virmach经常把我的小鸡停了
用的ovh的3刀圣何塞小鸡,安装的脚本试过很多个,用过逗逼一键ssr,秋水4合一,秋水一键go,然后总是发数据过来把我机子关了,麻烦各位大佬看看机子还能不能用:从谷歌翻译看是ssh过高,可是不明白为什么会过高。。。
Bruteforcing/portscanning - high SSH numbers
Your service was suspended for having too many SSH connections. If you have a legitimate explanation for this, let us know.
We also need an explanation for what each IP you're connecting to is.
Hello,
This is my primary concern from your list:
406062 P8Mi1YOd7fJv /tmp/P8Mi1YOd7fJv
We are aware of shadowsocks, and using port 22 for tunnel; the above looks like you are running a program either intentionally, or unintentionally, which is causing issues.
If you can explain what this and promise there will be no issue, we will be happy to unsuspend; otherwise, I will unsuspend you, pending reinstallation.
Please advise accordingly. Thank you.
SUSPENDING VPS (107.172.96.164); it has 102 SSH connections
**********************************************
List of processes running on VPS 17889
**********************************************
183395 tlsmgr tlsmgr -l -t unix -u -c
406062 P8Mi1YOd7fJv /tmp/P8Mi1YOd7fJv
601674 systemd init -z
601779 kthreadd/17889
601781 khelper/17889
610863 systemd-network/lib/systemd/systemd-networkd
611165 systemd-udevd /lib/systemd/systemd-udevd
613478 systemd-journal/lib/systemd/systemd-journald
617034 apache2 /usr/sbin/apache2 -k start
618096 cron /usr/sbin/cron -f
618172 sshd /usr/sbin/sshd -D
618505 systemd-resolve/lib/systemd/systemd-resolved
619091 python python /usr/local/shadowsocksr/server.py a
619408 rsyslogd /usr/sbin/rsyslogd -n
619600 xinetd /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
619998 bash bash load.sh
620129 haproxy haproxy -f /home/tcp_nanqinlang/haproxy.cfg
622890 haproxy-systemd/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
623408 haproxy /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
623777 haproxy /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
623938 saslauthd /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2
624244 saslauthd /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2
626373 agetty /sbin/agetty --noclear tty2 linux
626649 agetty /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt102
629622 apache2 /usr/sbin/apache2 -k start
637833 master /usr/lib/postfix/master
638294 qmgr qmgr -l -t unix -u
890967 pickup pickup -l -t unix -u -c
**********************************************
First 269 lines from conntrack table (truncated)
**********************************************
ipv4 2 tcp 6 79 TIME_WAIT src=107.172.96.164 dst=142.136.130.148 sport=50690 dport=22 src=142.136.130.148 dst=107.172.96.164 sport=22 dport=50690 mark=0 secmark=0 use=2
ipv4 2 udp 17 18 src=107.172.96.164 dst=8.8.8.8 sport=51373 dport=53 src=8.8.8.8 dst=107.172.96.164 sport=53 dport=51373 mark=0 secmark=0 use=2
ipv4 2 tcp 6 47 SYN_SENT src=107.172.96.164 dst=62.76.22.228 sport=56662 dport=22 src=62.76.22.228 dst=107.172.96.164 sport=22 dport=56662 mark=0 secmark=0 use=2
ipv4 2 tcp 6 57 SYN_SENT src=107.172.96.164 dst=199.51.204.24 sport=60996 dport=22 src=199.51.204.24 dst=107.172.96.164 sport=22 dport=60996 mark=0 secmark=0 use=2
ipv4 2 tcp 6 74 SYN_SENT src=107.172.96.164 dst=122.153.223.25 sport=47532 dport=22 src=122.153.223.25 dst=107.172.96.164 sport=22 dport=47532 mark=0 secmark=0 use=2
ipv4 2 tcp 6 61 SYN_SENT src=107.172.96.164 dst=183.197.95.128 sport=35470 dport=22 src=183.197.95.128 dst=107.172.96.164 sport=22 dport=35470 mark=0 secmark=0 use=2
ipv4 2 tcp 6 45 SYN_SENT src=107.172.96.164 dst=181.158.41.23 sport=55342 dport=22 src=181.158.41.23 dst=107.172.96.164 sport=22 dport=55342 mark=0 secmark=0 use=2
ipv4 2 tcp 6 84 SYN_SENT src=107.172.96.164 dst=206.163.32.172 sport=59818 dport=22 src=206.163.32.172 dst=107.172.96.164 sport=22 dport=59818 mark=0 secmark=0 use=2
ipv4 2 tcp 6 109 SYN_SENT src=107.172.96.164 dst=206.89.155.74 sport=57580 dport=22 src=206.89.155.74 dst=107.172.96.164 sport=22 dport=57580 mark=0 secmark=0 use=2
ipv4 2 tcp 6 52 SYN_SENT src=107.172.96.164 dst=161.181.41.49 sport=32904 dport=22 src=161.181.41.49 dst=107.172.96.164 sport=22 dport=32904 mark=0 secmark=0 use=2
ipv4 2 tcp 6 117 SYN_SENT src=107.172.96.164 dst=156.69.3.10 sport=54100 dport=22 src=156.69.3.10 dst=107.172.96.164 sport=22 dport=54100 mark=0 secmark=0 use=2
ipv4 2 tcp 6 109 SYN_SENT src=107.172.96.164 dst=158.28.47.123 sport=42596 dport=22 src=158.28.47.123 dst=107.172.96.164 sport=22 dport=42596 mark=0 secmark=0 use=2
ipv4 2 tcp 6 85 SYN_SENT src=107.172.96.164 dst=201.105.43.84 sport=38772 dport=22 src=201.105.43.84 dst=107.172.96.164 sport=22 dport=38772 mark=0 secmark=0 use=2
ipv4 2 tcp 6 115 SYN_SENT src=107.172.96.164 dst=95.63.86.199 sport=59710 dport=22 src=95.63.86.199 dst=107.172.96.164 sport=22 dport=59710 mark=0 secmark=0 use=2
ipv4 2 tcp 6 4 SYN_SENT src=107.172.96.164 dst=168.28.191.125 sport=36666 dport=22 src=168.28.191.125 dst=107.172.96.164 sport=22 dport=36666 mark=0 secmark=0 use=2
ipv4 2 tcp 6 19 SYN_SENT src=107.172.96.164 dst=92.145.115.129 sport=36714 dport=22 src=92.145.115.129 dst=107.172.96.164 sport=22 dport=36714 mark=0 secmark=0 use=2
ipv4 2 tcp 6 69 SYN_SENT src=107.172.96.164 dst=200.255.179.206 sport=44882 dport=22 src=200.255.179.206 dst=107.172.96.164 sport=22 dport=44882 mark=0 secmark=0 use=2
ipv4 2 tcp 6 109 SYN_SENT src=107.172.96.164 dst=201.101.74.67 sport=51612 dport=22 src=201.101.74.67 dst=107.172.96.164 sport=22 dport=51612 mark=0 secmark=0 use=2
ipv4 2 tcp 6 38 SYN_SENT src=107.172.96.164 dst=100.253.138.53 sport=43342 dport=22 src=100.253.138.53 dst=107.172.96.164 sport=22 dport=43342 mark=0 secmark=0 use=2
ipv4 2 tcp 6 111 SYN_SENT src=107.172.96.164 dst=207.245.30.94 sport=46716 dport=22 src=207.245.30.94 dst=107.172.96.164 sport=22 dport=46716 mark=0 secmark=0 use=2
ipv4 2 tcp 6 74 TIME_WAIT src=107.172.96.164 dst=192.198.31.210 sport=50460 dport=22 src=192.198.31.210 dst=107.172.96.164 sport=22 dport=50460 mark=0 secmark=0 use=2
ipv4 2 tcp 6 78 SYN_SENT src=107.172.96.164 dst=212.26.169.71 sport=41940 dport=22 src=212.26.169.71 dst=107.172.96.164 sport=22 dport=41940 mark=0 secmark=0 use=2
ipv4 2 tcp 6 65 SYN_SENT src=107.172.96.164 dst=134.189.177.64 sport=49040 dport=22 src=134.189.177.64 dst=107.172.96.164 sport=22 dport=49040 mark=0 secmark=0 use=2
ipv4 2 tcp 6 46 SYN_SENT src=107.172.96.164 dst=107.31.63.46 sport=40318 dport=22 src=107.31.63.46 dst=107.172.96.164 sport=22 dport=40318 mark=0 secmark=0 use=2
ipv4 2 tcp 6 9 SYN_SENT src=107.172.96.164 dst=176.184.172.143 sport=39604 dport=22 src=176.184.172.143 dst=107.172.96.164 sport=22 dport=39604 mark=0 secmark=0 use=2
ipv4 2 tcp 6 97 SYN_SENT src=107.172.96.164 dst=137.56.162.206 sport=51526 dport=22 src=137.56.162.206 dst=107.172.96.164 sport=22 dport=51526 mark=0 secmark=0 use=2
ipv4 2 tcp 6 100 SYN_SENT src=107.172.96.164 dst=61.242.80.165 sport=43674 dport=22 src=61.242.80.165 dst=107.172.96.164 sport=22 dport=43674 mark=0 secmark=0 use=2
ipv4 2 tcp 6 87 SYN_SENT src=107.172.96.164 dst=47.138.103.209 sport=57970 dport=22 src=47.138.103.209 dst=107.172.96.164 sport=22 dport=57970 mark=0 secmark=0 use=2
ipv4 2 tcp 6 102 TIME_WAIT src=107.172.96.164 dst=192.198.31.210 sport=51340 dport=22 src=192.198.31.210 dst=107.172.96.164
你机器被挂马了,在扫描其它机器的SSH端口
可能是脚本有问题,或者root弱密码 一开始以为是魔改BBR的问题,后来重装后也没装bbr一样被停了 Bruteforcing/portscanning - high SSH numbers
SSH爆破。换端口把。
hxuf 发表于 2019-2-11 19:28
Bruteforcing/portscanning - high SSH numbers
SSH爆破。换端口把。
是有人在ddos我的ssh端口是吗?如何更换呢?
120910266 发表于 2019-2-11 19:33
是有人在ddos我的ssh端口是吗?如何更换呢?
有问题先百度。百度不到再来问
022.gif
120910266 发表于 2019-2-11 19:33
是有人在ddos我的ssh端口是吗?如何更换呢?
编辑 /etc/ssh/sshd_config
hxuf 发表于 2019-2-11 19:34
有问题先百度。百度不到再来问
好的,谢谢了
抛砖引玉 发表于 2019-2-11 19:35
编辑 /etc/ssh/sshd_config
好的,谢谢了 [*]sed -i "s/Port 22/Port 123456/g" /etc/ssh/sshd_config复制代码
假设你要更换的端口是123456
最好再无密登录设置一下吧,就是说加个pubkey到 .ssh目录下。这个估计你会有的,至少Virtualizor面板里有这个功能。扫描吧
页:
[1]
2