用 gogs 自己搭建了一个 git 私服,不知道是不是被人攻击了,有大佬帮忙看看吗?
keppelfei · 2021-12-30 11:53:10 +08:00 · 3428 次点击这是一个创建于 1058 天前的主题,其中的信息可能已经有所发展或是发生改变。
跟小伙伴们开了一个项目,然后自己在腾讯云上使用docker搭建了一个gogs私服,用了有一个礼拜了,开始没啥大问题,然后今天我朋友说登陆很慢,不知道是不是他的网络问题,我还是去看了一下日志,发现如下:
Dec 30 03:45:23 sshd[61]: Invalid user xieguomin from 194.163.132.190 port 55818
Dec 30 03:45:24 sshd[61]: Received disconnect from 194.163.132.190 port 55818:11: Normal Shutdown, Thank you for playing [preauth]
Dec 30 03:45:24 sshd[61]: Disconnected from invalid user xieguomin 194.163.132.190 port 55818 [preauth]
Dec 30 03:45:30 sshd[63]: User root not allowed because account is locked
Dec 30 03:45:30 sshd[63]: Connection closed by invalid user root 157.230.20.226 port 36904 [preauth]
Dec 30 03:45:35 sshd[65]: Invalid user xiehaowei from 194.163.132.190 port 55820
Dec 30 03:45:36 sshd[65]: Received disconnect from 194.163.132.190 port 55820:11: Normal Shutdown, Thank you for playing [preauth]
Dec 30 03:45:36 sshd[65]: Disconnected from invalid user xiehaowei 194.163.132.190 port 55820 [preauth]
Dec 30 03:45:48 sshd[67]: Invalid user xiehaowei from 194.163.132.190 port 55868
Dec 30 03:45:49 sshd[67]: Received disconnect from 194.163.132.190 port 55868:11: Normal Shutdown, Thank you for playing [preauth]
Dec 30 03:45:49 sshd[67]: Disconnected from invalid user xiehaowei 194.163.132.190 port 55868 [preauth]
Dec 30 03:45:52 sshd[69]: User root not allowed because account is locked
Dec 30 03:45:53 sshd[69]: Connection closed by invalid user root 157.230.20.226 port 41146 [preauth]
Dec 30 03:46:00 sshd[71]: Invalid user xiehaowei from 194.163.132.190 port 55890
Dec 30 03:46:01 sshd[71]: Received disconnect from 194.163.132.190 port 55890:11: Normal Shutdown, Thank you for playing [preauth]
Dec 30 03:46:01 sshd[71]: Disconnected from invalid user xiehaowei 194.163.132.190 port 55890 [preauth]
这里的日志上的账号都不是我们设置的,就是个空账号,然后这个 IP 也是德国那边的.
我目前的 gogs 是做了 nginx 代理,暴露了俩端口,我在 nginx 里加 deny 没啥卵用,不知道咋操作了. 懂行的大佬指点一下吧!
13 条回复 • 2022-01-04 11:31:52 +08:00
 |
1
jabari 2021-12-30 12:14:08 +08:00  1
应该是被扫了, 设置 fail2ban 吧
|
 |
2
keppelfei OP 多谢。我试试去
|
 |
3
2i2Re2PLMaDnghL 2021-12-30 13:55:10 +08:00
你这不是 sshd 嘛,nginx deny 有什么用,还是 fail2ban 对 ssh 进行设置。
放公网被扫是日常 |
 |
4
kkjinping 2021-12-30 14:03:26 +08:00
改下 ssh 的端口吧,别用 22
|
|
5
kkjinping 2021-12-30 14:04:12 +08:00
gogs 用 ssh 连接的时候可以做个端口转发到 22
|
|
6
keppelfei OP @2i2Re2PLMaDnghL 是的, 已经安排上了 fail2ban
|
 |
8
snuglove 2021-12-30 17:39:38 +08:00
你这是被扫描了,可以看到日志里边全是 sshd 的日志.ssh 的端口可以考虑大一点,可以设置 3 万以上的,或者编写防火墙,失败 n 次的拉黑.
|
 |
9
c1273082756 2021-12-31 09:37:27 +08:00
把服务器的 ping 关了, 再设置一点防火墙规则
|
|
10
keppelfei OP @c1273082756 有点意思啊,关掉 ping 是不是就扫不到(对方先 ping 再测端口?)
|
 |
11
moxuanyuan 2021-12-31 15:25:43 +08:00
gogs ,好用,还是 gitea ,好用?目前在用 gitea 。。
|
|
12
keppelfei OP @moxuanyuan 没用过 gitea,gitea 无论是 star 还是待解决的 issue 都跟 gogs 有点差距,所以我选的是 gogs
|
|
13
c1273082756 2022-01-04 11:31:52 +08:00
@keppelfei 是这样的, 我家里的群晖经常被暴力 ssh, 一天嫩给我发几十个 ssh 爆破的警告, 而且都是境外的 ip, 自从我关掉路由器上的 ping, 世界都清净了
|
Select Language