在最新的服务器上,cPHulk开始检测(并列入黑名单)失败的登录尝试.它开始于服务器上线的那一天.从那时起,我每天从cPHulk收到15-30封电子邮件,让我知道有“大量失败的登录尝试”.
我注意到所有的尝试都来自中国,所以我安装了csf并完全封锁了中国.几天后,袭击又回来了,但来自不同的国家.到目前为止,我已经绝望地阻止了四个国家,但我知道这不是一个合法的解决方案.现在他们来自我无法阻止的国家,因为我可以期待来自这些国家的合法流量.
我也受到来自IP似乎与国家无关的攻击,如此屏幕截图所示:
我并不担心他们能够猜出密码,因为我使用的密码非常强大.
所以我的问题是,为什么他们瞄准我的服务器,他们是如何快速找到它的?如何在不阻止整个国家/地区的情况下缓解这些登录尝试?屏幕截图中的IP在哪里?我唯一的猜测是,不知何故,我被分配了一个声名狼借的IP,但我的服务器管理员经验和知识有点受限,所以我甚至不知道这种可信度.
如果电子邮件困扰您,您可以将允许的登录IP列入白名单,并在有人从不在白名单中的站点登录时通过电子邮件发送给您.
至于屏幕截图中的IP,0.42.0.0:
The address 0.0.0.0 may only be used as the address of an outgoing
packet when a computer is learning which IP address it should use. It
is never used as a destination address. Addresses starting with “0.”
are sometimes used for broadcasts to directly connected devices.If you see addresses starting with a “0.” in logs they are probably in
use on your network,which might be as small as a computer connected
to a home gateway.This block was assigned by the IETF,the organization that develops
Internet protocols,in the Standard document,RFC 1122,and is further
documented in the Best Current Practice document RFC 6890. IANA is
listed as the registrant to make it clear that this network is not
assigned to any single organization.These documents can be found at: 07002 07003