技术解析

端口被陌生 IP 恶意访问导致被 ban
0
2021-06-18 20:29:28
idczone

Centos 6 x86 bbr LA 机房

之前一直正常使用,最近发现端口在国内无法访问

一开始没在意,就换了端口继续用,过了一天不到又 closed,于是去看了日志

发现最后几次连接是由不同 IP 发来的恶意连接请求,这些请求之后端口就被 closed 了

这属于服务器被攻击吗?

log:

2019-09-21 21:08:40 WARNING  unsupported addrtype 78, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 221.198.83.14:59208
2019-09-21 21:08:40 WARNING  unsupported addrtype 181, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 219.143.174.157:25665
2019-09-21 21:08:40 WARNING  unsupported addrtype 93, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 223.166.74.157:59194
2019-09-21 21:08:40 WARNING  unsupported addrtype 209, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 171.36.133.60:59190
2019-09-21 21:08:40 WARNING  unsupported addrtype 230, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 175.42.2.81:59206
2019-09-21 21:08:40 WARNING  unsupported addrtype 169, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 59.173.153.107:59192
2019-09-21 21:08:40 WARNING  unsupported addrtype 234, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 58.19.92.207:4857
2019-09-21 21:08:40 WARNING  unsupported addrtype 50, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 36.32.3.90:59210
2019-09-21 21:08:40 WARNING  unsupported addrtype 189, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 220.200.164.85:59200
2019-09-21 21:08:40 INFO     connecting <8e>ÊÎO^TgH<84>&Ì8^K<81>)D:4186 from 175.152.109.65:59202
2019-09-21 21:08:40 ERROR    invalid hostname: <8e>ÊÎO^TgH<84>&Ì8^K<81>)D when handling connection from 175.152.109.65:59202
2019-09-21 21:08:40 WARNING  unsupported addrtype 206, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 125.84.177.43:1559
2019-09-21 21:08:40 WARNING  unsupported addrtype 126, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 124.88.112.129:1759
2019-09-21 21:08:40 WARNING  unsupported addrtype 142, maybe wrong password or encryption method
2019-09-21 21:08:40 ERROR    can not parse header when handling connection from 124.225.43.91:59188

一些想法

  • 通过限制连接次数,判断出恶意连接后,拒绝陌生 ip 的访问(比如只能连 3 次,错误超过 3 次后列入黑名单)
  • 建立白名单,只允许白名单内的 IP 访问该端口

希望各位能够推荐一些方法或应用 (抱拳


fail2ban

被识别和探测了吧...
换个不那么古老的协议,改一下密码

数据地带为您的网站提供全球顶级IDC资源
在线咨询
专属客服