|
|
|
#11
2004-11-06, 04:32 PM
|
||||
|
||||
引用:
DROP all -- 61.175.128.31 0.0.0.0/0 就這一行。 
|
|
#12
2004-11-06, 04:34 PM
|
|||
|
|||
|
裝上bfd吧,裝之前先裝好apf
1. Login to your server via SSH as Root. 2. Type: wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz 3. Type: tar -xvzf bfd-current.tar.gz 4. Type: cd bfd* 5. Now let's install BFD onto the server. Type: ./install.sh :: You Should See :: .: BFD installed Install path: /usr/local/bfd Config path: /usr/local/bfd/conf.bfd Executable path: /usr/local/sbin/bfd 6. Now we need to edit the configuration file, and set some options. Don't worry the BFD Configuration isn't hard to edit or understand! Type: pico -w /usr/local/bfd/conf.bfd 7. Now we need to find the line to edit: Press: CTRL-W Type: ALERT_USR Change ALERT_USR="0" TO ALERT_USR="1" Right below that we need to change the email: Change EMAIL_USR="root" TO EMAIL_USR="you@yoursite.com" 8. That wasn't to bad let's save and exit the file Press: CTRL-X then type Y then hit enter 9. Now we have to prevent locking yourself out of the server. Type: pico -w /usr/local/bfd/ignore.hosts 10. Add any IP address that you want to be ignored from the rules. If your server provider is doing monitoring add their IP(s) here. Since you need these IPs open in APF as well you can copy the IPs you used in APF. Type: pico -w /etc/apf/allow_hosts.rules Then scroll down to the bottom and copy those IPs (drag mouse over that's it) Press: CTRL-X Type: pico -w /usr/local/bfd/ignore.hosts Paste those IPs to the bottom. You should also add your home IP if you hadn't done so before. If your home IP is dynamic this is not a good idea, and you should get a static IP. Press: CTRL-X then Y to save then enter. 11. Now lets run BDF!!! Type: /usr/local/sbin/bfd -s
|
|
#13
2004-11-06, 06:48 PM
|
|||
|
|||
|
用 iptables -I INPUT -s 61.175.128.31 -j DROP 加入後,只要 iptable 重開,或是主機重開,設定就沒了。
裝 APF 或 Kiss, 比用 iptables 指令快多了 ...
|
|
#14
2004-12-20, 09:03 PM
|
||||
|
||||
|
代碼:
Dec 20 20:07:48 jjj sshd(pam_unix)[3279]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.63.239.11 Dec 20 20:07:52 jjj sshd(pam_unix)[3281]: check pass; user unknown Dec 20 20:07:52 jjj sshd(pam_unix)[3281]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.63.239.11 Dec 20 20:07:56 jjj sshd(pam_unix)[3283]: check pass; user unknown Dec 20 20:07:56 jjj sshd(pam_unix)[3283]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.63.239.11 Dec 20 20:07:59 jjj sshd(pam_unix)[3285]: check pass; user unknown 請高手指教一下,謝謝先 
|
|
#15
2004-12-20, 09:08 PM
|
|||
|
|||
|
它要破您的 root 帳號密碼 uid=0
failure ==) 沒成功.
__________________
Nice_to_see_all...這個帳號不用了...感謝大家的幫忙...希望小弟有一天可以再站起來...Many_Thanks_All
|
|
#17
2004-12-20, 09:20 PM
|
|||
|
|||
|
很簡單,211.63.239.11的用戶想用ssh登入您的主機,
哈啦有在玩Linux應該知道sshd是幹麻的, 我的作法你可以用用看, 1. /etc/hosts.deny 加入以下 sshd : ALL : spawn (/bin/echo Security notice from host `/bin/hostname`; \ /bin/echo; /usr/sbin/safe_finger @%h ) | \ /bin/mail -s "%d -%h security" xxx@xxx.xxx.xxx & \ : twist ( /bin/echo -e "\n\nWARNING connectin not allowed. Your attempt has been logged. \n\n\n警告!您尚未允許登入,您的連線將會被紀錄,並且作為以後的參考\n ". ) 紅色處填上您的email信箱 2. 開啟/etc/hosts.allow sshd: 192.168.1. 這裡要注意最後面有一個點 3.以後若是你要使用sshd登入您的server就只能在您的local或者主機登入了, (若是您的主機使用固定ip,可以採用兩張網卡,或者將網卡設定第二個ip) 4. 最簡單的阻擋某一個特定ip的方法則是在/etc/hosts.deny裡面加上 sshd: xxx.xxx.xxx.xxx(IP)
|
|
#18
2004-12-20, 09:20 PM
|
|||
|
|||
|
1.都是用程式在跑的.如果沒破成功就沒關希
2.ip可能是假的. 3.[ban掉一整個區段的ip]比較沒意義 4.用 ghost 將硬碟整顆備份到 DVD-rw,比較可行. 5..... 6.....
__________________
Nice_to_see_all...這個帳號不用了...感謝大家的幫忙...希望小弟有一天可以再站起來...Many_Thanks_All
|
|
#20
2004-12-20, 09:32 PM
|
|||
|
|||
|
若是大大不用sshd的話,最簡單的方式就關掉它吧!
1. /etc/rc.d/init.d/sshd stop 或者 service sshd stop 2. 進入setup選單,設定不要一開機就啟動sshd
|
,所以只會用一些基本如httpd.conf的設定等等。其它大概都看嘸。 
