Hacker chines ?? Segurança

bestmoor escreveu:

Ola amigo.
Verifiquei nos logs de alguns servidores algunas tentativas de acesso no root .
Parece scaner de força bruta . pesquisei na net . tem varios relatos de origem do mesmo IP . alguem ja possou por isso .
gerencio meus servidores via SSH e Webmin . Sera que devo ficar preocupado ?

ip de origem https://www.abuseipdb.com/check/58.218.199.165

log



Dez 10 14:34:14 internet- kernel: squidGuard[20880]: segfault at d8 ip 00007f09f4b5fe22 sp 00007ffdd422f7a0 error
Dez 10 14:33:37 internet- sshd[20887]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= r
Dez 10 14:33:37 internet-sshd[20887]: Received disconnect from 58.218.199.165: 11: [preauth]
Dez 10 14:33:37 internet-sshd[20887]: Failed password for root from 58.218.199.165 port 26555 ssh2
Dez 10 14:33:35 internet-sshd[20887]: Failed password for root from 58.218.199.165 port 26555 ssh2
Dez 10 14:33:32 internet-sshd[20887]: Failed password for root from 58.218.199.165 port 26555 ssh2

Arthur_Hoch escreveu:

Coloque alguma regra no firewall...

https://www.rackaid.com/blog/how-to-block-ssh-brute-force-attacks/
http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.h...
https://rudd-o.com/linux-and-free-software/a-better-way-to-block-brute-force-attacks-on-your-ssh-ser...