当前位置: 技术问答>linux和unix
我的proftpd总是受攻击,怎么办??
来源: 互联网 发布时间:2015-07-09
本文导语: Jun 14 16:51:29 www proftpd[26467]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened. Jun 14 16:51:32 www proftpd[26473]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened. Jun 14 16:51:34 www proftpd[26475]: www.xx.cn (211.153.7.175[...
Jun 14 16:51:29 www proftpd[26467]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:32 www proftpd[26473]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:34 www proftpd[26475]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:34 www proftpd[26476]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:37 www proftpd[26480]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:40 www proftpd[26486]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:40 www proftpd[26489]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:40 www proftpd[26489]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session closed.
Jun 14 16:51:45 www proftpd[26495]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:50 www proftpd[26496]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:55 www proftpd[26497]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:00 www proftpd[26498]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:06 www proftpd[26501]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:11 www proftpd[26502]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:16 www proftpd[26512]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:24 www proftpd[26514]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:30 www proftpd[26526]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:36 www proftpd[26529]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:45 www proftpd[26538]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:50 www proftpd[26542]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:58 www proftpd[26563]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:53:04 www proftpd[26573]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:53:09 www proftpd[26589]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
几个ip一直就这么干,谁能有个彻底的解决办法啊。多谢多谢。另外给分!!!
Jun 14 16:51:32 www proftpd[26473]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:34 www proftpd[26475]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:34 www proftpd[26476]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:37 www proftpd[26480]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:40 www proftpd[26486]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:40 www proftpd[26489]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:40 www proftpd[26489]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session closed.
Jun 14 16:51:45 www proftpd[26495]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:50 www proftpd[26496]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:51:55 www proftpd[26497]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:00 www proftpd[26498]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:06 www proftpd[26501]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:11 www proftpd[26502]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:16 www proftpd[26512]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:24 www proftpd[26514]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:30 www proftpd[26526]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:36 www proftpd[26529]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:45 www proftpd[26538]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:50 www proftpd[26542]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:52:58 www proftpd[26563]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:53:04 www proftpd[26573]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
Jun 14 16:53:09 www proftpd[26589]: www.xx.cn (211.153.7.175[211.153.7.175]) - FTP session opened.
几个ip一直就这么干,谁能有个彻底的解决办法啊。多谢多谢。另外给分!!!
|
贴一段Perl代码,你自己研究一下
#!/usr/bin/perl -w
# @Author: zixia@yahoo.com
# @Date: 2000-11-?
my( $cnt, $ip ) = 0;
my %refuse = ();
my $dieNum = $ARGV[0];
$dieNum = 10000 unless $dieNum;
my @FreeIP = ('202.120.224.18','复旦大学',
'210.32.156.234','浙江大学',
'211.101.132.21','Nathan');
while( $line= ){
chop $line;
#Jul 26 11:58:33 zixia proftpd[5622]: zixia.net (61.141.206.145[61.141.
206.145]) - Connection refused (max clients per host 5).
if( $line=~m/[(d+.d+.d+.d+)]/ ){
#if( $line=~m/[(d+.d+.d+.d+)] - Connection refused (max
clients per host/ ){
$ip = $1;
$refuse{"$ip"}++;
}
}
$cnt = 0;
$line1 = 1;
DENY:
foreach $ip ( sort { $refuse{$b} $refuse{$a} } keys %refuse ){
last if( $refuse{$ip}
#!/usr/bin/perl -w
# @Author: zixia@yahoo.com
# @Date: 2000-11-?
my( $cnt, $ip ) = 0;
my %refuse = ();
my $dieNum = $ARGV[0];
$dieNum = 10000 unless $dieNum;
my @FreeIP = ('202.120.224.18','复旦大学',
'210.32.156.234','浙江大学',
'211.101.132.21','Nathan');
while( $line= ){
chop $line;
#Jul 26 11:58:33 zixia proftpd[5622]: zixia.net (61.141.206.145[61.141.
206.145]) - Connection refused (max clients per host 5).
if( $line=~m/[(d+.d+.d+.d+)]/ ){
#if( $line=~m/[(d+.d+.d+.d+)] - Connection refused (max
clients per host/ ){
$ip = $1;
$refuse{"$ip"}++;
}
}
$cnt = 0;
$line1 = 1;
DENY:
foreach $ip ( sort { $refuse{$b} $refuse{$a} } keys %refuse ){
last if( $refuse{$ip}