我想知道我的伺服器是否存在安全漏洞。我正在預覽 /var/log/messages 文件,並且收到了大量登入和登出訊息,然後收到了一些有關「網路無法存取解決」的訊息。這是我在訊息文件中最後條目的範例。我跑的是 Centos 5.1。
Sep 24 10:03:23 ip-184-168-116-73 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Sep 24 10:03:23 ip-184-168-116-73 pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__mYPM6aAnC9051nEC0nS9vPMkaMz34VyA0HXbDApw_0Xan5OW3K9uqnlSAk98PzAq is now logged in
Sep 24 10:03:23 ip-184-168-116-73 pure-ftpd: (__cpanel__service__auth__ftpd__mYPM6aAnC9051nEC0nS9vPMkaMz34VyA0HXbDApw_0Xan5OW3K9uqnlSAk98PzAq@127.0.0.1) [INFO] Logout.
Sep 24 10:08:23 ip-184-168-116-73 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Sep 24 10:08:24 ip-184-168-116-73 pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__qUTJ2NFXeRRKXGjXVbjLQn2upJdGRaSGGSMDQna8wsEINYCTOrWUzxqiJp8rUT0S is now logged in
Sep 24 10:08:24 ip-184-168-116-73 pure-ftpd: (__cpanel__service__auth__ftpd__qUTJ2NFXeRRKXGjXVbjLQn2upJdGRaSGGSMDQna8wsEINYCTOrWUzxqiJp8rUT0S@127.0.0.1) [INFO] Logout.
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: network unreachable resolving 'ns1.expired.r01.ru/A/IN': 2001:678:17:0:193:232:128:6#53
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: network unreachable resolving 'ns2.expired.r01.ru/A/IN': 2001:678:17:0:193:232:128:6#53
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: network unreachable resolving 'ns1.expired.r01.ru/AAAA/IN': 2001:678:17:0:193:232:128:6#53
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: network unreachable resolving 'ns2.expired.r01.ru/AAAA/IN': 2001:678:17:0:193:232:128:6#53
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns1.internet-spb.ru/A/IN': 109.70.26.37#53
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns2.internet-spb.ru/A/IN': 109.70.26.37#53
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns2.internet-spb.ru/AAAA/IN': 109.70.26.37#53
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns1.internet-spb.ru/AAAA/IN': 109.70.26.37#53
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns2.internet-spb.ru/A/IN': 194.85.61.76#53
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns2.internet-spb.ru/AAAA/IN': 194.85.61.76#53
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns1.internet-spb.ru/A/IN': 194.85.61.76#53
Sep 24 10:09:19 ip-184-168-116-73 named[1502]: unexpected RCODE (SERVFAIL) resolving 'ns1.internet-spb.ru/AAAA/IN': 194.85.61.76#53
Sep 24 10:12:11 ip-184-168-116-73 named[1502]: network unreachable resolving 'ns3.rnc.ro/A/IN': 2001:500:2e::1#53
Sep 24 10:13:25 ip-184-168-116-73 pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Sep 24 10:13:25 ip-184-168-116-73 pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__s4ls4qxg3HrWFYi6ICTo0SJvgbJU6DSbALi95PAgNGK2rHENueFdmzXwkXY7GjMj is now logged in
Sep 24 10:13:25 ip-184-168-116-73 pure-ftpd: (__cpanel__service__auth__ftpd__s4ls4qxg3HrWFYi6ICTo0SJvgbJU6DSbALi95PAgNGK2rHENueFdmzXwkXY7GjMj@127.0.0.1) [INFO] Logout.
Sep 24 10:16:15 ip-184-168-116-73 named[1502]: client 199.180.114.183#36635: query (cache) 'cpsc.gov/ANY/IN' denied
如果這是駭客攻擊,那麼我需要更改哪些設定才能確保更高的安全性?
謝謝你,願上帝保佑<><
答案1
看起來 (a) 您的 IPv6 配置可能會出現問題,以及 (b) 某些東西正在攻擊您的郵箱(通常是垃圾郵件),導致 DNS 查找垃圾郵件/不存在的網域,從而導致失敗。
沒有足夠的資訊來確定您是否受到威脅。請記住,雖然 EL5 現在才獲得維護更新..所以此時您可能需要考慮 EL7
此外,Centos 5 目前版本為 5.11,因此,如果您實際上使用的是上面建議的 5.1,您可能希望盡快解決這個問題