DEDIBOX-NEWS.COM

dlphim · 2008-06-03 10:09:07

Bonjour,

Tous les matins, mon serveur est down à peu près au même heure.

J'ai regardé dans les logs auth et je trouve ces lignes que je ne comprends pas comment bloquer ces attaques.

Je pense qu'il y en a un spam mon serveur vers 6h25!!

Code:

Jun  3 06:25:01 sd-14642 CRON[2571]: (pam_unix) session opened for user root by (uid=0)
Jun  3 06:25:07 sd-14642 su[2650]: Successful su for nobody by root
Jun  3 06:25:07 sd-14642 su[2650]: + ??? root:nobody
Jun  3 06:25:07 sd-14642 su[2650]: (pam_unix) session opened for user nobody by (uid=0)
Jun  3 06:25:07 sd-14642 su[2650]: (pam_unix) session closed for user nobody
Jun  3 06:25:07 sd-14642 su[2655]: Successful su for nobody by root
Jun  3 06:25:07 sd-14642 su[2655]: + ??? root:nobody
Jun  3 06:25:07 sd-14642 su[2655]: (pam_unix) session opened for user nobody by (uid=0)
Jun  3 06:25:07 sd-14642 su[2655]: (pam_unix) session closed for user nobody
Jun  3 06:25:07 sd-14642 su[2659]: Successful su for nobody by root
Jun  3 06:25:07 sd-14642 su[2659]: + ??? root:nobody
Jun  3 06:25:07 sd-14642 su[2659]: (pam_unix) session opened for user nobody by (uid=0)
Jun  3 06:25:57 sd-14642 su[2659]: (pam_unix) session closed for user nobody
Jun  3 06:26:34 sd-14642 CRON[2571]: (pam_unix) session closed for user root
Jun  3 06:27:12 sd-14642 sshd[2849]: Invalid user ls from 60.250.248.187
Jun  3 06:27:12 sd-14642 sshd[2849]: (pam_unix) check pass; user unknown
Jun  3 06:27:12 sd-14642 sshd[2849]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60-250-248-187.hinet-ip.hinet.net 
Jun  3 06:27:14 sd-14642 sshd[2849]: Failed password for invalid user ls from 60.250.248.187 port 59107 ssh2
Jun  3 06:27:22 sd-14642 sshd[2860]: Invalid user lschmidt from 60.250.248.187
Jun  3 06:27:22 sd-14642 sshd[2860]: (pam_unix) check pass; user unknown
Jun  3 06:27:22 sd-14642 sshd[2860]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60-250-248-187.hinet-ip.hinet.net 
Jun  3 06:27:24 sd-14642 sshd[2860]: Failed password for invalid user lschmidt from 60.250.248.187 port 60368 ssh2
Jun  3 06:30:01 sd-14642 CRON[2961]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 06:30:01 sd-14642 CRON[2961]: (pam_unix) session closed for user www-data
Jun  3 06:33:02 sd-14642 CRON[3113]: (pam_unix) session opened for user root by (uid=0)
Jun  3 06:33:02 sd-14642 CRON[3113]: (pam_unix) session closed for user root
Jun  3 06:39:01 sd-14642 CRON[3329]: (pam_unix) session opened for user root by (uid=0)
Jun  3 06:39:01 sd-14642 CRON[3336]: (pam_unix) session opened for user root by (uid=0)
Jun  3 06:39:01 sd-14642 CRON[3329]: (pam_unix) session closed for user root
Jun  3 06:39:01 sd-14642 CRON[3336]: (pam_unix) session closed for user root
Jun  3 06:40:01 sd-14642 CRON[3354]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 06:40:01 sd-14642 CRON[3354]: (pam_unix) session closed for user www-data
Jun  3 06:43:57 sd-14642 sshd[3473]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.51.20.9  user=root
Jun  3 06:43:59 sd-14642 sshd[3473]: Failed password for root from 210.51.20.9 port 49646 ssh2
Jun  3 06:48:01 sd-14642 CRON[3605]: (pam_unix) session opened for user root by (uid=0)
Jun  3 06:48:01 sd-14642 CRON[3605]: (pam_unix) session closed for user root
Jun  3 06:50:01 sd-14642 CRON[3674]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 06:50:01 sd-14642 CRON[3674]: (pam_unix) session closed for user www-data
Jun  3 06:55:25 sd-14642 sshd[3868]: Invalid user master from 219.239.88.228
Jun  3 06:55:25 sd-14642 sshd[3868]: (pam_unix) check pass; user unknown
Jun  3 06:55:25 sd-14642 sshd[3868]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.239.88.228 
Jun  3 06:55:27 sd-14642 sshd[3868]: Failed password for invalid user master from 219.239.88.228 port 42201 ssh2
Jun  3 06:55:33 sd-14642 sshd[3872]: Invalid user sarah from 219.239.88.228
Jun  3 06:55:33 sd-14642 sshd[3872]: (pam_unix) check pass; user unknown
Jun  3 06:55:33 sd-14642 sshd[3872]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.239.88.228 
Jun  3 06:55:35 sd-14642 sshd[3872]: Failed password for invalid user sarah from 219.239.88.228 port 42477 ssh2
Jun  3 06:55:40 sd-14642 sshd[3876]: Invalid user sarah from 219.239.88.228
Jun  3 06:55:40 sd-14642 sshd[3876]: (pam_unix) check pass; user unknown
Jun  3 06:55:40 sd-14642 sshd[3876]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.239.88.228 
Jun  3 06:55:42 sd-14642 sshd[3876]: Failed password for invalid user sarah from 219.239.88.228 port 42758 ssh2
Jun  3 07:00:01 sd-14642 CRON[4020]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 07:00:01 sd-14642 CRON[4020]: (pam_unix) session closed for user www-data
Jun  3 07:03:01 sd-14642 CRON[4088]: (pam_unix) session opened for user root by (uid=0)
Jun  3 07:03:01 sd-14642 CRON[4088]: (pam_unix) session closed for user root
Jun  3 07:09:01 sd-14642 CRON[4269]: (pam_unix) session opened for user root by (uid=0)
Jun  3 07:09:01 sd-14642 CRON[4276]: (pam_unix) session opened for user root by (uid=0)
Jun  3 07:09:01 sd-14642 CRON[4269]: (pam_unix) session closed for user root
Jun  3 07:09:01 sd-14642 CRON[4276]: (pam_unix) session closed for user root
Jun  3 07:10:01 sd-14642 CRON[4346]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 07:10:01 sd-14642 CRON[4346]: (pam_unix) session closed for user www-data
Jun  3 07:17:01 sd-14642 CRON[4530]: (pam_unix) session opened for user root by (uid=0)
Jun  3 07:17:01 sd-14642 CRON[4530]: (pam_unix) session closed for user root
Jun  3 07:18:01 sd-14642 CRON[4550]: (pam_unix) session opened for user root by (uid=0)
Jun  3 07:18:01 sd-14642 CRON[4550]: (pam_unix) session closed for user root
Jun  3 07:20:01 sd-14642 CRON[4649]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 07:20:01 sd-14642 CRON[4649]: (pam_unix) session closed for user www-data
Jun  3 07:30:01 sd-14642 CRON[4988]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 07:30:01 sd-14642 CRON[4988]: (pam_unix) session closed for user www-data
Jun  3 07:33:01 sd-14642 CRON[5070]: (pam_unix) session opened for user root by (uid=0)
Jun  3 07:33:01 sd-14642 CRON[5070]: (pam_unix) session closed for user root
Jun  3 07:36:31 sd-14642 sshd[5214]: Invalid user shortcut from 217.172.180.138
Jun  3 07:36:31 sd-14642 sshd[5214]: (pam_unix) check pass; user unknown
Jun  3 07:36:31 sd-14642 sshd[5214]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=athen138.server4you.de 
Jun  3 07:36:33 sd-14642 sshd[5214]: Failed password for invalid user shortcut from 217.172.180.138 port 57185 ssh2
Jun  3 07:36:34 sd-14642 sshd[5218]: Invalid user adm from 217.172.180.138
Jun  3 07:36:34 sd-14642 sshd[5218]: (pam_unix) check pass; user unknown
Jun  3 07:36:34 sd-14642 sshd[5218]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=athen138.server4you.de 
Jun  3 07:36:36 sd-14642 sshd[5218]: Failed password for invalid user adm from 217.172.180.138 port 57682 ssh2
Jun  3 07:36:36 sd-14642 sshd[5222]: Invalid user pass from 217.172.180.138
Jun  3 07:36:36 sd-14642 sshd[5222]: (pam_unix) check pass; user unknown
Jun  3 07:36:36 sd-14642 sshd[5222]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=athen138.server4you.de 
Jun  3 07:36:38 sd-14642 sshd[5222]: Failed password for invalid user pass from 217.172.180.138 port 57975 ssh2
Jun  3 07:36:38 sd-14642 sshd[5226]: Invalid user password from 217.172.180.138
Jun  3 07:36:38 sd-14642 sshd[5226]: (pam_unix) check pass; user unknown
Jun  3 07:36:38 sd-14642 sshd[5226]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=athen138.server4you.de 
Jun  3 07:36:40 sd-14642 sshd[5226]: Failed password for invalid user password from 217.172.180.138 port 58234 ssh2
Jun  3 07:38:38 sd-14642 sshd[5226]: fatal: Timeout before authentication for 217.172.180.138
Jun  3 07:39:01 sd-14642 CRON[5306]: (pam_unix) session opened for user root by (uid=0)
Jun  3 07:39:01 sd-14642 CRON[5313]: (pam_unix) session opened for user root by (uid=0)
Jun  3 07:39:01 sd-14642 CRON[5306]: (pam_unix) session closed for user root
Jun  3 07:39:01 sd-14642 CRON[5313]: (pam_unix) session closed for user root
Jun  3 07:40:01 sd-14642 CRON[5378]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 07:40:01 sd-14642 CRON[5378]: (pam_unix) session closed for user www-data
Jun  3 07:48:01 sd-14642 CRON[5642]: (pam_unix) session opened for user root by (uid=0)
Jun  3 07:48:01 sd-14642 CRON[5642]: (pam_unix) session closed for user root
Jun  3 07:50:01 sd-14642 CRON[5725]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 07:50:01 sd-14642 CRON[5725]: (pam_unix) session closed for user www-data
Jun  3 07:54:12 sd-14642 sshd[5835]: Did not receive identification string from 198.104.137.212
Jun  3 08:00:01 sd-14642 CRON[5980]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 08:00:01 sd-14642 CRON[5982]: (pam_unix) session opened for user list by (uid=0)
Jun  3 08:00:01 sd-14642 CRON[5980]: (pam_unix) session closed for user www-data
Jun  3 08:00:02 sd-14642 CRON[5982]: (pam_unix) session closed for user list
Jun  3 08:03:01 sd-14642 CRON[6093]: (pam_unix) session opened for user root by (uid=0)
Jun  3 08:03:01 sd-14642 CRON[6093]: (pam_unix) session closed for user root
Jun  3 08:09:01 sd-14642 CRON[6285]: (pam_unix) session opened for user root by (uid=0)
Jun  3 08:09:01 sd-14642 CRON[6292]: (pam_unix) session opened for user root by (uid=0)
Jun  3 08:09:01 sd-14642 CRON[6285]: (pam_unix) session closed for user root
Jun  3 08:09:01 sd-14642 CRON[6292]: (pam_unix) session closed for user root
Jun  3 08:10:01 sd-14642 CRON[6318]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 08:10:01 sd-14642 CRON[6318]: (pam_unix) session closed for user www-data
Jun  3 08:17:01 sd-14642 CRON[6565]: (pam_unix) session opened for user root by (uid=0)
Jun  3 08:17:01 sd-14642 CRON[6565]: (pam_unix) session closed for user root
Jun  3 08:18:01 sd-14642 CRON[6623]: (pam_unix) session opened for user root by (uid=0)
Jun  3 08:18:01 sd-14642 CRON[6623]: (pam_unix) session closed for user root
Jun  3 08:20:01 sd-14642 CRON[6677]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 08:20:01 sd-14642 CRON[6677]: (pam_unix) session closed for user www-data
Jun  3 08:26:10 sd-14642 sshd[6896]: Invalid user test from 60.250.248.187
Jun  3 08:26:10 sd-14642 sshd[6896]: (pam_unix) check pass; user unknown
Jun  3 08:26:10 sd-14642 sshd[6896]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60-250-248-187.hinet-ip.hinet.net 
Jun  3 08:26:12 sd-14642 sshd[6896]: Failed password for invalid user test from 60.250.248.187 port 43171 ssh2
Jun  3 08:26:16 sd-14642 sshd[6900]: Invalid user admin from 60.250.248.187
Jun  3 08:26:16 sd-14642 sshd[6900]: (pam_unix) check pass; user unknown
Jun  3 08:26:16 sd-14642 sshd[6900]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60-250-248-187.hinet-ip.hinet.net 
Jun  3 08:26:18 sd-14642 sshd[6900]: Failed password for invalid user admin from 60.250.248.187 port 44751 ssh2
Jun  3 08:26:23 sd-14642 sshd[6905]: Invalid user user from 60.250.248.187
Jun  3 08:26:23 sd-14642 sshd[6905]: (pam_unix) check pass; user unknown
Jun  3 08:26:23 sd-14642 sshd[6905]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60-250-248-187.hinet-ip.hinet.net 
Jun  3 08:26:25 sd-14642 sshd[6905]: Failed password for invalid user user from 60.250.248.187 port 46321 ssh2
Jun  3 08:28:26 sd-14642 sshd[6909]: fatal: Timeout before authentication for 60.250.248.187
Jun  3 08:30:01 sd-14642 CRON[7026]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 08:30:01 sd-14642 CRON[7026]: (pam_unix) session closed for user www-data
Jun  3 08:33:01 sd-14642 CRON[7105]: (pam_unix) session opened for user root by (uid=0)
Jun  3 08:33:01 sd-14642 CRON[7105]: (pam_unix) session closed for user root
Jun  3 08:37:30 sd-14642 proftpd[7281]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - USER anonymous: no such user found from 117.7.198.201 [117.7.198.201] to 88.191.74.76:21 
Jun  3 08:37:31 sd-14642 proftpd[7281]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - FTP session closed. 
Jun  3 08:39:01 sd-14642 CRON[7309]: (pam_unix) session opened for user root by (uid=0)
Jun  3 08:39:01 sd-14642 CRON[7316]: (pam_unix) session opened for user root by (uid=0)
Jun  3 08:39:01 sd-14642 CRON[7309]: (pam_unix) session closed for user root
Jun  3 08:39:01 sd-14642 CRON[7316]: (pam_unix) session closed for user root
Jun  3 08:40:01 sd-14642 CRON[7359]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 08:40:01 sd-14642 CRON[7359]: (pam_unix) session closed for user www-data
Jun  3 08:40:03 sd-14642 proftpd[7361]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - USER anonymous: no such user found from 117.7.198.201 [117.7.198.201] to 88.191.74.76:21 
Jun  3 08:40:03 sd-14642 proftpd[7361]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - FTP session closed. 
Jun  3 08:40:09 sd-14642 proftpd[7362]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - USER anonymous: no such user found from 117.7.198.201 [117.7.198.201] to 88.191.74.76:21 
Jun  3 08:40:09 sd-14642 proftpd[7362]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - FTP session closed. 
Jun  3 08:40:21 sd-14642 proftpd[7363]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - USER anonymous: no such user found from 117.7.198.201 [117.7.198.201] to 88.191.74.76:21 
Jun  3 08:40:22 sd-14642 proftpd[7363]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - FTP session closed. 
Jun  3 08:40:24 sd-14642 proftpd[7364]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - USER anonymous: no such user found from 117.7.198.201 [117.7.198.201] to 88.191.74.76:21 
Jun  3 08:40:24 sd-14642 proftpd[7364]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - FTP session closed. 
Jun  3 08:40:26 sd-14642 proftpd[7365]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - USER anonymous: no such user found from 117.7.198.201 [117.7.198.201] to 88.191.74.76:21 
Jun  3 08:40:26 sd-14642 proftpd[7365]: sd-14642.dedibox.fr (117.7.198.201[117.7.198.201]) - FTP session closed. 
Jun  3 08:48:01 sd-14642 CRON[7567]: (pam_unix) session opened for user root by (uid=0)
Jun  3 08:48:01 sd-14642 CRON[7567]: (pam_unix) session closed for user root
Jun  3 08:50:01 sd-14642 CRON[7641]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 08:50:01 sd-14642 CRON[7643]: (pam_unix) session opened for user drweb by (uid=0)
Jun  3 08:50:01 sd-14642 CRON[7641]: (pam_unix) session closed for user www-data
Jun  3 08:50:34 sd-14642 CRON[7643]: (pam_unix) session closed for user drweb
Jun  3 09:00:01 sd-14642 CRON[7927]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 09:00:01 sd-14642 CRON[7929]: (pam_unix) session opened for user list by (uid=0)
Jun  3 09:00:01 sd-14642 CRON[7927]: (pam_unix) session closed for user www-data
Jun  3 09:00:01 sd-14642 CRON[7929]: (pam_unix) session closed for user list
Jun  3 09:03:01 sd-14642 CRON[8051]: (pam_unix) session opened for user root by (uid=0)
Jun  3 09:03:01 sd-14642 CRON[8051]: (pam_unix) session closed for user root
Jun  3 09:08:16 sd-14642 sshd[8220]: Invalid user haitac from 217.172.180.138
Jun  3 09:08:16 sd-14642 sshd[8220]: (pam_unix) check pass; user unknown
Jun  3 09:08:16 sd-14642 sshd[8220]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=athen138.server4you.de 
Jun  3 09:08:18 sd-14642 sshd[8220]: Failed password for invalid user haitac from 217.172.180.138 port 39115 ssh2
Jun  3 09:08:18 sd-14642 sshd[8224]: Invalid user haiduc from 217.172.180.138
Jun  3 09:08:18 sd-14642 sshd[8224]: (pam_unix) check pass; user unknown
Jun  3 09:08:18 sd-14642 sshd[8224]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=athen138.server4you.de 
Jun  3 09:08:20 sd-14642 sshd[8224]: Failed password for invalid user haiduc from 217.172.180.138 port 39418 ssh2
Jun  3 09:08:21 sd-14642 sshd[8228]: Invalid user ionita from 217.172.180.138
Jun  3 09:08:21 sd-14642 sshd[8228]: (pam_unix) check pass; user unknown
Jun  3 09:08:21 sd-14642 sshd[8228]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=athen138.server4you.de 
Jun  3 09:08:23 sd-14642 sshd[8228]: Failed password for invalid user ionita from 217.172.180.138 port 39673 ssh2
Jun  3 09:08:23 sd-14642 sshd[8232]: Invalid user jurca from 217.172.180.138
Jun  3 09:08:23 sd-14642 sshd[8232]: (pam_unix) check pass; user unknown
Jun  3 09:08:23 sd-14642 sshd[8232]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=athen138.server4you.de 
Jun  3 09:08:25 sd-14642 sshd[8232]: Failed password for invalid user jurca from 217.172.180.138 port 39984 ssh2
Jun  3 09:09:01 sd-14642 CRON[8251]: (pam_unix) session opened for user root by (uid=0)
Jun  3 09:09:01 sd-14642 CRON[8258]: (pam_unix) session opened for user root by (uid=0)
Jun  3 09:09:01 sd-14642 CRON[8251]: (pam_unix) session closed for user root
Jun  3 09:09:01 sd-14642 CRON[8258]: (pam_unix) session closed for user root
Jun  3 09:10:01 sd-14642 CRON[8274]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 09:10:01 sd-14642 CRON[8274]: (pam_unix) session closed for user www-data
Jun  3 09:10:23 sd-14642 sshd[8232]: fatal: Timeout before authentication for 217.172.180.138
Jun  3 09:14:24 sd-14642 sshd[8404]: Did not receive identification string from 72.46.157.163
Jun  3 09:17:01 sd-14642 CRON[8495]: (pam_unix) session opened for user root by (uid=0)
Jun  3 09:17:01 sd-14642 CRON[8495]: (pam_unix) session closed for user root
Jun  3 09:18:01 sd-14642 CRON[8526]: (pam_unix) session opened for user root by (uid=0)
Jun  3 09:18:01 sd-14642 CRON[8526]: (pam_unix) session closed for user root
Jun  3 09:20:01 sd-14642 CRON[8601]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 09:20:01 sd-14642 CRON[8601]: (pam_unix) session closed for user www-data
Jun  3 09:30:01 sd-14642 CRON[8896]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 09:30:01 sd-14642 CRON[8896]: (pam_unix) session closed for user www-data
Jun  3 09:33:01 sd-14642 CRON[8995]: (pam_unix) session opened for user root by (uid=0)
Jun  3 09:33:01 sd-14642 CRON[8995]: (pam_unix) session closed for user root
Jun  3 09:39:01 sd-14642 CRON[9006]: (pam_unix) session opened for user root by (uid=0)
Jun  3 09:39:01 sd-14642 CRON[9013]: (pam_unix) session opened for user root by (uid=0)
Jun  3 09:39:01 sd-14642 CRON[9006]: (pam_unix) session closed for user root
Jun  3 09:39:01 sd-14642 CRON[9013]: (pam_unix) session closed for user root
Jun  3 09:40:01 sd-14642 CRON[9025]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 09:40:01 sd-14642 CRON[9025]: (pam_unix) session closed for user www-data
Jun  3 09:48:01 sd-14642 CRON[9029]: (pam_unix) session opened for user root by (uid=0)
Jun  3 09:48:01 sd-14642 CRON[9029]: (pam_unix) session closed for user root
Jun  3 09:50:01 sd-14642 CRON[9032]: (pam_unix) session opened for user www-data by (uid=0)
Jun  3 09:50:01 sd-14642 CRON[9032]: (pam_unix) session closed for user www-data
Jun  3 09:58:57 sd-14642 sshd[2801]: Server listening on :: port 22.
Jun  3 09:58:58 sd-14642 su[2810]: Successful su for tomcat by root
Jun  3 09:58:58 sd-14642 su[2810]: + ??? root:tomcat
Jun  3 09:58:58 sd-14642 su[2811]: Successful su for tomcat by root
Jun  3 09:58:58 sd-14642 su[2811]: + console root:tomcat
Jun  3 09:58:58 sd-14642 su[2810]: (pam_unix) session opened for user tomcat by (uid=0)
Jun  3 09:58:58 sd-14642 su[2811]: (pam_unix) session opened for user tomcat by (uid=0)
Jun  3 09:58:58 sd-14642 su[2811]: (pam_unix) session closed for user tomcat
Jun  3 09:59:23 sd-14642 sshd[3020]: Accepted password for root from 85.69.108.91 port 63844 ssh2
Jun  3 09:59:23 sd-14642 sshd[3020]: subsystem request for sftp
Jun  3 09:59:23 sd-14642 sshd[3059]: (pam_unix) session opened for user root by (uid=0)

QQ PEUT ME DIRE COMMENT BLOCKER CES ATTAQUES ET QUELLES COMMANDES A EFFECTUER VIA PUTTY!

MERCI

Dernière modification par dlphim (2008-06-03 10:10:22)

Mogui · 2008-06-03 10:27:28

QQ PEUT ME DIRE COMMENT BLOCKER CES ATTAQUES

Fail2Ban / Iptables

ET QUELLES COMMANDES A EFFECTUER VIA PUTTY!

Non.

De plus, pour peu que tu ai un mot de passe "solide", que tu n'autorises pas la connexion en root, que tous les users dont tu te sert pas aient /bin/false en environnement, ca devrait aller.

T'as du tomcat sur ta machine ?

Dernière modification par Mogui (2008-06-03 10:29:28)

georgieboy · 2008-06-03 10:29:22

en root :

-change le port de ton ssh :

Code:

nano /etc/ssh/sshd.conf

-relance ton ssh :

Code:

/etc/init.d/ssh restart

(vérifie bien que tu peux toujours te connecter avec un 2e putty avant de fermer le 1er)

-Si les attaques continuent, installe fail2ban :

Code:

apt-get install fail2ban

-lance fail2ban au boot :

Code:

update-rc.d fail2ban defaults

Mogui · 2008-06-03 10:30:08

Si deja tu lui dis comment l'installer, le minimum serait au moin de l'aider à le configurer. Hein !

georgieboy · 2008-06-03 10:34:48

la configuration de base va très bien...

dlphim · 2008-06-03 10:53:27

J'avais oublié de vous signaler que j'ai déjà installé fail2ban.

voici le dernier extrait

Code:

2008-06-01 06:28:56,425 fail2ban.jail   : INFO   Using poller
2008-06-01 06:28:56,426 fail2ban.filter : INFO   Created Filter
2008-06-01 06:28:56,426 fail2ban.filter : INFO   Created FilterPoll
2008-06-01 06:28:56,426 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2008-06-01 06:28:56,427 fail2ban.filter : INFO   Set maxRetry = 6
2008-06-01 06:28:56,427 fail2ban.filter : INFO   Set findtime = 600
2008-06-01 06:28:56,428 fail2ban.actions: INFO   Set banTime = 600
2008-06-01 06:28:56,428 fail2ban.filter : INFO   Set failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S+)(?: port \d*)?(?: ssh\d*)?\s*$
2008-06-01 06:28:56,429 fail2ban.filter : INFO   Set ignoreregex = 
2008-06-01 06:28:56,430 fail2ban.actions.action: INFO   Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2008-06-01 06:28:56,430 fail2ban.actions.action: INFO   Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2008-06-01 06:28:56,431 fail2ban.actions.action: INFO   Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2008-06-01 06:28:56,431 fail2ban.actions.action: INFO   Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2008-06-01 06:28:56,432 fail2ban.actions.action: INFO   Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2008-06-01 10:57:56,436 fail2ban.actions: WARNING [ssh] Ban 212.162.6.138
2008-06-01 11:07:56,732 fail2ban.actions: WARNING [ssh] Unban 212.162.6.138
2008-06-01 12:55:34,737 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 13:05:35,241 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-01 14:21:14,730 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 14:31:15,154 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-01 15:24:07,161 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 15:34:07,173 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-01 16:07:20,334 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 16:17:20,563 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-01 16:42:04,566 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 16:52:04,659 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-01 17:10:56,663 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 17:20:56,740 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-01 17:49:51,796 fail2ban.actions: WARNING [ssh] Ban 212.162.6.138
2008-06-01 17:59:52,269 fail2ban.actions: WARNING [ssh] Unban 212.162.6.138
2008-06-01 18:08:34,496 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 18:18:34,503 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-01 19:21:06,535 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 19:31:06,799 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-01 19:45:54,805 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 19:55:54,809 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-01 20:20:17,815 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 20:30:18,109 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-01 21:35:39,115 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 21:45:39,547 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-01 22:07:54,558 fail2ban.actions: WARNING [ssh] Ban 82.214.229.201
2008-06-01 22:17:54,687 fail2ban.actions: WARNING [ssh] Unban 82.214.229.201
2008-06-01 23:41:13,691 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-01 23:51:14,161 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 00:14:34,237 fail2ban.actions: WARNING [ssh] Ban 212.162.6.138
2008-06-02 00:24:34,513 fail2ban.actions: WARNING [ssh] Unban 212.162.6.138
2008-06-02 00:29:24,537 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 00:39:24,553 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 01:07:07,557 fail2ban.actions: WARNING [ssh] Ban 212.162.6.138
2008-06-02 01:17:07,700 fail2ban.actions: WARNING [ssh] Unban 212.162.6.138
2008-06-02 02:00:19,727 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 02:10:20,019 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 03:17:55,049 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 03:27:55,203 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 03:51:38,209 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 04:01:38,279 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 05:15:12,378 fail2ban.actions: WARNING [ssh] Ban 190.38.206.92
2008-06-02 05:25:12,696 fail2ban.actions: WARNING [ssh] Unban 190.38.206.92
2008-06-02 05:42:09,701 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 05:52:09,705 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 06:08:51,709 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 06:18:51,715 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 07:01:01,747 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 07:11:02,038 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 07:21:54,045 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 07:31:54,051 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 07:39:43,081 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 07:49:43,084 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 08:16:02,087 fail2ban.actions: WARNING [ssh] Ban 195.234.189.5
2008-06-02 08:26:02,091 fail2ban.actions: WARNING [ssh] Unban 195.234.189.5
2008-06-02 09:00:24,097 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 09:10:24,110 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 09:26:06,114 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 09:36:06,151 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 10:13:45,157 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 10:23:45,330 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 11:06:51,336 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 11:16:51,646 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 11:41:08,649 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 11:51:08,729 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 12:12:51,762 fail2ban.actions: WARNING [ssh] Ban 212.162.6.138
2008-06-02 12:22:52,079 fail2ban.actions: WARNING [ssh] Unban 212.162.6.138
2008-06-02 12:48:31,132 fail2ban.actions: WARNING [ssh] Ban 221.130.192.137
2008-06-02 12:52:36,412 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 12:58:31,420 fail2ban.actions: WARNING [ssh] Unban 221.130.192.137
2008-06-02 13:02:36,515 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 13:46:44,538 fail2ban.actions: WARNING [ssh] Ban 212.162.6.138
2008-06-02 13:56:44,882 fail2ban.actions: WARNING [ssh] Unban 212.162.6.138
2008-06-02 15:28:10,901 fail2ban.actions: WARNING [ssh] Ban 211.157.125.121
2008-06-02 15:37:51,158 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 15:38:11,221 fail2ban.actions: WARNING [ssh] Unban 211.157.125.121
2008-06-02 15:47:51,225 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 16:19:55,257 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 16:20:50,504 fail2ban.actions: WARNING [ssh] Ban 212.162.6.138
2008-06-02 16:23:03,512 fail2ban.actions: WARNING [ssh] Ban 211.157.125.121
2008-06-02 16:29:55,518 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 16:30:50,542 fail2ban.actions: WARNING [ssh] Unban 212.162.6.138
2008-06-02 16:33:03,548 fail2ban.actions: WARNING [ssh] Unban 211.157.125.121
2008-06-02 16:34:02,574 fail2ban.actions: WARNING [ssh] Ban 203.97.0.197
2008-06-02 16:41:53,577 fail2ban.actions: WARNING [ssh] Ban 211.157.125.121
2008-06-02 16:44:02,601 fail2ban.actions: WARNING [ssh] Unban 203.97.0.197
2008-06-02 16:51:53,607 fail2ban.actions: WARNING [ssh] Unban 211.157.125.121
2008-06-02 17:02:00,828 fail2ban.actions: WARNING [ssh] Ban 211.157.125.121
2008-06-02 17:12:00,857 fail2ban.actions: WARNING [ssh] Unban 211.157.125.121
2008-06-02 17:47:18,337 fail2ban.actions: WARNING [ssh] Ban 211.157.125.121
2008-06-02 17:51:35,821 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 17:57:18,827 fail2ban.actions: WARNING [ssh] Unban 211.157.125.121
2008-06-02 18:01:35,830 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 18:11:16,833 fail2ban.actions: WARNING [ssh] Ban 211.157.125.121
2008-06-02 18:21:16,874 fail2ban.actions: WARNING [ssh] Unban 211.157.125.121
2008-06-02 18:45:58,880 fail2ban.actions: WARNING [ssh] Ban 211.157.125.121
2008-06-02 18:46:03,127 fail2ban.actions: WARNING [ssh] Ban 83.160.17.177
2008-06-02 18:55:59,134 fail2ban.actions: WARNING [ssh] Unban 211.157.125.121
2008-06-02 18:56:03,140 fail2ban.actions: WARNING [ssh] Unban 83.160.17.177
2008-06-02 19:26:09,143 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 19:36:09,553 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-02 20:49:29,760 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-02 20:59:30,077 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-03 00:15:02,229 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-03 00:25:02,505 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-03 01:04:18,508 fail2ban.actions: WARNING [ssh] Ban 200.62.226.57
2008-06-03 01:14:18,834 fail2ban.actions: WARNING [ssh] Unban 200.62.226.57
2008-06-03 01:46:59,838 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-03 01:56:59,987 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-03 02:00:45,031 fail2ban.actions: WARNING [ssh] Ban 62.75.204.68
2008-06-03 02:05:35,034 fail2ban.actions: WARNING [ssh] Ban 217.172.180.138
2008-06-03 02:10:45,041 fail2ban.actions: WARNING [ssh] Unban 62.75.204.68
2008-06-03 02:15:35,085 fail2ban.actions: WARNING [ssh] Unban 217.172.180.138
2008-06-03 02:41:31,091 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-03 02:51:31,455 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-03 02:53:01,638 fail2ban.actions: WARNING [ssh] Ban 198.104.137.212
2008-06-03 03:03:01,644 fail2ban.actions: WARNING [ssh] Unban 198.104.137.212
2008-06-03 03:06:47,871 fail2ban.actions: WARNING [ssh] Ban 200.62.226.57
2008-06-03 03:16:47,877 fail2ban.actions: WARNING [ssh] Unban 200.62.226.57
2008-06-03 03:24:03,904 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-03 03:30:56,910 fail2ban.actions: WARNING [ssh] Ban 62.75.204.68
2008-06-03 03:34:03,947 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-03 03:36:03,121 fail2ban.actions: WARNING [ssh] Ban 217.172.180.138
2008-06-03 03:40:57,127 fail2ban.actions: WARNING [ssh] Unban 62.75.204.68
2008-06-03 03:46:03,168 fail2ban.actions: WARNING [ssh] Unban 217.172.180.138
2008-06-03 04:13:02,173 fail2ban.actions: WARNING [ssh] Ban 60.250.248.187
2008-06-03 04:23:02,384 fail2ban.actions: WARNING [ssh] Unban 60.250.248.187
2008-06-03 04:52:16,410 fail2ban.actions: WARNING [ssh] Ban 62.75.204.68
2008-06-03 05:02:16,670 fail2ban.actions: WARNING [ssh] Unban 62.75.204.68
2008-06-03 05:09:36,694 fail2ban.actions: WARNING [ssh] Ban 219.239.88.228
2008-06-03 05:15:54,727 fail2ban.actions: WARNING [ssh] Ban 217.172.180.138
2008-06-03 05:19:36,733 fail2ban.actions: WARNING [ssh] Unban 219.239.88.228
2008-06-03 05:20:25,737 fail2ban.actions: WARNING [ssh] Ban 60.250.248.187
2008-06-03 05:24:14,743 fail2ban.actions: WARNING [ssh] Ban 200.62.226.57
2008-06-03 05:25:54,746 fail2ban.actions: WARNING [ssh] Unban 217.172.180.138
2008-06-03 05:30:25,750 fail2ban.actions: WARNING [ssh] Unban 60.250.248.187
2008-06-03 05:34:14,757 fail2ban.actions: WARNING [ssh] Unban 200.62.226.57
2008-06-03 05:52:21,763 fail2ban.actions: WARNING [ssh] Ban 60.250.248.187
2008-06-03 06:02:21,790 fail2ban.actions: WARNING [ssh] Unban 60.250.248.187
2008-06-03 06:22:55,796 fail2ban.actions: WARNING [ssh] Ban 90.183.8.146
2008-06-03 06:28:27,819 fail2ban.actions: WARNING [ssh] Ban 217.172.180.138
2008-06-03 06:32:55,839 fail2ban.actions: WARNING [ssh] Unban 90.183.8.146
2008-06-03 06:35:30,842 fail2ban.actions: WARNING [ssh] Ban 60.250.248.187
2008-06-03 06:38:27,846 fail2ban.actions: WARNING [ssh] Unban 217.172.180.138
2008-06-03 06:45:30,850 fail2ban.actions: WARNING [ssh] Unban 60.250.248.187
2008-06-03 07:21:19,855 fail2ban.actions: WARNING [ssh] Ban 200.62.226.57
2008-06-03 07:31:19,925 fail2ban.actions: WARNING [ssh] Unban 200.62.226.57
2008-06-03 07:52:38,929 fail2ban.actions: WARNING [ssh] Ban 217.172.180.138
2008-06-03 08:02:38,935 fail2ban.actions: WARNING [ssh] Unban 217.172.180.138
2008-06-03 08:47:55,938 fail2ban.actions: WARNING [ssh] Ban 60.250.248.187
2008-06-03 08:57:55,968 fail2ban.actions: WARNING [ssh] Unban 60.250.248.187
2008-06-03 09:21:00,971 fail2ban.actions: WARNING [ssh] Ban 200.62.226.57
2008-06-03 09:31:00,975 fail2ban.actions: WARNING [ssh] Unban 200.62.226.57

QQ SAIT CE QUE CA VEUT DIRE CETTE LIGNE:

Jun 3 06:25:07 sd-14642 su[2650]: Successful su for nobody by root ?????

J'ai changé port 22, redémarre ssh et relogin avec succès via le port defaut 22, c'est normal ca???

Code:

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 2
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no

Merci..

Dernière modification par dlphim (2008-06-03 10:58:22)

Phach · 2008-06-03 11:57:41

dlphim a écrit:
J'ai changé port 22, redémarre ssh et relogin avec succès via le port defaut 22, c'est normal ca???

1/ arrete avec les majuscules c'est lourd
2/ edite le bon fichier
3/ edite le correctement en choisissant une valeur correcte.

dlphim · 2008-06-03 12:39:39

De l'aide svp!

J'ai modifié le port 22 en 19 dans /etc/ssh/ssh_config restart ssh... sans succès
Je commence alors à changer le port 22 en 19 dans /etc/ssh/sshd_config.

Maintenant, je ne peux plus me connecter avec winscp sous le port 22 (connection refusée) ou 19 (erreur réseau: la connection a dépassé le temps maximun)

Dernière modification par dlphim (2008-06-03 12:40:27)

dlphim · 2008-06-03 12:51:11

Je crois que j'ai fais une connerie et si j'ai plus accès au serveur, je suis vraiment dans la m...!

hawk88 · 2008-06-03 13:05:00

Tu as fermer ta session de winscppour en ouvrir une autre ? dans ces cas la il faut en ouvrir une autre pour justement éviter ce genre de boulette

Il faut surement que tu passes en mod rescue alors

dlphim · 2008-06-03 13:39:26

Ca ne marche tjs pas...
Je me connect en rescue et essaie editer les param, cependant à ma grande surprise, ils sont correct dans /etc/ssh/ssh_config et /etc/ssh/sshd_config port 22 il y rien à modifier!

faut il que je réinstall qqch?

merci de m'aider!

Mogui · 2008-06-03 13:46:04

[2008 jun 03] Warning: Assistanat spoted in http://dedibox-news.com/sujet-6033-atta … tous-jours
[2008 jun 03] http://fr.wikipedia.org/wiki/Assistanat
[2008] jun 03] Please dot not respond

Serieusement, sans assistanat, en rescue, tu regarde le fichier du systeme rescue, pas de ta dedibox !
Monte /etc/ et edite le fichier

Dernière modification par Mogui (2008-06-03 13:47:40)

JalaL · 2008-06-03 14:44:12

Vaut mieux choisir un autre port aleatoirement, ca evite qu'un scanneur tombe sur le port 19 en quelques secondes.... sinon t'as bien verifié que le port 19 est autorisé dans iptables ?

dlphim · 2008-06-03 20:25:32

Vous m'excuserez pour mon manque d'expérience mais je ne sais ou regarder le fichier du système rescue afin de modifier le port ssh en 22

J'essaie d'appliquer la docs http://documentation.dedibox.fr/doku.ph … on:rescue, mais aucune cd ne marche

"Monte /etc/ et edite le fichier" concrètement que dois je faire?

SVP ne me lâchez pas! merci

dlphim · 2008-06-03 20:46:08

Code:

Corriger un problème de configuration de firewall

En mode “rescue”, connectez vous en root sur votre serveur par SSH, et tapez les commandes suivantes :

BusyBox v1.01 (2005.12.06-16:10+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

#
# cd bin
# sh 03_mount_all
Creation des points de montage
Montage des partitions
#

Vos fichiers de votre disque dur sont désormais présents dans le répertoire /mnt/PARTITION (PARTITION = identifiant linux de la partition du disque, exemple sda1)

Les éditeurs “vi” et “nano” sont présents dans le système rescue, éditez simplement vos fichiers de configuration de votre disque dur à l'aide de ces éditeurs, ou désactivez le lancement du firewall en renommant dans le répertoire etc/rc2.d/Sxxlescript en etc/rc2.d/Kxxlescript (Exemple : mv /mnt/sda2/etc/rc2.d/S14firewall /mnt/sda2/etc/rc2.d/K14firewall).

Une fois les modifications effectuées, exécutez les commandes suivantes :

# cd 
# cd bin
# sh 99_umount_all
Demontage des partitions
#

Si j'ai bien compris, une fois logué en mode rescue, je tape sous putty
# cd bin puis, # sh 03_mount_all...
Pourquoi j'y arrive pas ? "cd /bin/" oui mais "sh 03_mount_all" donne "sh: Can't open 03_mount_all"

Sachez aussi que mon répertoire bin n'est pas dans root! (debian)

Dernière modification par dlphim (2008-06-03 21:04:37)

Phach · 2008-06-03 22:29:05

http://documentation.dedibox.fr/doku.ph … p;s=rescue

dlphim · 2008-06-03 23:10:08

OK il y a un début de résolution du problème!

Mais lorsque je me login avec le login rescue, édit les param, il me dit permission denied, pareil quand j'essaie de recréer, supprimer un fichier ou de renommer le fichier firewall !

Quelqu'un sait pourquoi j'ai pas la permission root??

Dernière modification par dlphim (2008-06-04 15:59:34)

dlphim · 2008-06-05 00:45:04

De l'aide SVP!

Phach · 2008-06-05 10:38:51

dlphim a écrit:
De l'aide SVP!

pas besoin de nous envoyer des mails (car je suppose que je suis pas le seul à en avoir reçu de ta part)

Je t'ai posté un lien qui décrit PAS-A-PAS comment se servir du mode rescue !
je vois pas ce que je peux faire de plus... le forum n'est pas une hotline de dépannage à distance !

dlphim · 2008-06-05 14:56:27

salut,

Effectivement, je t'ai envoyé un mail, en pensant que c'est un pm.
Comme tu m'a aidé, je pense que tu sais comment je n'ai pas la permission root en rentrant les identifiants en recue.
J'ai suivi à la lettre la doc, je n'ai pas vraiment compris ou est le problème.

C'est pourquoi j'aurai aimé savoir si qq le sait!

Phach · 2008-06-05 15:41:51

c'est à se demander si tu lis les liens qu'on te donne

extrait de la page que je t'ai indiqué :

En mode “rescue”, connectez vous et tapez les commandes suivantes pour passer en root :

Mogui · 2008-06-05 18:59:02

Phach, c'est un assisté, te prends donc pas la tête !

Dernière modification par Mogui (2008-06-05 18:59:31)

dlphim · 2008-06-05 20:12:10

resalut,

Je ne suis pas aussi bête pour ne pas pouvoir suivre les 3 lignes de la doc:

Repasser le server en mode rescue, login via winscp avec les identifiants rescue de la dedibox
Tape "sudo su" reentre le pass rescue.
root@sd-xxxxx:/home/dlphim# <---------(cela veut dire que je suis root, non!!)
Tape for i in `seq 1 9`; do mkdir /mnt/mnt$i; mount /dev/sda$i /mnt/mnt$i;done pour démonter les partitions
via winscp, je vais dans /mnt/mnt2/etc/ssh/ssh_config pour éditer le port 19 en 22
Et c'est là le problème! J'ai pas la permisson pour éditer.

Phach · 2008-06-05 20:35:19

utilise un client ssh comme putty & vi pour éditer ton fichier. je connais pas wincsp, je vois mal où tu peux lui balancer des lignes de commandes.

et comme je sais que tu le demanderas au lieu de chercher, dans vi :

i pour passer en mode edition
ESC :wq pour sauvegarde & quitter

http://www.ledman.ch/eti_linux/08vi.html

Phach · 2008-06-05 20:36:50

Mogui a écrit:
Phach, c'est un assisté, te prends donc pas la tête !

c'est mon jour de bonté (ou de corvée comme tu préfère)
faut en profiter que je suis de bonne humeur, mais faudrait pas non plus que ca dure trop longtemps car y a un moment faut savoir se prendre en charge un minimum !

DEDIBOX-NEWS.COM

#1 2008-06-03 10:09:07

ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

Code:

#2 2008-06-03 10:27:28

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#3 2008-06-03 10:29:22

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

Code:

Code:

Code:

Code:

#4 2008-06-03 10:30:08

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#5 2008-06-03 10:34:48

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#6 2008-06-03 10:53:27

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

Code:

Code:

#7 2008-06-03 11:57:41

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

dlphim a écrit:

#8 2008-06-03 12:39:39

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#9 2008-06-03 12:51:11

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#10 2008-06-03 13:05:00

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#11 2008-06-03 13:39:26

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#12 2008-06-03 13:46:04

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#13 2008-06-03 14:44:12

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#14 2008-06-03 20:25:32

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#15 2008-06-03 20:46:08

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

Code:

#16 2008-06-03 22:29:05

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#17 2008-06-03 23:10:08

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#18 2008-06-05 00:45:04

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#19 2008-06-05 10:38:51

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

dlphim a écrit:

#20 2008-06-05 14:56:27

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#21 2008-06-05 15:41:51

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#22 2008-06-05 18:59:02

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#23 2008-06-05 20:12:10

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#24 2008-06-05 20:35:19

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

#25 2008-06-05 20:36:50

Re: ATTAQUES SUR SERVER V2 DEBIAN: DOWN TOUS LES JOURS...

Mogui a écrit:

Pied de page des forums