ssh brute force 시도입니다.

안녕하십니까?

아래 내용에 대해서는 본 게시판에서 ssh로 검색해 보시면 중복된 답이 여러개 보이실 것입니다. 참고하시기 바랍니다.

감사합니다.

해킹 님의 글

Nov  2 07:55:46 www sshd[22967]: Failed password for illegal user tads from 219.84.101.127 port 39974 ssh2
Nov  2 07:55:49 www sshd[22969]: Illegal user tads from 219.84.101.127
Nov  2 07:55:51 www sshd[22969]: Failed password for illegal user tads from 219.84.101.127 port 40088 ssh2
Nov  2 07:55:53 www sshd[22971]: Illegal user tads from 219.84.101.127
Nov  2 07:55:56 www sshd[22971]: Failed password for illegal user tads from 219.84.101.127 port 40262 ssh2
Nov  2 07:55:58 www sshd[22973]: Illegal user tip from 219.84.101.127
Nov  2 07:56:00 www sshd[22973]: Failed password for illegal user tip from 219.84.101.127 port 40416 ssh2
Nov  2 07:56:02 www sshd[22975]: Illegal user tip from 219.84.101.127
Nov  2 07:56:05 www sshd[22975]: Failed password for illegal user tip from 219.84.101.127 port 40563 ssh2
Nov  2 07:56:07 www sshd[22977]: Illegal user tip from 219.84.101.127
Nov  2 07:56:10 www sshd[22977]: Failed password for illegal user tip from 219.84.101.127 port 40710 ssh2
Nov  2 07:56:12 www sshd[22979]: Illegal user myra from 219.84.101.127
Nov  2 07:56:14 www sshd[22979]: Failed password for illegal user myra from 219.84.101.127 port 40883 ssh2
Nov  2 07:56:17 www sshd[22981]: Illegal user myra from 219.84.101.127
Nov  2 07:56:19 www sshd[22981]: Failed password for illegal user myra from 219.84.101.127 port 41031 ssh2
Nov  2 07:56:24 www sshd[22983]: Illegal user myra from 219.84.101.127
Nov  2 07:56:27 www sshd[22983]: Failed password for illegal user myra from 219.84.101.127 port 41210 ssh2
Nov  2 07:56:29 www sshd[22985]: Illegal user jack from 219.84.101.127
Nov  2 07:56:31 www sshd[22985]: Failed password for illegal user jack from 219.84.101.127 port 41470 ssh2
Nov  2 07:56:33 www sshd[22989]: Illegal user jack from 219.84.101.127
Nov  2 07:56:35 www sshd[22989]: Failed password for illegal user jack from 219.84.101.127 port 41627 ssh2

======================================================

ov  2 07:58:38 www sshd[23068]: Failed password for illegal user ali from 219.84.101.127 port 54875 ssh2
Nov  2 07:58:40 www sshd[23070]: Illegal user ali from 219.84.101.127
Nov  2 07:58:42 www sshd[23070]: Failed password for illegal user ali from 219.84.101.127 port 55396 ssh2
Nov  2 07:58:47 www sshd[23072]: Illegal user ali from 219.84.101.127
Nov  2 07:58:49 www sshd[23072]: Failed password for illegal user ali from 219.84.101.127 port 55932 ssh2
Nov  2 07:58:55 www sshd[23074]: Illegal user alice from 219.84.101.127
Nov  2 07:58:57 www sshd[23074]: Failed password for illegal user alice from 219.84.101.127 port 56664 ssh2
Nov  2 07:58:58 www sshd[23076]: Illegal user alice from 219.84.101.127
Nov  2 07:59:01 www sshd[23076]: Failed password for illegal user alice from 219.84.101.127 port 58080 ssh2
Nov  2 07:59:02 www sshd[23078]: Illegal user alice from 219.84.101.127
Nov  2 07:59:05 www sshd[23078]: Failed password for illegal user alice from 219.84.101.127 port 58591 ssh2
Nov  2 07:59:06 www sshd[23080]: Illegal user allan from 219.84.101.127
Nov  2 07:59:08 www sshd[23080]: Failed password for illegal user allan from 219.84.101.127 port 59095 ssh2
Nov  2 07:59:10 www sshd[23082]: Illegal user allan from 219.84.101.127
Nov  2 07:59:12 www sshd[23082]: Failed password for illegal user allan from 219.84.101.127 port 59208 ssh2
Nov  2 07:59:14 www sshd[23084]: Illegal user allan from 219.84.101.127
Nov  2 07:59:16 www sshd[23084]: Failed password for illegal user allan from 219.84.101.127 port 59718 ssh2
Nov  2 07:59:17 www sshd[23086]: Illegal user andi from 219.84.101.127
Nov  2 07:59:20 www sshd[23086]: Failed password for illegal user andi from 219.84.101.127 port 60225 ssh2
Nov  2 07:59:21 www sshd[23088]: Illegal user andi from 219.84.101.127
Nov  2 07:59:24 www sshd[23088]: Failed password for illegal user andi from 219.84.101.127 port 60731 ssh2
Nov  2 07:59:25 www sshd[23090]: Illegal user andi from 219.84.101.127
Nov  2 07:59:27 www sshd[23090]: Failed password for illegal user andi from 219.84.101.127 port 60918 ssh2
Nov  2 07:59:29 www sshd[23092]: Illegal user andrew from 219.84.101.127
Nov  2 07:59:31 www sshd[23092]: Failed password for illegal user andrew from 219.84.101.127 port 33125 ssh2
Nov  2 07:59:33 www sshd[23094]: Illegal user andrew from 219.84.101.127
Nov  2 07:59:35 www sshd[23094]: Failed password for illegal user andrew from 219.84.101.127 port 33841 ssh2
Nov  2 07:59:37 www sshd[23096]: Illegal user andrew from 219.84.101.127
Nov  2 07:59:39 www sshd[23096]: Failed password for illegal user andrew from 219.84.101.127 port 34743 ssh2
Nov  2 07:59:41 www sshd[23098]: Illegal user amanda from 219.84.101.127
Nov  2 07:59:43 www sshd[23098]: Failed password for illegal user amanda from 219.84.101.127 port 35124 ssh2
Nov  2 07:59:45 www sshd[23100]: Illegal user amanda from 219.84.101.127
Nov  2 07:59:47 www sshd[23100]: Failed password for illegal user amanda from 219.84.101.127 port 35705 ssh2
Nov  2 07:59:49 www sshd[23102]: Illegal user amanda from 219.84.101.127
Nov  2 07:59:51 www sshd[23102]: Failed password for illegal user amanda from 219.84.101.127 port 36140 ssh2
Nov  2 07:59:52 www sshd[23104]: Illegal user angie from 219.84.101.127

========================================================

Nov  4 14:02:41 www sshd[14102]: Failed password for root from 210.240.49.131 port 45522 ssh2
Nov  4 14:02:46 www sshd[14104]: Failed password for root from 210.240.49.131 port 45580 ssh2
Nov  4 14:02:50 www sshd[14106]: Failed password for root from 210.240.49.131 port 45643 ssh2
Nov  4 14:02:55 www sshd[14108]: Failed password for root from 210.240.49.131 port 45704 ssh2
Nov  4 14:02:59 www sshd[14110]: Failed password for root from 210.240.49.131 port 45763 ssh2
Nov  4 14:03:03 www sshd[14112]: Failed password for root from 210.240.49.131 port 45824 ssh2
Nov  4 14:03:08 www sshd[14114]: Failed password for root from 210.240.49.131 port 45887 ssh2
Nov  4 14:03:12 www sshd[14116]: Failed password for root from 210.240.49.131 port 45949 ssh2
Nov  4 14:03:17 www sshd[14118]: Failed password for root from 210.240.49.131 port 46015 ssh2
Nov  4 14:03:21 www sshd[14120]: Failed password for root from 210.240.49.131 port 46078 ssh2
Nov  4 14:03:26 www sshd[14122]: Failed password for root from 210.240.49.131 port 46146 ssh2
Nov  4 14:03:30 www sshd[14124]: Failed password for root from 210.240.49.131 port 46210 ssh2
Nov  4 14:03:35 www sshd[14126]: Failed password for root from 210.240.49.131 port 46274 ssh2
Nov  4 14:03:40 www sshd[14128]: Failed password for root from 210.240.49.131 port 46338 ssh2
Nov  4 14:03:44 www sshd[14130]: Failed password for root from 210.240.49.131 port 46405 ssh2
Nov  4 14:03:49 www sshd[14132]: Failed password for root from 210.240.49.131 port 46474 ssh2
Nov  4 14:03:54 www sshd[14134]: Failed password for root from 210.240.49.131 port 46544 ssh2
Nov  4 14:03:58 www sshd[14136]: Failed password for root from 210.240.49.131 port 46614 ssh2
Nov  4 14:04:03 www sshd[14138]: Failed password for root from 210.240.49.131 port 46681 ssh2
Nov  4 14:04:07 www sshd[14140]: Failed password for root from 210.240.49.131 port 46755 ssh2
Nov  4 14:04:12 www sshd[14142]: Failed password for root from 210.240.49.131 port 46828 ssh2
Nov  4 14:04:16 www sshd[14144]: Failed password for root from 210.240.49.131 port 46903 ssh2
Nov  4 14:04:20 www sshd[14146]: Failed password for root from 210.240.49.131 port 46979 ssh2
Nov  4 14:04:25 www sshd[14148]: Failed password for root from 210.240.49.131 port 47050 ssh2
Nov  4 14:04:29 www sshd[14150]: Failed password for root from 210.240.49.131 port 47128 ssh2
Nov  4 14:04:33 www sshd[14152]: Failed password for root from 210.240.49.131 port 47199 ssh2
Nov  4 14:04:38 www sshd[14154]: Failed password for root from 210.240.49.131 port 47276 ssh2
Nov  4 14:04:42 www sshd[14156]: Failed password for root from 210.240.49.131 port 47355 ssh2
Nov  4 14:04:46 www sshd[14158]: Failed password for root from 210.240.49.131 port 47435 ssh2
Nov  4 14:04:51 www sshd[14162]: Failed password for root from 210.240.49.131 port 47512 ssh2
Nov  4 14:04:55 www sshd[14164]: Failed password for root from 210.240.49.131 port 47595 ssh2
Nov  4 14:05:00 www sshd[14168]: Failed password for root from 210.240.49.131 port 47677 ssh2
Nov  4 14:05:04 www sshd[14170]: Failed password for root from 210.240.49.131 port 47755 ssh2
Nov  4 14:05:09 www sshd[14172]: Failed password for root from 210.240.49.131 port 47836 ssh2
Nov  4 14:05:13 www sshd[14174]: Failed password for root from 210.240.49.131 port 47912 ssh2
Nov  4 14:05:18 www sshd[14176]: Failed password for root from 210.240.49.131 port 47994 ssh2
Nov  4 14:05:22 www sshd[14178]: Failed password for root from 210.240.49.131 port 48074 ssh2
Nov  4 14:05:26 www sshd[14180]: Failed password for root from 210.240.49.131 port 48153 ssh2
Nov  4 14:05:31 www sshd[14182]: Failed password for root from 210.240.49.131 port 48234 ssh2
Nov  4 14:05:35 www sshd[14184]: Failed password for root from 210.240.49.131 port 48311 ssh2
Nov  4 14:05:40 www sshd[14186]: Failed password for root from 210.240.49.131 port 48394 ssh2
Nov  4 14:05:44 www sshd[14188]: Failed password for root from 210.240.49.131 port 48472 ssh2
Nov  4 14:05:49 www sshd[14190]: Failed password for root from 210.240.49.131 port 48559 ssh2

=========================================================

2틀전에 제가 해킹당한것 같다라고 올렸는데.

var 디렉토리 안에 secure 라는 파일을 살펴본 결과 위의 기록이 되어 있네요

실제 없는 user로 접근 할려고 한것과 root로 접근할려고 하는것으로 보이는데 맞는지요?