Administrace komentářů

Dobry den. Pouzivam FTP server (program ftpd na xubuntu 16.04). Dneska od rana probiha na server utok hrubou silou. Zajimave je, ze to budde ??? z nejakeho botnetu ??? protoze kazda IP adresa se zopakuje 8x a pak pokracuje utok z jine adresy (vesmes jsou to RU a UA, ale i jine). Zadna IP adresa se jeste neopakovala, uz jich je pres 50. Hadaji nazvy uctu a hesla.

Priklad vypisu security:

2016-10-10 18:24:28,958 autopen-desktop proftpd[2772] 127.0.1.1 (92.242.122.174[92.242.122.174]): USER public: no such user found from 92.242.122.174 [92.242.122.174] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:24:30,420 autopen-desktop proftpd[2773] 127.0.1.1 (92.242.122.174[92.242.122.174]): USER testuser: no such user found from 92.242.122.174 [92.242.122.174] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:24:31,853 autopen-desktop proftpd[2774] 127.0.1.1 (92.242.122.174[92.242.122.174]): USER autopen.name: no such user found from 92.242.122.174 [92.242.122.174] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:24:33,280 autopen-desktop proftpd[2775] 127.0.1.1 (92.242.122.174[92.242.122.174]): USER autopen.name: no such user found from 92.242.122.174 [92.242.122.174] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:24:34,744 autopen-desktop proftpd[2776] 127.0.1.1 (92.242.122.174[92.242.122.174]): USER update: no such user found from 92.242.122.174 [92.242.122.174] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:24:36,186 autopen-desktop proftpd[2777] 127.0.1.1 (92.242.122.174[92.242.122.174]): USER testuser1: no such user found from 92.242.122.174 [92.242.122.174] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:24:37,606 autopen-desktop proftpd[2778] 127.0.1.1 (92.242.122.174[92.242.122.174]): USER ftpuser: no such user found from 92.242.122.174 [92.242.122.174] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:24:39,045 autopen-desktop proftpd[2779] 127.0.1.1 (92.242.122.174[92.242.122.174]): USER demo: no such user found from 92.242.122.174 [92.242.122.174] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:32:20,823 autopen-desktop proftpd[2862] 127.0.1.1 (87.76.255.70[87.76.255.70]): USER guest: no such user found from 87.76.255.70 [87.76.255.70] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:32:22,238 autopen-desktop proftpd[2863] 127.0.1.1 (87.76.255.70[87.76.255.70]): USER ftpuser: no such user found from 87.76.255.70 [87.76.255.70] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:32:23,672 autopen-desktop proftpd[2864] 127.0.1.1 (87.76.255.70[87.76.255.70]): USER web: no such user found from 87.76.255.70 [87.76.255.70] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:32:25,111 autopen-desktop proftpd[2865] 127.0.1.1 (87.76.255.70[87.76.255.70]): USER upload: no such user found from 87.76.255.70 [87.76.255.70] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:32:26,545 autopen-desktop proftpd[2866] 127.0.1.1 (87.76.255.70[87.76.255.70]): USER test@autopen.name: no such user found from 87.76.255.70 [87.76.255.70] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:32:27,969 autopen-desktop proftpd[2867] 127.0.1.1 (87.76.255.70[87.76.255.70]): USER guest@autopen.name: no such user found from 87.76.255.70 [87.76.255.70] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:32:29,387 autopen-desktop proftpd[2868] 127.0.1.1 (87.76.255.70[87.76.255.70]): USER test: no such user found from 87.76.255.70 [87.76.255.70] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:32:30,826 autopen-desktop proftpd[2869] 127.0.1.1 (87.76.255.70[87.76.255.70]): USER public: no such user found from 87.76.255.70 [87.76.255.70] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:40:22,207 autopen-desktop proftpd[2951] 127.0.1.1 (94.178.247.182[94.178.247.182]): USER web: no such user found from 94.178.247.182 [94.178.247.182] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:40:23,552 autopen-desktop proftpd[2952] 127.0.1.1 (94.178.247.182[94.178.247.182]): USER administrator: no such user found from 94.178.247.182 [94.178.247.182] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:40:26,240 autopen-desktop proftpd[2954] 127.0.1.1 (94.178.247.182[94.178.247.182]): USER autopen (Login failed): Limit access denies login

2016-10-10 18:40:27,715 autopen-desktop proftpd[2955] 127.0.1.1 (94.178.247.182[94.178.247.182]): USER autopen@autopen.name: no such user found from 94.178.247.182 [94.178.247.182] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:40:29,941 autopen-desktop proftpd[2956] 127.0.1.1 (94.178.247.182[94.178.247.182]): USER autopen (Login failed): Limit access denies login

2016-10-10 18:40:31,320 autopen-desktop proftpd[2957] 127.0.1.1 (94.178.247.182[94.178.247.182]): USER test: no such user found from 94.178.247.182 [94.178.247.182] to ::ffff:XXX.XXX.XXX.XXX:21

2016-10-10 18:40:34,814 autopen-desktop proftpd[2958] 127.0.1.1 (94.178.247.182[94.178.247.182]): USER autopen.name: no such user found from 94.178.247.182 [94.178.247.182] to ::ffff:XXX.XXX.XXX.XXX:21

Mam si si s tim lamat hlavu? Zadne takove ucty na serveru neexistuji. A existuje vubec zpusob jak tomu celit? Zakazal bych jednotlive IP ve firewalu ale kdyz je tech pokusu vzdy jenom 8 a pak to pokracuje zase z jine adresy. Na server se prihlasuji i "regulerni" zakaznici. Ale jejich IP adresy se mohou menit, zalezi na tom, zda se napriklad prihlasi z prace nebo z domova. Kdybych povolil jenom (pro mne) zname IP, mohl bych jim privodit problem.

Nejsem zadny zkuseny linuxak. Tak bych poprosil o "polopaticke" reakce, rady a navody. Dekuji a zdravim. Lubos