Brute Force Monitor

[billgivz]

سلام دوستان یک توضیح در مورد Brute Force Monitor بدین و ببین این همه ایمیل اینجا ف ی لتر شده طبیعی هست ؟

[nimafire]

این بخش از دایرکت ادمین این امکان را به شما میدهد تا بتوانید کسانی که میخواهند از طریق تست کردن پسورد به سرور شما لوگین کنند را مشاهده کنید

[ms313]

چطوري ميشه جلوي اين كار رو گرفت؟
واسه من هم اينطوري هستش.

[secure_host]

چطوري ميشه جلوي اين كار رو گرفت؟
واسه من هم اينطوري هستش.

با سلام
بسته به نوع پروتکل حمله شده راهکار متفاوت است.
با تشکر

[ms313]

در کل فایروال cfs وel رو نصب کردم و پورت ssh رو عوض کردم کم شده.
فقط یه ایمیل مشکوک میاد که میشه فایل ها اسکن شدند.
RKhunter Scan Details

کد HTML:

ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... 
/usr/lib/gtk-2.0/immodules/.relocation-tag  /usr/lib/.libgcrypt.so.11.hmac  /usr/lib/perl5/5.8.8/i386-linux-thread-multi/.packlist  /lib/.libssl.so.6.hmac /lib/.libcrypto.so.6.hmac  /lib/.libssl.so.0.9.8e.hmac /lib/.libcrypto.so.0.9.8e.hmac

Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for OBSD rk v1... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for HKRK rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS:  465)
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'...  The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root         2816 tty2   /sbin/mingetty tty2
! root         2818 tty4   /sbin/mingetty tty4
chkutmp: nothing deleted

اگ میشه یه کمی توضیج بدین در این باره ممنون

[secure_host]

با سلام
این برنامه Rootkit Hunter است سرور را از وجود rootkit های عمومی بررسی و شناسایی می کند و در صورتی که عبارت Not infected برای هر فایل در نتایج دیده شود .به منزله عدم آلوده شدن سرور به rootkit های عمومی می باشد . در صورت بروز رسانی سیستم عامل و یا کرنل MD5 این فایل ها تغییر می کند که ممکن است نرم افزار به این فایل ها به دید فایل مخرب بنگرد که در این حالت مشکلی در سرور نیست.
با تشکر