昨日深夜、とあるサーバー見ていたらお客さんが来てた。
[root@localhost log]# ps -ef | grep -i sshd root 18376 1 0 Jul29 ? 00:00:00 sshd: root@pts/1 root 23707 1 0 00:26 ? 00:00:00 /usr/local/sbin/sshd root 30811 23707 1 01:12 ? 00:00:00 sshd: unknown [priv] sshd 30812 30811 0 01:12 ? 00:00:00 sshd: unknown [net] root 30813 23707 1 01:12 ? 00:00:00 sshd: unknown [priv] sshd 30815 30813 0 01:12 ? 00:00:00 sshd: unknown [net] root 30819 23707 2 01:12 ? 00:00:00 sshd: [accepted] sshd 30820 30819 0 01:12 ? 00:00:00 sshd: [net] root 30821 23707 2 01:12 ? 00:00:00 sshd: [accepted] root 30822 23707 2 01:12 ? 00:00:00 sshd: [accepted] root 30823 23707 2 01:12 ? 00:00:00 sshd: [accepted] root 30824 23707 2 01:12 ? 00:00:00 sshd: [accepted] sshd 30825 30821 0 01:12 ? 00:00:00 sshd: [net] sshd 30826 30822 0 01:12 ? 00:00:00 sshd: [net] sshd 30827 30824 0 01:12 ? 00:00:00 sshd: [net] sshd 30828 30823 0 01:12 ? 00:00:00 sshd: [net] root 30830 18378 0 01:12 pts/1 00:00:00 grep -i sshd [root@localhost etc]# tail -f /var/log/secure Jul 30 01:34:14 localhost sshd[2064]: Failed password for root from 61.135.209.215 port 58346 ssh2 Jul 30 01:34:15 localhost sshd[2066]: Failed password for root from 61.135.209.215 port 58547 ssh2 Jul 30 01:34:16 localhost sshd[2068]: Failed password for root from 61.135.209.215 port 59125 ssh2 Jul 30 01:34:17 localhost sshd[2070]: Failed password for root from 61.135.209.215 port 59294 ssh2 Jul 30 01:34:18 localhost sshd[2073]: Failed password for root from 61.135.209.215 port 59455 ssh2 Jul 30 01:34:19 localhost sshd[2075]: Failed password for root from 61.135.209.215 port 59657 ssh2 Jul 30 01:34:20 localhost sshd[2081]: Failed password for root from 61.135.209.215 port 60267 ssh2 Jul 30 01:34:21 localhost sshd[2084]: Failed password for root from 61.135.209.215 port 60413 ssh2 Jul 30 01:34:22 localhost sshd[2086]: Failed password for root from 61.135.209.215 port 60530 ssh2 Jul 30 01:34:23 localhost sshd[2088]: Failed password for root from 61.135.209.215 port 60737 ssh2
中国からはるばる、という感じみたいすね。踏み台なのかな。ご苦労様です。
