国外网站开发现状,seo顾问是啥,wordpress科技,wordpress功能文件夹之前我曾经用shell脚本提取lastb登录失败超过指定次数的IP加入到iptables#xff0c;来禁止这些IP登录主机#xff0c;达到防止恶意攻击的目的。后来为了给主机提供更全面的防护#xff0c;又安装了fail2ban。今天早上我收到fail2ban发过来的报警邮件提示我禁止了一个IP登录…之前我曾经用shell脚本提取lastb登录失败超过指定次数的IP加入到iptables来禁止这些IP登录主机达到防止恶意攻击的目的。后来为了给主机提供更全面的防护又安装了fail2ban。今天早上我收到fail2ban发过来的报警邮件提示我禁止了一个IP登录IP是219.235.4.22。我登录主机输入last命令后结果是这样的root ssh:notty host-219-235-4-2 Thu Apr 23 19:32 - 19:32 (00:00)root ssh:notty host-219-235-4-2 Thu Apr 23 19:32 - 19:32 (00:00)root ssh:notty host-219-235-4-2 Thu Apr 23 19:32 - 19:32 (00:00)root ssh:notty host-219-235-4-2 Thu Apr 23 19:32 - 19:32 (00:00)root ssh:notty host-219-235-4-2 Thu Apr 23 19:32 - 19:32 (00:00)root ssh:notty 61.160.247.150 Thu Apr 23 02:18 - 02:18 (00:00)root ssh:notty 61.160.247.150 Thu Apr 23 02:18 - 02:18 (00:00)root ssh:notty 61.160.247.150 Thu Apr 23 02:18 - 02:18 (00:00)前面多了一个host而且IP的分隔是用“”最后一位的IP地址无法显示出来。我马上想到了查看fail2ban的日志该日志默认是/var/log/secure输入命令grep Failed password for root from /var/log/secure|grep 219.235.4.22执行结果为Apr 23 19:32:27 localhost sshd[17856]: Failed password for root from 219.235.4.22 port 4993 ssh2Apr 23 19:32:30 localhost sshd[17856]: Failed password for root from 219.235.4.22 port 4993 ssh2Apr 23 19:32:31 localhost sshd[17856]: Failed password for root from 219.235.4.22 port 4993 ssh2Apr 23 19:32:34 localhost sshd[17856]: Failed password for root from 219.235.4.22 port 4993 ssh2Apr 23 19:32:36 localhost sshd[17856]: Failed password for root from 219.235.4.22 port 4993 ssh2这时IP地址还有对方的端口都显示出来了比lastb要详细的多。这时我就把之前写的脚本修改了一下直接读取/var/log/secure #!/bin/bashbad_ip grep Failed password for root from /var/log/secure|awk {print $11,$1,$2}|sort|uniq -c|awk $14 {print $2}|xargsfor ip in $bad_ip; doin_iptablesiptables -nvL|grep $ip |wc -lif [ $in_iptables -eq 0 ]; theniptables -I INPUT -s $ip -j REJECTservice iptables savefidone执行一下成功
