Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
HoHsi2016-02-15 14:35:10
System administration
HoHsi, 2016-02-15 14:35:10

How to close access to mountain hackers?

Good afternoon!
Recently noticed such a miracle in /var/log/secure

Feb 12 16:33:10 *** sshd[30516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.174.22.182
Feb 12 16:33:10 *** sshd[30516]: pam_succeed_if(sshd:auth): error retrieving information about user admin
Feb 12 16:33:12 *** sshd[30516]: Failed password for invalid user admin from 220.174.22.182 port 43984 ssh2
Feb 12 16:33:13 *** sshd[30517]: Connection closed by 220.174.22.182
Feb 12 17:10:35 *** sshd[30977]: Invalid user test from 79.143.39.164
Feb 12 17:10:35 *** sshd[30978]: input_userauth_request: invalid user test
Feb 12 17:10:35 *** sshd[30977]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 17:10:35 *** sshd[30977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=nonstop.vn.ua
Feb 12 17:10:35 *** sshd[30977]: pam_succeed_if(sshd:auth): error retrieving information about user test
Feb 12 17:10:37 *** sshd[30977]: Failed password for invalid user test from 79.143.39.164 port 38192 ssh2
Feb 12 17:10:37 *** sshd[30978]: Received disconnect from 79.143.39.164: 11: Bye Bye
Feb 12 17:10:37 *** sshd[30981]: Invalid user oracle from 79.143.39.164
Feb 12 17:10:37 *** sshd[30982]: input_userauth_request: invalid user oracle
Feb 12 17:10:37 *** sshd[30981]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 17:10:37 *** sshd[30981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=nonstop.vn.ua
Feb 12 17:10:37 *** sshd[30981]: pam_succeed_if(sshd:auth): error retrieving information about user oracle
Feb 12 17:10:40 *** sshd[30981]: Failed password for invalid user oracle from 79.143.39.164 port 38505 ssh2
Feb 12 17:10:40 *** sshd[30982]: Received disconnect from 79.143.39.164: 11: Bye Bye
Feb 12 17:10:40 *** sshd[30983]: Invalid user guest from 79.143.39.164
Feb 12 17:10:40 *** sshd[30984]: input_userauth_request: invalid user guest
Feb 12 17:10:40 *** sshd[30983]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 17:10:40 *** sshd[30983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=nonstop.vn.ua
Feb 12 17:10:40 *** sshd[30983]: pam_succeed_if(sshd:auth): error retrieving information about user guest
Feb 12 17:10:42 *** sshd[30983]: Failed password for invalid user guest from 79.143.39.164 port 38925 ssh2
Feb 12 17:10:42 *** sshd[30984]: Received disconnect from 79.143.39.164: 11: Bye Bye
Feb 12 17:10:42 *** sshd[30985]: Invalid user user from 79.143.39.164
Feb 12 17:10:42 *** sshd[30986]: input_userauth_request: invalid user user
Feb 12 17:10:42 *** sshd[30985]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 17:10:42 *** sshd[30985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=nonstop.vn.ua
Feb 12 17:10:42 *** sshd[30985]: pam_succeed_if(sshd:auth): error retrieving information about user user
Feb 12 17:10:44 *** sshd[30985]: Failed password for invalid user user from 79.143.39.164 port 39234 ssh2
Feb 12 17:10:44 *** sshd[30986]: Received disconnect from 79.143.39.164: 11: Bye Bye
Feb 12 17:10:45 *** sshd[30987]: Invalid user info from 79.143.39.164

As far as I understand, this is some kind of eccentric trying to pick up access by brute. How can you cut off such craftsmen?
PS I'm not a very good admin, so I'll be grateful for a detailed answer

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

7 answer(s)
Report
A
Andrey, 2016-02-15
@HoHsi

/etc/ssh/sshd_config
Port 22 - you can also change the port
LoginGraceTime 15s - maximum time to enter a password
PermitRootLogin off - disable ssh for root
MaxAuthTries 1 - maximum attempts to enter a password.
This will be enough for the eyes.
you can also use iptables to close your ip to open
iptables -A INPUT -s xxx.xxx -p tcp --dport 22 -j accept
where xxx.xxx is the ip from which you can get into ssh.
you can also write in /etc/hosts.allow:
SSHD: xxx.xxx - where xxx.xxx is your IP from which you can access ssh.
reboot sshd after the new settings for them to take effect
/etc/init.d/ssh

Report
A
Alexander Slyzhuk, 2016-02-15
@SLYzhuk

1. Change port 22
2. Deny root login /etc/ssh/sshd_config:
# Authentication:
LoginGraceTime 20
#PermitRootLogin without-password
PermitRootLogin no
StrictModes yes
#SSH is only allowed to users:
AllowUsers bla-bla-bla(here is the user you are connect ) #time to
close idle session
ClientAliveInterval 300
ClientAliveCountMax 0
3. Fail2ban

Report
S
Slava Kryvel, 2016-02-15
@kryvel

you can also install fail2ban
, it copes quite well with this infection

Report
D
Dimonchik, 2016-02-15
@dimonchik2013

port change + key, usually enough
if you really want - two-factor authentication
if even stronger - knock knock

Report
B
bukass, 2016-02-16
@bukass

Modern bots don't care about a non-standard port.
For those who are still in doubt.
Feb 9 05:38:25 vyatta sshd[31650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:38:29 vyatta sshd[31652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:38:47 vyatta sshd[31654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:38:51 vyatta sshd[31656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:38:55 vyatta sshd[31658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:39:14 vyatta sshd[31660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:39:18 vyatta sshd[31662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:39:22 vyatta sshd[31664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:39:41 vyatta sshd[31666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:40:40 vyatta sshd[31682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:40:59 vyatta sshd[31684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:41:02 vyatta sshd[31686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:41:06 vyatta sshd[31688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:41:25 vyatta sshd[31690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:41:28 vyatta sshd[31692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 05:41:32 vyatta sshd[31694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.51.49 user=root
Feb 9 08:05:20 vyatta pptpd[31792]: CTRL: EOF or bad error reading ctrl packet length.
Feb 9 08:05:20 vyatta pptpd[31792]: CTRL: couldn't read packet header (exit)
Feb 9 08:05:20 vyatta pptpd[31792]: CTRL: CTRL read failed
Feb 9 11:50:19 vyatta sshd[31830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:50:31 vyatta sshd[31830]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:50:31 vyatta sshd[31830]: PAM service(sshd) ignoring max retries; 5 > 3
Feb 9 11:51:24 vyatta sshd[31848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:51:35 vyatta sshd[31848]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:51:35 vyatta sshd[31848]: PAM service(sshd) ignoring max retries; 5 > 3
Feb 9 11:54:32 vyatta sshd[31900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:54:44 vyatta sshd[31900]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:54:44 vyatta sshd[31900]: PAM service(sshd) ignoring max retries; 5 > 3
Feb 9 11:55:54 vyatta sshd[31922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:56:05 vyatta sshd[31922]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:56:05 vyatta sshd[31922]: PAM service(sshd) ignoring max retries; 5 > 3
Feb 9 11:56:18 vyatta sshd[31927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:56:30 vyatta sshd[31927]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:56:30 vyatta sshd[31927]: PAM service(sshd) ignoring max retries; 5 > 3
Feb 9 11:57:30 vyatta sshd[31946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:57:41 vyatta sshd[31946]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 11:57:41 vyatta sshd[31946]: PAM service(sshd) ignoring max retries; 5 > 3
Feb 9 11:59:55 vyatta sshd[31986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 12:00:06 vyatta sshd[31986]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 12:00:06 vyatta sshd[31986]: PAM service(sshd) ignoring max retries; 5 > 3
Feb 9 12:02:13 vyatta sshd[32025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 12:02:24 vyatta sshd[32025]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.10.124 user=root
Feb 9 12:02:24 vyatta sshd[32025]: PAM service(sshd) ignoring max retries; 5 > 3
Feb 9 13:50:12 vyatta pptpd[32103]: CTRL: EOF or bad error reading ctrl packet length.
Feb 9 13:50:12 vyatta pptpd[32103]: CTRL: couldn't read packet header (exit)
Feb 9 13:50:12 vyatta pptpd[32103]: CTRL: CTRL read failed
Feb 10 12:46:32 vyatta sshd[32345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:46:39 vyatta sshd[32348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:47:00 vyatta sshd[32350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:47:20 vyatta sshd[32352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:47:27 pm vyatta sshd[32354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:47:51 vyatta sshd[32356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:48:03 pm vyatta sshd[32358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:48:15 vyatta sshd[32360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:48:44 vyatta sshd[32362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:48:51 pm vyatta sshd[32364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:48:58 vyatta sshd[32366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:49:18 vyatta sshd[32368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:49:27 vyatta sshd[32370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 10 12:49:31 vyatta sshd[32372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.235 user=root
Feb 11 08:28:57 vyatta pptpd[32594]: CTRL: EOF or bad error reading ctrl packet length.
Feb 11 08:28:57 vyatta pptpd[32594]: CTRL: couldn't read packet header (exit)
Feb 11 08:28:57 vyatta pptpd[32594]: CTRL: CTRL read failed
Feb 11 14:13:46 vyatta pptpd[32626]: CTRL: EOF or bad error reading ctrl packet length.
Feb 11 14:13:46 vyatta pptpd[32626]: CTRL: couldn't read packet header (exit)
Feb 11 14:13:46 vyatta pptpd[32626]: CTRL: CTRL read failed
Feb 11 14:49:17 vyatta pptpd[32633]: CTRL: EOF or bad error reading ctrl packet length.
Feb 11 14:49:17 vyatta pptpd[32633]: CTRL: couldn't read packet header (exit)
Feb 11 14:49:17 vyatta pptpd[32633]: CTRL: CTRL read failed
Feb 13 08:37:59 vyatta sshd[984]: warning: can't get client address: Connection reset by peer
Feb 13 09:39:11 vyatta pptpd[1039]: CTRL: EOF or bad error reading ctrl packet length.
Feb 13 09:39:11 vyatta pptpd[1039]: CTRL: couldn't read packet header (exit)
Feb 13 09:39:11 vyatta pptpd[1039]: CTRL: CTRL read failed
Feb 13 14:45:25 vyatta sshd[1071]: pam_unix(sshd:auth): check pass; user unknown
Feb 13 14:45:25 vyatta sshd[1071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.57.72.114
Feb 13 14:45:31 vyatta sshd[1073]: pam_unix(sshd:auth): check pass; user unknown
Feb 13 14:45:31 vyatta sshd[1073]: pam_unix(sshd:auth): authentication failure; logname=uid=0 euid=0 tty=ssh ruser=rhost=183.57.72.114
Feb 13 14:45:35 vyatta sshd[1076]: pam_unix(sshd:auth): check pass; user unknown
Feb 13 14:45:35 vyatta sshd[1076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.57.72.114
Feb 13 14:45:40 vyatta sshd[1078]: pam_unix(sshd:auth): check pass; user unknown
Feb 13 14:45:40 vyatta sshd[1078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.57.72.114
And to prohibit ssh from any addresses /etc/hosts.deny /etc/hosts.alow

Report
M
Myateznik, 2014-10-26
@inkyrein 

if (preg_match("/photogallery\/[\d]+\/$/", $_SERVER['REQUEST_URI'])){
 echo "$title_photo";
 }
 else {
echo $title;
 }

or
if (preg_match("/photogallery\/[\d]+\/?$/", $_SERVER['REQUEST_URI'])){
 echo "$title_photo";
 }
 else {
echo $title;
 }

Option 2, taking into account the possible absence of the last slash
In the future, this may help: regex101.com

Report
N
neolink, 2014-10-26
@neolink

in php you can use any character for the beginning and end of the expression, it is also better to add an anchor to the beginning of the line (^):
'#^/photogallery/([\d]+)/?$#'

Similar questions
D
DJDiM2021-03-11 21:53:08
How to correctly answer the request "Please confirm the data loss for the defective drive"? 1Reply
S
Sergey2017-03-19 23:45:31
How to check in a bash script whether a remote host requires authorization to download files via ftp or http protocol or not? 1Reply
T
tartarelin2015-03-16 14:49:52
How to remove explorer loading in windows 7? 4Reply
S
Skrolea2017-03-21 18:07:06
How can I ssh into the server? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question