50:11 os[9615] login failed from root: '190.248.133.126'
    Dec 19 07:50:03 os[9605] login failed from root: '190.248.133.126'
    Dec 19 07:49:57 os[9600] login failed from root: '190.248.133.126'
    Dec 19 07:49:50 os[9595] login failed from root: '190.248.133.126'
    Dec 19 07:49:44 os[9590] login failed from root: '190.248.133.126'
    Dec 19 07:49:37 os[9585] login failed from root: '190.248.133.126'
    Dec 19 07:49:30 os[9577] login failed from root: '190.248.133.126'
    Dec 19 07:49:23 os[9570] login failed from root: '190.248.133.126'
    Dec 19 07:49:16 os[9565] login failed from root: '190.248.133.126'
    Dec 19 07:49:10 os[9562] login failed from root: '190.248.133.126'
    Dec 19 07:49:02 os[9552] login failed from root: '190.248.133.126'
    Dec 19 07:48:56 os[9547] login failed from root: '190.248.133.126'
    Dec 19 07:48:49 os[9542] login failed from root: '190.248.133.126'
    Dec 19 07:48:42 os[9537] login failed from root: '190.248.133.126'
    Dec 19 07:48:36 os[9532] login failed from root: '190.248.133.126'
    Dec 19 07:48:28 os[9524] login failed from root: '190.248.133.126'
    Dec 19 07:48:22 os[9517] login failed from root: '190.248.133.126'
    Dec 19 07:48:15 os[9512] login failed from root: '190.248.133.126'
    Dec 19 07:48:08 os[9509] login failed from root: '190.248.133.126'
    Dec 19 07:48:01 os[9499] login failed from root: '190.248.133.126'
    Dec 19 07:47:54 os[9492] login failed from root: '190.248.133.126'
    Dec 19 07:47:48 os[9489] login failed from root: '190.248.133.126'
    Dec 19 07:47:41 os[9484] login failed from root: '190.248.133.126'
    Dec 19 07:47:34 os[9479] login failed from root: '190.248.133.126'
    Dec 19 07:47:27 os[9469] login failed from root: '190.248.133.126'
    Dec 19 07:47:20 os[9464] login failed from root: '190.248.133.126'
    Dec 19 07:47:10 os[9459] login failed from root: '190.248.133.126'
    Dec 19 07:47:04 os[9454] login failed from root: '190.248.133.126'
    Dec 19 07:46:56 os[9444] login failed from root: '190.248.133.126'
    Dec 19 07:46:49 os[9439] login failed from root: '190.248.133.126'
    Dec 19 07:46:43 os[9434] login failed from root: '190.248.133.126'
    Dec 19 07:46:36 os[9429] login failed from root: '190.248.133.126'
    Dec 19 07:46:26 os[9420] login failed from root: '190.248.133.126'
    Dec 19 07:46:20 os[9414] login failed from root: '190.248.133.126'
    Dec 19 07:46:10 os[9409] login failed from root: '190.248.133.126'
    Dec 19 07:46:03 os[9404] login failed from root: '190.248.133.126'

    me ajudem por favor..

    0 0
  • Quote

    • 7. Re: configurar o debian para bloquear ip quando errar a senha ou falhar o login

    Reginaldo de Matias
    saitam
    (usa Slackware)

    Enviado em 19/12/2011 - 14:46h

    @fernandooliveira da uma lida no que comentei no post anterior e confere o link também.

    coloca a regra SSH em DROP, cria as regras com as portas que terá que fazer para liberar acesso SSH, coloque em cada etapa um tempo de 10-20s e se essa regra se errar 3x a sequência o ip fica bloqueado pelo tempo que estimou.

    Após fazer o procedimento do labirinto (port knocking) faz assim para conectar no SSH

    $telnet porta1 ^
    $telnet porta2 ^
    $telnet porta3 ^
    $telnet portaN ^
    seguiu a sequência correta
    $ssh user@DominioOUIPServidor -p portaSSH

    PS: fica logado no SSH por 1hr depois DROP no SSH novamente, tendo que repetir os passos do labirinto.


    0 0
  • Quote

    • 8. Re: configurar o debian para bloquear ip quando errar a senha ou falhar o login

    Renato Carneiro Pacheco
    renato_pacheco
    (usa Debian)

    Enviado em 19/12/2011 - 14:46h

    Olha, se não me engano, o próprio Linux tem recurso pra isso. Eu acho q tá no arquivo /etc/login.defs. Lá vc pode estabelecer diversas opções a respeito d login...

    0 0
  • Quote

    • 9. Re: configurar o debian para bloquear ip quando errar a senha ou falhar o login

    fernando oliveira lima
    fernandooliveira
    (usa Outra)

    Enviado em 19/12/2011 - 17:38h

    amigo sua solução é boa mais nao sei como estao conseguindo nao estao atacando por ssh.. nao consigo ver por onde estao atacando pois usei sua proteção e ainda ta aparecendo os logs.. =/ por onde seta os ataques?

    0 0
  • Quote

    • 10. Re: configurar o debian para bloquear ip quando errar a senha ou falhar o login

    Edimar
    dimasdaros
    (usa Arch Linux)

    Enviado em 22/12/2011 - 15:06h

    Tem uma ferramenta chamada 'iptraf', com ele você consegue verificar as conexões que saem do seu servidor, que chegam até ele e que passam por ele.

    Não sei se tem algum guia aqui na VoL explicando seu funcionamento, mas para verificar isto seria simples.

    Na parte de filtros dele, adicione um filtro que o IP de origem seja um dos IPs que estão atacando no momento com a máscada 255.255.255.255, assim todas as conexões desse IP serão apresentadas, inclusive a porta, assim você consegue identificar como estão lhe atacando, caso não tenha identificado ainda.

    Existem outros aplicativos para fazer isto, até mais simples, mas geralmente uso ele mesmo.

    Caso desejar posso postar um guia simples pela noite, mas é só ir na parte de filtros que é tranquilão.


    Qalquer coisa da um grito aew

    abraço


    0 0
  • Quote

    • 11. Use snort

    Ricardo Lino Olonca
    ricardoolonca
    (usa Debian)

    Enviado em 22/12/2011 - 15:28h

    Você está sendo alvo de uma ataque por força bruta. Você pode bloquear isso via Pam, ou vi Ssh, mas isso ainda não vai impedir que as requisições cheguem até o teu equipamento.

    Uma idéia é usar o Snort. Ele pode detectar ataques de força bruta e bloquear o ip atacante com uma regra de firewall via iptables. Aqui no Vol tem vários tutoriais sobre isso.

    Se você não conhece Snort mas é bom em script bash, você pode fazer um programinha que rode via Cron e bloqueie todos os ip que estiverem com mais de 20 entradas seguidas no arquivo /var/log/auth.log. Não é o ideal mas resolve o teu problema.

    0 0
  • Quote





    • Patrocínio

    Site hospedado pelo provedor RedeHost.
    Linux banner

    Destaques

    Artigos

    Instalar certificado digital Safesign, fornecido pela Certisign e utilizado pela OAB-SP, em qualquer distribuição Linux usando distrobox

    Manutenção de sistemas Linux Debian e derivados com apt-get, apt, aptitude e dpkg

    Criatividade para TI parte 1

    Melhorando o tempo de boot do Fedora e outras distribuições

    Como instalar as extensões Dash To Dock e Hide Top Bar no Gnome 45/46

    Dicas

    Como Atualizar Fedora 39 para 40

    Instalar Google Chrome no Debian e derivados

    Consertando o erro do Sushi e Wayland no Opensuse Leap 15

    Instalar a última versão do PostgreSQL no Lunix mantendo atualizado

    Flathub na sua distribuição Linux e comandos básicos de gerenciamento

    Tópicos

    pacotes 32 bit no void 64 bit (1)

    erro ao clonar repo github (7)

    ASRock H310CM-HG4 vs Linux (1)

    Como adicionar módulo de saúde da bateria dos notebooks Acer ao kernel... (26)

    Problema Envio email GLPI Versao 10.0.15 (1)

    Top 10 do mês

    Scripts

    [Shell Script] Script para desinstalar pacotes desnecessários no OpenSuse

    [Shell Script] Script para criar certificados de forma automatizada no OpenVpn

    [Shell Script] Conversor de vídeo com opção de legenda

    [C/C++] BRT - Bulk Renaming Tool

    [Shell Script] Criação de Usuarios , Grupo e instalação do servidor de arquivos samba

    A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.

    Site hospedado por: