PDA

توجه ! این یک نسخه آرشیو شده میباشد و در این حالت شما عکسی را مشاهده نمیکنید برای مشاهده کامل متن و عکسها بر روی لینک مقابل کلیک کنید : یه سوال در مورد Brute-Force Attack در دایرکت ادمین



ruhy1
May 16th, 2013, 05:59 PM
سلام رو سرور مجازی دایرکت ادمین دارم
در قسمت مسیج این پیام اومده
A brute force attack has been detected in one of your service logs.

IP 61.151.254.38 has 61 failed login attempts: sshd4=2&sshd5=59
IP 61.156.238.56 has 26 failed login attempts: sshd5=26
User Admin has 10 failed login attempts: sshd4=10
User Test has 10 failed login attempts: sshd4=10
User adam has 12 failed login attempts: sshd4=12
User admin has 10 failed login attempts: sshd5=10
User albert has 12 failed login attempts: sshd4=12
User alesky has 12 failed login attempts: sshd4=12
User alfred has 12 failed login attempts: sshd4=12
User alicja has 12 failed login attempts: sshd4=12
User andou has 12 failed login attempts: sshd4=12
User andrew has 12 failed login attempts: sshd4=12
User anna has 10 failed login attempts: sshd4=10
User anne has 12 failed login attempts: sshd4=12
User anya has 10 failed login attempts: sshd4=10
User arun has 16 failed login attempts: sshd4=16
User axfrdns has 10 failed login attempts: sshd4=10
User baseball has 12 failed login attempts: sshd4=12
User bernard has 12 failed login attempts: sshd4=12
User boblguser has 10 failed login attempts: sshd4=10
User boris has 10 failed login attempts: sshd4=10
User bram has 12 failed login attempts: sshd4=12
User bsnl has 10 failed login attempts: sshd4=10
User buster has 12 failed login attempts: sshd4=12
User clamav has 15 failed login attempts: sshd4=15
User client has 12 failed login attempts: sshd4=12
User cloudtest has 12 failed login attempts: sshd4=12
User core has 12 failed login attempts: sshd4=12
User customer has 12 failed login attempts: sshd4=12
User daan has 12 failed login attempts: sshd4=12
User daemon has 12 failed login attempts: sshd4=12
User dawid has 12 failed login attempts: sshd4=12
User demo has 50 failed login attempts: sshd4=50
User desktop has 60 failed login attempts: sshd4=60
User dew has 12 failed login attempts: sshd4=12
User dmitry has 10 failed login attempts: sshd4=10
User dnscache has 10 failed login attempts: sshd4=10
User dnslog has 10 failed login attempts: sshd4=10
User donald has 12 failed login attempts: sshd4=12
User dragon has 12 failed login attempts: sshd4=12
User eggdrop has 12 failed login attempts: sshd4=12
User ejin has 12 failed login attempts: sshd4=12
User elena has 10 failed login attempts: sshd4=10
User emma has 12 failed login attempts: sshd4=12
User ewa has 12 failed login attempts: sshd4=12
User feliks has 12 failed login attempts: sshd4=12
User finn has 12 failed login attempts: sshd4=12
User fran has 15 failed login attempts: sshd4=15
User francis has 42 failed login attempts: sshd4=42
User frank has 30 failed login attempts: sshd4=30
User ftpuser has 11 failed login attempts: sshd4=11
User gabriel has 30 failed login attempts: sshd4=30
User galina has 10 failed login attempts: sshd4=10
User gast has 12 failed login attempts: sshd4=12
User geeko has 12 failed login attempts: sshd4=12
User george has 30 failed login attempts: sshd4=30
User glenn has 30 failed login attempts: sshd4=30
User gosc has 12 failed login attempts: sshd4=12
User goscie has 12 failed login attempts: sshd4=12
User gregory has 30 failed login attempts: sshd4=30
User guest has 10 failed login attempts: sshd4=10
User gustaw has 12 failed login attempts: sshd4=12
User harley has 12 failed login attempts: sshd4=12
User hockey has 12 failed login attempts: sshd4=12
User hote has 12 failed login attempts: sshd4=12
User info has 51 failed login attempts: sshd4=51
User inna has 10 failed login attempts: sshd4=10
User invite has 12 failed login attempts: sshd4=12
User iosif has 10 failed login attempts: sshd4=10
User irena has 12 failed login attempts: sshd4=12
User irina has 12 failed login attempts: sshd4=12
User iwakiri has 12 failed login attempts: sshd4=12
User jacob has 39 failed login attempts: sshd4=39
User jakarta has 65 failed login attempts: sshd4=65
User jan has 42 failed login attempts: sshd4=42
User jason has 30 failed login attempts: sshd4=30
User java has 65 failed login attempts: sshd4=65
User jayden has 12 failed login attempts: sshd4=12
User jboss has 50 failed login attempts: sshd4=50
User jean has 30 failed login attempts: sshd4=30
User jeff has 27 failed login attempts: sshd4=27
User jeffrey has 30 failed login attempts: sshd4=30
User jenifer has 30 failed login attempts: sshd4=30
User jeremy has 30 failed login attempts: sshd4=30
User jerry has 30 failed login attempts: sshd4=30
User jesse has 12 failed login attempts: sshd4=12
User jim has 30 failed login attempts: sshd4=30
User joanne has 27 failed login attempts: sshd4=27
User joey has 30 failed login attempts: sshd4=30
User john has 27 failed login attempts: sshd4=27
User johnchow has 12 failed login attempts: sshd4=12
User johnny has 27 failed login attempts: sshd4=27
User jordan has 12 failed login attempts: sshd4=12
User josh has 27 failed login attempts: sshd4=27
User joshua has 33 failed login attempts: sshd4=33
User jozef has 12 failed login attempts: sshd4=12
User juan has 30 failed login attempts: sshd4=30
User julia has 12 failed login attempts: sshd4=12
User julien has 12 failed login attempts: sshd4=12
User kalista has 10 failed login attempts: sshd4=10
User karen has 50 failed login attempts: sshd4=50
User karol has 12 failed login attempts: sshd4=12
User kelly has 50 failed login attempts: sshd4=50
User kevin has 50 failed login attempts: sshd4=50
User kimberly has 50 failed login attempts: sshd4=50
User kise has 12 failed login attempts: sshd4=12
User kozaki has 12 failed login attempts: sshd4=12
User kristen has 50 failed login attempts: sshd4=50
User krystian has 12 failed login attempts: sshd4=12
User kubota has 12 failed login attempts: sshd4=12
User larry has 27 failed login attempts: sshd4=27
User lars has 12 failed login attempts: sshd4=12
User laura has 27 failed login attempts: sshd4=27
User lauren has 42 failed login attempts: sshd4=42
User laurie has 30 failed login attempts: sshd4=30
User leslie has 50 failed login attempts: sshd4=50
User leticia has 50 failed login attempts: sshd4=50
User letmein has 12 failed login attempts: sshd4=12
User levi has 12 failed login attempts: sshd4=12
User lieke has 12 failed login attempts: sshd4=12
User linda has 50 failed login attempts: sshd4=50
User linux has 65 failed login attempts: sshd4=65
User lisa has 50 failed login attempts: sshd4=50
User louise has 30 failed login attempts: sshd4=30
User lucas has 12 failed login attempts: sshd4=12
User lukasz has 12 failed login attempts: sshd4=12
User luuk has 12 failed login attempts: sshd4=12
User lynn has 50 failed login attempts: sshd4=50
User machiko has 12 failed login attempts: sshd4=12
User maciej has 12 failed login attempts: sshd4=12
User maggie has 12 failed login attempts: sshd4=12
User marco has 50 failed login attempts: sshd4=50
User maria has 50 failed login attempts: sshd4=50
User mario has 50 failed login attempts: sshd4=50
User mark has 50 failed login attempts: sshd4=50
User martha has 50 failed login attempts: sshd4=50
User mary has 50 failed login attempts: sshd4=50
User matsui has 12 failed login attempts: sshd4=12
User matt has 50 failed login attempts: sshd4=50
User max has 62 failed login attempts: sshd4=62
User michael has 62 failed login attempts: sshd4=62
User michelle has 12 failed login attempts: sshd4=12
User mike has 72 failed login attempts: exim2=10&sshd4=62
User milan has 12 failed login attempts: sshd4=12
User mindy has 12 failed login attempts: sshd4=12
User miniadmin has 10 failed login attempts: sshd4=10
User miniroot has 10 failed login attempts: sshd4=10
User monitor has 10 failed login attempts: exim2=10
User mustang has 12 failed login attempts: sshd4=12
User myndy has 50 failed login attempts: sshd4=50
User mysql has 50 failed login attempts: sshd4=50
User nadiya has 10 failed login attempts: sshd4=10
User nancy has 50 failed login attempts: sshd4=50
User naruse has 12 failed login attempts: sshd4=12
User natalia has 20 failed login attempts: sshd4=20
User natasha has 10 failed login attempts: sshd4=10
User nick has 12 failed login attempts: sshd4=12
User nicki has 50 failed login attempts: sshd4=50
User nicole has 50 failed login attempts: sshd4=50
User nikolay has 10 failed login attempts: sshd4=10
User nishikawa has 12 failed login attempts: sshd4=12
User nobuta has 12 failed login attempts: sshd4=12
User nomura has 12 failed login attempts: sshd4=12
User oksana has 10 failed login attempts: sshd4=10
User oleg has 10 failed login attempts: sshd4=10
User olga has 10 failed login attempts: sshd4=10
User oliver has 33 failed login attempts: sshd4=33
User olivia has 30 failed login attempts: sshd4=30
User operator has 10 failed login attempts: exim2=10
User oracle has 71 failed login attempts: sshd4=71
User orlando has 30 failed login attempts: sshd4=30
User patrick has 62 failed login attempts: sshd4=62
User patsy has 50 failed login attempts: sshd4=50
User paul has 60 failed login attempts: exim2=10&sshd4=50
User penjonat has 12 failed login attempts: sshd4=12
User perry has 50 failed login attempts: sshd4=50
User personal has 10 failed login attempts: exim2=10
User player has 50 failed login attempts: sshd4=50
User pr has 10 failed login attempts: exim2=10
User print has 10 failed login attempts: exim2=10
User production has 12 failed login attempts: sshd4=12
User project has 80 failed login attempts: sshd4=80
User rachel has 10 failed login attempts: exim2=10
User raisa has 10 failed login attempts: sshd4=10
User ram has 15 failed login attempts: sshd4=15
User ranger has 12 failed login attempts: sshd4=12
User remote has 10 failed login attempts: exim2=10
User rich has 50 failed login attempts: sshd4=50
User richard has 45 failed login attempts: sshd4=45
User rob has 15 failed login attempts: sshd4=15
User roel has 50 failed login attempts: sshd4=50
User ruben has 12 failed login attempts: sshd4=12
User saito has 12 failed login attempts: sshd4=12
User sales has 10 failed login attempts: exim2=10
User sam has 12 failed login attempts: sshd4=12
User samba has 65 failed login attempts: sshd4=65
User sarah has 10 failed login attempts: exim2=10
User scan has 10 failed login attempts: exim2=10
User scanner has 10 failed login attempts: exim2=10
User scott has 10 failed login attempts: exim2=10
User security has 18 failed login attempts: exim2=10&sshd4=8
User sem has 12 failed login attempts: sshd4=12
User server has 65 failed login attempts: sshd4=65
User shadow has 12 failed login attempts: sshd4=12
User shikiuchi has 12 failed login attempts: sshd4=12
User shimizu has 12 failed login attempts: sshd4=12
User shimomaki has 12 failed login attempts: sshd4=12
User shit has 27 failed login attempts: sshd4=27
User shop has 22 failed login attempts: exim2=10&sshd4=12
User shproject has 12 failed login attempts: sshd4=12
User sir has 10 failed login attempts: sshd4=10
User smtp has 10 failed login attempts: exim2=10
User snoopy has 12 failed login attempts: sshd4=12
User sophie has 12 failed login attempts: sshd4=12
User spam has 10 failed login attempts: exim2=10
User squid has 35 failed login attempts: sshd4=35
User st has 50 failed login attempts: sshd4=50
User staff has 10 failed login attempts: exim2=10
User steven has 10 failed login attempts: exim2=10
User stijn has 12 failed login attempts: sshd4=12
User stu has 50 failed login attempts: sshd4=50
User student has 60 failed login attempts: exim2=10&sshd4=50
User support has 116 failed login attempts: sshd4=116
User sven has 12 failed login attempts: sshd4=12
User svetlana has 10 failed login attempts: sshd4=10
User sybase has 50 failed login attempts: sshd4=50
User sys has 10 failed login attempts: exim2=10
User sysadmin has 50 failed login attempts: sshd4=50
User tange has 12 failed login attempts: sshd4=12
User tanya has 10 failed login attempts: sshd4=10
User tatiana has 10 failed login attempts: sshd4=10
User teamspeak has 12 failed login attempts: sshd4=12
User temp has 61 failed login attempts: exim2=10&sshd4=51
User test1 has 14 failed login attempts: sshd4=14
User test2 has 13 failed login attempts: sshd4=13
User teste has 50 failed login attempts: sshd4=50
User testing has 50 failed login attempts: sshd4=50
User testuser has 11 failed login attempts: exim2=10&sshd4=1
User thijs has 12 failed login attempts: sshd4=12
User thomas has 12 failed login attempts: sshd4=12


میشه توضیح بدید چکار باید بکنم و این مال چیه ؟
هچنین در قسمت سرویس مانیتور
httpd (pid 3223 3573 3574 3575 3576 3577 3578 3581 3582 3583 3584 3585 3586 3590 3591 3592 3593 3594 3595 3596 3606 3610 3648 3712 3713 3714 3715 3717 3718 3723 3753 )
تازه این کمه تازه ریستارت کردم
تا 30000 تا هم رفته

لطفا راهنمایی بفرمائید

reza21biologist
May 16th, 2013, 10:12 PM
سلام

حمله brute force برای پیدا کردن رمز عبور دایرکت ادمین است برای اینکه از این طریق hack نشوید طول کارکتر هار پسورد را طولانی تر انتخلب کنید و در قسمت administrator setting موارد زیر را اعمال کنید :


Blacklist IPs for excessive login attempts => 20 Time before failed login count resets => 120 Remove an IP from the blacklist after => 35000 Difficult Password Enforcement => Yes
در رابطه با سوال دوم باید بگم این مورد مشکلی ندارد و پراسس های در حال اجرا بر روی وب سرور را نشان می دهد که نشان می دهد سایت شما بازدید زیادی دارد.

با تشکر

ruhy1
May 16th, 2013, 11:09 PM
ممنون طی تحقیقاتی که انجام دادم پورت ssh رو هم باید تغییر داد


دوستان نظر دیگه ای ندارن ؟

shingo
May 17th, 2013, 09:17 AM
اگه پسورد به صورت طولای و با کاراکترهای خاص باشه غیر ممکن هست که با بروت فورس هک بشید.

aghdaee
May 17th, 2013, 10:05 AM
ممنون طی تحقیقاتی که انجام دادم پورت ssh رو هم باید تغییر داد


دوستان نظر دیگه ای ندارن ؟
سلام
تعویض پورت ssh کمک بسیار زیادی به جلوگیری از این حملات میکنه

reza21biologist
May 17th, 2013, 10:55 AM
سلام در صورتی که می خواهید پورت ssh را تغییر دهید موارد زیر را اجرا کنید:

به ssh وصل شوید :

nano /etc/ssh/ssd_config

port 3070

در اینجا پورت به 3070 تغییر داده شد

در آخر برای اعمال تغییرات سرویس ssh را با دستور زیر ریستارت کنید :

service sshd restart

با تشکر

Parti_Baz
May 17th, 2013, 12:05 PM
سلام در صورتی که می خواهید پورت ssh را تغییر دهید موارد زیر را اجرا کنید:

به ssh وصل شوید :

nano /etc/ssh/ssd_config

port 3070

در اینجا پورت به 3070 تغییر داده شد

در آخر برای اعمال تغییرات سرویس ssh را با دستور زیر ریستارت کنید :

service sshd restart

با تشکر

توجه کنید که بعد از تغییر پورت حتما پورت رو در فایروال باز بزارید چرا که ممکنه دیگه دسترسی به روت نداشته باشید

amineng
August 20th, 2013, 08:34 PM
سلام
چند تا سوال دارم
1- اين اولي Blacklist IPs for excessive login attempts
براي اين هست كه بعد از مثلا 20 بار ورود به ليست سياه منتقل بشه درسته؟

2- يه دونه چك باكس هم كنارش هست! اون بايد تيك داشته باشه يا نه؟

3-اين Time before failed login count resets ماله چيه؟ اگه طرف بعد 20 بار اسمش بره به بلك ليست كه صلاح نيست بعد 2 دقيقه ريست بشه؟!

4-اين Remove an IP from the blacklist after ماله اينه كه بعد 10 روز آي پي از ليست دربياد درسته؟

و 5-
توجه کنید که بعد از تغییر پورت حتما پورت رو در فایروال باز بزارید چرا که ممکنه دیگه دسترسی به روت نداشته باشید
چطور اين كار رو انجام بديم؟

تشكر

abolfazl201358
August 20th, 2013, 09:40 PM
مشکل از کسی نیست از خود داریکت ادمینه تنها راهشم یا استاپ کردن dovecot یا اینکه پرت ssh رو 6 رقمی کنید یا تغییر یوزر بدید برای یوزرهاتون تا کمی جلوش گرفته بشه

amineng
August 21st, 2013, 11:48 AM
مشکل از کسی نیست از خود داریکت ادمینه تنها راهشم یا استاپ کردن dovecot یا اینکه پرت ssh رو 6 رقمی کنید یا تغییر یوزر بدید برای یوزرهاتون تا کمی جلوش گرفته بشه
ممنون از شما ولي سوالهاي من چيزاي ديگه اي بودن!!!
سلام
چند تا سوال دارم
1- اين اولي Blacklist IPs for excessive login attempts
براي اين هست كه بعد از مثلا 20 بار ورود به ليست سياه منتقل بشه درسته؟

2- يه دونه چك باكس هم كنارش هست! اون بايد تيك داشته باشه يا نه؟

3-اين Time before failed login count resets ماله چيه؟ اگه طرف بعد 20 بار اسمش بره به بلك ليست كه صلاح نيست بعد 2 دقيقه ريست بشه؟!

4-اين Remove an IP from the blacklist after ماله اينه كه بعد 10 روز آي پي از ليست دربياد درسته؟

و 5-
توجه کنید که بعد از تغییر پورت حتما پورت رو در فایروال باز بزارید چرا که ممکنه دیگه دسترسی به روت نداشته باشید
چطور اين كار رو انجام بديم؟

تشكر

amineng
August 24th, 2013, 07:34 PM
مشکل از کسی نیست از خود داریکت ادمینه تنها راهشم یا استاپ کردن dovecot یا اینکه پرت ssh رو 6 رقمی کنید یا تغییر یوزر بدید برای یوزرهاتون تا کمی جلوش گرفته بشه
ممنون از شما ولي سوالهاي من چيزاي ديگه اي بودن!!!
سلام
چند تا سوال دارم
1- اين اولي Blacklist IPs for excessive login attempts
براي اين هست كه بعد از مثلا 20 بار ورود به ليست سياه منتقل بشه درسته؟

2- يه دونه چك باكس هم كنارش هست! اون بايد تيك داشته باشه يا نه؟

3-اين Time before failed login count resets ماله چيه؟ اگه طرف بعد 20 بار اسمش بره به بلك ليست كه صلاح نيست بعد 2 دقيقه ريست بشه؟!

4-اين Remove an IP from the blacklist after ماله اينه كه بعد 10 روز آي پي از ليست دربياد درسته؟

و 5-
توجه کنید که بعد از تغییر پورت حتما پورت رو در فایروال باز بزارید چرا که ممکنه دیگه دسترسی به روت نداشته باشید
چطور اين كار رو انجام بديم؟

تشكر

دوستان كسي راهنمايي نميكنه؟

amineng
November 28th, 2013, 12:06 PM
up

mhiizadi
December 1st, 2013, 04:40 AM
خوب اقا فایل رو بزار

aligoli
December 1st, 2013, 09:43 AM
علاوه بر تغییر پرت ssh، پرت ورود به دایرکت ادمین هم تغییر دهید.

mri2599
December 10th, 2013, 12:56 AM
خیلی کار جالبی هست
منم میخوام اگه ممکنه
مرسی

amineng
December 10th, 2013, 07:33 PM
دوست عزیز گفتم اگر استقبال زیاد بود فایل عمومی قرار میگیره اما از 6 روز پیش تا حالا فقط شمایین که فایل را خواستید.
هر کی خواست گفتم از طریق پ.خ اقدام کنه تا لینک دانلود این فایل بدون Minify شدن کد هاش که براحتی توسط شما قابل تغییره بهش داده بشه.

آقا ممنون ميشيم اگر لطف كنيد و عمومي بزاريد
يه مورد ديگه هم اينكه آيا نحوه نوشته شدن خود اين كدها مطمئن هست؟ خدايي نكرده تخواهيم ابروش رو درست كنيم چشمش ... ؟
اگر شما به صورت عمومي قرار بديد دوستاني كه وارد هستن هم نظر ميدن كه خداي نكرده اگر باگي چيزي بود اون رو برطرف كنن
با تشكر فراوان از شما