安装5分钟的小鸡就有两个成功登陆的陌生ip?求大佬解惑
journalctl _COMM=sshd | grep 'Accepted' | awk '{print $0}'Aug 16 02:14:28 static sshd: Accepted password for jevin from 178.63.62.213 port 57622 ssh2
Aug 16 02:15:25 static sshd: Accepted password for root from 178.63.62.213 port 57624 ssh2
Aug 16 02:26:41 static sshd: Accepted password for root from 178.63.62.213 port 57630 ssh2
Aug 16 02:28:07 static sshd: Accepted password for root from 178.63.62.213 port 57632 ssh2
Aug 16 02:30:55 static sshd: Accepted password for root from 178.63.62.213 port 57638 ssh2
Aug 16 02:32:31 static sshd: Accepted password for root from 178.63.62.213 port 57646 ssh2
Aug 16 02:35:56 static sshd: Accepted password for root from 178.63.62.213 port 57648 ssh2
Aug 16 02:42:30 static sshd: Accepted password for root from 178.63.62.213 port 57660 ssh2
Aug 16 02:52:07 static sshd: Accepted password for root from 178.63.62.213 port 57670 ssh2
Aug 16 02:52:43 static sshd: Accepted password for root from 106.193.211.155 port 7318 ssh2
Aug 16 03:10:32 static sshd: Accepted password for root from 106.193.211.155 port 7664 ssh2
mjj大佬送的virtono小鸡,重新安装debian12 5分钟不到就发现几个陌生ip的成功登陆,一个是印度的一个是德国hz的,我用的20多位高强度密码。换成debian 11依然一样,登陆ip换了,并且改了我的hostname。。。有大佬知道这是怎么回事吗?
date
Wed 15 May 2024 12:21:54
为什么这个登陆信息显示aug八月份? 你要是眼睛或者大脑不好使的话就及时就医,不要来LOC发这种睿智贴浪费别人时间 是不是之前已经创建了异常用户,删掉,仅允许秘钥登录吧
一二三转身起飞~ 是安装新系统不到几分钟的小鸡,用的是virtono官方的reinstall,选debian12和11,都有类似的问题 从来没想说脏话的,发帖是我的自由,不喜欢关掉就行,不要把我惹毛了 从来不想掺合论坛里的恩怨,现在觉得早该ban你了 https://hostloc.com/thread-1307219-1-1.html 建议关机保平安,最好一直关机 sshd信息也看不出啥,看下last的命令 如下,搞不懂这个aug八月份是怎么来的。。
reboot system boot5.10.0-8-amd64 Wed May 15 09:29 still running
root pts/0 106.193.211.155Mon Aug 16 03:10 - 03:13(00:03)
reboot system boot5.10.0-8-amd64 Mon Aug 16 03:10 - 03:13(00:03)
root pts/0 106.193.211.155Mon Aug 16 02:52 - 02:59(00:06)
root pts/0 178.63.62.213 Mon Aug 16 02:52 - 02:52(00:00)
reboot system boot5.10.0-8-amd64 Mon Aug 16 02:52 - 02:59(00:07)
root tty1 Mon Aug 16 02:48 - down (00:03)
root pts/0 178.63.62.213 Mon Aug 16 02:42 - down (00:09)
reboot system boot5.10.0-8-amd64 Mon Aug 16 02:42 - 02:51(00:09)
root tty1 Mon Aug 16 02:41 - crash(00:01)
reboot system boot5.10.0-8-amd64 Mon Aug 16 02:41 - 02:51(00:10)
root pts/0 178.63.62.213 Mon Aug 16 02:35 - crash(00:05)
reboot system boot5.10.0-8-amd64 Mon Aug 16 02:35 - 02:51(00:16)
root pts/0 178.63.62.213 Mon Aug 16 02:32 - down (00:03)
reboot system boot5.10.0-8-amd64 Mon Aug 16 02:32 - 02:35(00:03)
root pts/0 178.63.62.213 Mon Aug 16 02:30 - down (00:01)
reboot system boot5.10.0-8-amd64 Mon Aug 16 02:30 - 02:32(00:01)
root pts/0 178.63.62.213 Mon Aug 16 02:28 - down (00:02)
reboot system boot5.10.0-8-amd64 Mon Aug 16 02:27 - 02:30(00:02)
root pts/0 178.63.62.213 Mon Aug 16 02:26 - down (00:00)
reboot system boot5.10.0-8-amd64 Mon Aug 16 02:26 - 02:27(00:01)
root pts/0 178.63.62.213 Mon Aug 16 02:15 - down (00:10)
jevin pts/0 178.63.62.213 Mon Aug 16 02:14 - 02:15(00:00) 不是iso安装的吧?商家制作镜像时候的登录记录? 用的是virtono官方安装形式Server Information,install,reinstall OS,debian 12 这样下来
感觉是商家镜像的问题?
页:
[1]