我VPS是不是被攻击了

孙长老

从20点到现在都打不开，但挂代理就可以。

fail2ban的记录：

2019-04-27 12:30:34,615 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 12:31:35,309 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 12:41:34,129 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 12:43:06,273 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 12:53:05,082 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 12:54:17,394 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 13:04:18,209 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 13:05:29,519 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 13:15:28,326 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 13:16:38,437 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 13:26:37,249 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 13:27:53,364 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 13:37:52,143 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 13:38:54,840 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 13:47:17,509 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 159.89.205.250
2019-04-27 13:48:55,653 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 13:50:12,370 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 13:57:18,957 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 159.89.205.250
2019-04-27 14:00:11,198 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 14:01:49,544 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 14:03:39,713 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 159.89.205.250
2019-04-27 14:11:50,381 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 14:12:56,484 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 14:13:40,556 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 159.89.205.250
2019-04-27 14:20:04,274 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 159.89.205.250
2019-04-27 14:22:56,520 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 14:24:10,633 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 14:30:05,117 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 159.89.205.250
2019-04-27 14:34:09,463 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 14:35:19,572 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 14:36:22,271 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 159.89.205.250
2019-04-27 14:45:19,000 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 14:46:21,097 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 159.89.205.250
2019-04-27 14:46:51,751 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 14:52:52,244 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 159.89.205.250
2019-04-27 14:56:52,579 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 173.212.251.56
2019-04-27 14:58:10,698 fail2ban.actions        [18706]: NOTICE  [sshd] Ban 173.212.251.56
2019-04-27 15:02:51,080 fail2ban.actions        [18706]: NOTICE  [sshd] Unban 159.89.205.250

auth的log:
Apr 27 15:07:52 do sshd[30529]: Invalid user postgres from 159.89.205.250 port 41844
Apr 27 15:07:52 do sshd[30531]: Connection closed by 104.248.156.207 port 53876 [preauth]
Apr 27 15:07:52 do sshd[30529]: Received disconnect from 159.89.205.250 port 41844:11: Normal Shutdown, Thank you for playing [preauth]
Apr 27 15:07:52 do sshd[30529]: Disconnected from invalid user postgres 159.89.205.250 port 41844 [preauth]
Apr 27 15:08:24 do sshd[30539]: Invalid user radio from 173.212.251.56 port 32964
Apr 27 15:08:25 do sshd[30539]: Received disconnect from 173.212.251.56 port 32964:11: Normal Shutdown, Thank you for playing [preauth]
Apr 27 15:08:25 do sshd[30539]: Disconnected from invalid user radio 173.212.251.56 port 32964 [preauth]
Apr 27 15:08:39 do sshd[30541]: Invalid user radio from 173.212.251.56 port 33452
Apr 27 15:08:39 do sshd[30541]: Received disconnect from 173.212.251.56 port 33452:11: Normal Shutdown, Thank you for playing [preauth]
Apr 27 15:08:39 do sshd[30541]: Disconnected from invalid user radio 173.212.251.56 port 33452 [preauth]
Apr 27 15:09:01 do sshd[30558]: Invalid user radio from 173.212.251.56 port 33944
Apr 27 15:09:01 do CRON[30592]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 27 15:09:01 do CRON[30592]: pam_unix(cron:session): session closed for user root
Apr 27 15:09:01 do sshd[30558]: Received disconnect from 173.212.251.56 port 33944:11: Normal Shutdown, Thank you for playing [preauth]
Apr 27 15:09:01 do sshd[30558]: Disconnected from invalid user radio 173.212.251.56 port 33944 [preauth]
Apr 27 15:09:09 do sshd[30600]: Invalid user radio from 173.212.251.56 port 34432
Apr 27 15:09:09 do sshd[30600]: Received disconnect from 173.212.251.56 port 34432:11: Normal Shutdown, Thank you for playing [preauth]
Apr 27 15:09:09 do sshd[30600]: Disconnected from invalid user radio 173.212.251.56 port 34432 [preauth]
Apr 27 15:09:10 do sshd[30602]: Invalid user postgres from 159.89.205.250 port 41600
Apr 27 15:09:11 do sshd[30602]: Received disconnect from 159.89.205.250 port 41600:11: Normal Shutdown, Thank you for playing [preauth]
Apr 27 15:09:11 do sshd[30602]: Disconnected from invalid user postgres 159.89.205.250 port 41600 [preauth]

孙长老

lifetyper 发表于 2019-4-27 23:33
扫SSH弱口令的吧，没什么

现在网站打不开
Do家的VPS就这样？

孙长老

lifetyper 发表于 2019-4-27 23:38
你自己top看一下哪个进程占了CPU，扫弱口令一般不至于扫到完蛋啊。

CPU才0.3
好神奇，不会被墙了吧