استفسار عن أمر بـ putty وعن برنامج APF

albrens · 07-11-2006, 04:26 PM

السلام عليكم

اخواني أنا عندي على السيرفر ملف الخاص ببرنامج APF

والملف هذا فيه جميع IP اللي تم حظرهم

أنا أحب أعرف كيف أحدد جميع الاسطر والبالغ عددها أكثر من 13 ألف حتى أمسح الاسطر كلها

حيث تصلني رسالة على الايميل من برنامج APF ولا BFD يومياً قرابة 400 رسالة

هل معنى أن هناك هجوم وفلودات على سيرفري أم ماذا ؟

ولكم اجمل تحيه وتقدير

Arabhosters.com · 07-11-2006, 05:42 PM

لإفراغ الملف من محتوياته عليك بكتابة هذا الأمر
echo > /etc/apf/deny_hosts.rules
وإرسلنا رسالة من اللى بيوصلوا لك على الايميل حتى نقدر نحدد

albrens · 09-11-2006, 08:12 AM

بارك الله فيك اخوي

الرسالة الاولى هي بعنوان Urgent: Administrative issue enclosed, please read.

اقتباس:

To whom it may concern;

The remote system 196.206.224.64 was logged attacking host 66.×××.×××.×,
this is an automated warning; please do not ignore this message!

196.206.224.64 was found to have exceeded acceptable inbound packet flow, your
APF (Advanced policy firewall) installation on this host is configured
to dispatch this e-mail and/or take other such actions.

Enclosed below are log portions detailing the attack, all time stamps are
GMT -0500.

APF [antidos] log:
Nov 08 08:52:05 cp antidos(21835): 196.206.224.64:30371 -> 66.×××.×××.×:80
Nov 08 08:52:05 cp antidos(21835): 196.206.224.64 -> 66.×××.×××.× (DROPPED)

والرسالة الثانية بعنوان IP addresses banned on Tue Nov 7 16:32:02 EST 2006

اقتباس:

Banned the following ip addresses on Tue Nov 7 10:52:01 EST 2006

212.93.160.7 with 165 connections

albrens · 09-11-2006, 08:15 AM

الرسالة الثالثة بعنوان Brute Force Warning for cp.albrens.com

اقتباس:

The remote system mail3.adjoined.com was found to have exceeded acceptable login
failures on cp.albrens.com; there was 165 events to the service sshd. As such the
attacking host has been banned from further accessing this system. For the
integrity of your host you should investigate this event as soon as possible.

Executed ban command:
/etc/apf/apf -d mail3.adjoined.com {bfd.sshd}

The following are event logs from mail3.adjoined.com on service sshd (all time
stamps are GMT -0500):

Nov 8 08:04:30 cp sshd[18553]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:32 cp sshd[18555]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:33 cp sshd[18557]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:35 cp sshd[18560]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:38 cp sshd[18562]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:41 cp sshd[18570]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:43 cp sshd[18587]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:45 cp sshd[18590]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:48 cp sshd[18592]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:50 cp sshd[18594]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:54 cp sshd[18596]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:55 cp sshd[18598]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:04:58 cp sshd[18600]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:05:01 cp sshd[18603]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:05:02 cp sshd[18602]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:05:05 cp sshd[18606]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:05:08 cp sshd[18690]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:05:08 cp sshd[18692]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:05:11 cp sshd[18694]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:05:12 cp sshd[18696]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:05:13 cp sshd[18698]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:05:16 cp sshd[18700]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:05:29 cp sshd[18721]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:06:38 cp sshd[21491]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:06:40 cp sshd[21495]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:06:42 cp sshd[21499]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:06:42 cp sshd[21497]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:06:45 cp sshd[21501]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:08:49 cp sshd[25230]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:08:51 cp sshd[25234]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:08:52 cp sshd[25236]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:08:56 cp sshd[25238]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:08:57 cp sshd[25240]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:00 cp sshd[25245]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:02 cp sshd[25247]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:04 cp sshd[25270]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:07 cp sshd[25280]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:08 cp sshd[25282]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:11 cp sshd[25285]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:12 cp sshd[25288]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:15 cp sshd[25292]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:18 cp sshd[25294]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:20 cp sshd[25296]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:22 cp sshd[25298]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:24 cp sshd[25303]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:27 cp sshd[25311]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:29 cp sshd[25328]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:32 cp sshd[25333]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:33 cp sshd[25336]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:47 cp sshd[25362]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:49 cp sshd[25364]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:51 cp sshd[25366]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:53 cp sshd[25368]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:54 cp sshd[25370]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:57 cp sshd[25372]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:09:57 cp sshd[25374]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:10:01 cp sshd[25376]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!
Nov 8 08:10:02 cp sshd[25378]: reverse mapping checking getaddrinfo for
mail3.adjoined.com failed - POSSIBLE BREAKIN ATTEMPT!

----
- Thank you;

والله يعطيك الف عافيه

ويالليت لو تذكر لي الرسالة الثانية أي برنامج قام بإيقاف الاي بي

ولك الشكر والتقدير

Arabhosters.com · 09-11-2006, 05:32 PM

أهلا بك أخي الكريم
الرسالة الثانية توضح لك أنه تم اعطاء بان لهذا الأيبى 212.93.160.7 بسبب ان عدد الConnections من خلاله كبير
يجب عليك تخفيف اعدادات ال antidos حتى لا يسبب لك بعض المشاكل مع العملاء

albrens · 10-11-2006, 02:37 PM

عزيزي اريد الف شكر
ولك كيف لي أن اخفف إعداداته أو ألغيه تماماً

تكفي بقية البرامج

Arabhosters.com · 10-11-2006, 05:00 PM

لإلغاله قم بحذف او عمل comment للسطر الخاص به فى
/etc/crontab
إذا كنت تريد تخفيف الإعدادات ضيفنى الماسنجر في التوقيع

أدوات الموضوع
مشاهدة صفحة طباعة الموضوع أرسل هذا الموضوع إلى صديق