酷!學園
技術討論區 => Linux 討論版 => 主題作者是: tonyvan123 於 2016-08-15 16:08
-
每分鐘try非常多次
Aug 14 06:40:25 ms7 saslauthd[1389]: do_auth : auth failure: [user=abuse] [service=smtp] [realm=ms7.synvision.com.tw] [mech=pam] [reason=PAM auth error]
Aug 14 06:40:29 ms7 saslauthd[1391]: do_auth : auth failure: [user=order] [service=smtp] [realm=ms7.synvision.com.tw] [mech=pam] [reason=PAM auth error]
Aug 14 06:40:33 ms7 saslauthd[1387]: do_auth : auth failure: [user=www] [service=smtp] [realm=ms7.synvision.com.tw] [mech=pam] [reason=PAM auth error]
Aug 14 06:40:36 ms7 saslauthd[1392]: do_auth : auth failure: [user=tomcat] [service=smtp] [realm=ms7.synvision.com.tw] [mech=pam] [reason=PAM auth error]
Aug 14 06:40:40 ms7 saslauthd[1389]: do_auth : auth failure: [user=support] [service=smtp] [realm=ms7.synvision.com.tw] [mech=pam] [reason=PAM auth error]
Aug 14 06:40:44 ms7 saslauthd[1391]: do_auth : auth failure: [user=steven] [service=smtp] [realm=ms7.synvision.com.tw] [mech=pam] [reason=PAM auth error]
Aug 14 06:40:47 ms7 saslauthd[1387]: do_auth : auth failure: [user=michael] [service=smtp] [realm=ms7.synvision.com.tw] [mech=pam] [reason=PAM auth error]
Aug 14 06:40:51 ms7 saslauthd[1392]: do_auth : auth failure: [user=administrator] [service=smtp] [realm=ms7.synvision.com.tw] [mech=pam] [reason=PAM auth error]
Aug 14 06:40:55 ms7 saslauthd[1388]: do_auth : auth failure: [user=robert] [service=smtp] [realm=ms7.synvision.com.tw] [mech=pam] [reason=PAM auth error]
Aug 14 06:40:58 ms7 saslauthd[1389]: do_auth : auth failure: [user=daemon] [service=smtp] [realm=ms7.synvision.com.tw] [mech=pam] [reason=PAM auth error]
-
請使用fail2ban這個套件
-
iptables 有个recent 模块可以限制尝试次数
-
我用 bfd
pop3 / smtp / web / rsync ....
根據 error_log 自訂 regEx 計算,超過指定次數的 IP ,就直接 BAN 掉,等固定時間後再 FLUSH reset
-
我是自己寫 shell script 檢查 log 來擋...
-
pam-abl (http://pam-abl.sourceforge.net/)看來不錯,有人試過嗎 ??? ???....