各位大哥，下面是我的message里的内容，是不是遭受攻击了？

gangleisong · 发表于 2008-5-12 10:48:46

下面是部分内容，有上万行的guest登陆和退出并且是在一秒钟内登陆退出3到4次

May  8 07:39:16 localhost  -- lhcxs[20906]: LOGIN ON ttyp67 BY lhcxs
May  8 07:39:50 localhost sshd(pam_unix)[2479]: session opened for user center by center(uid=0)
May  8 07:39:52 localhost su(pam_unix)[7664]: session opened for user guest by center(uid=0)
May  8 07:41:35 localhost login(pam_unix)[9071]: session opened for user lhcxs by lhcxs(uid=0)
May  8 07:41:35 localhost  -- lhcxs[9071]: LOGIN ON ttyp30 BY lhcxs
May  8 07:41:38 localhost sshd(pam_unix)[3572]: session opened for user center by center(uid=0)
May  8 07:42:34 localhost login(pam_unix)[918]: session opened for user lhcxs by lhcxs(uid=0)
May  8 07:42:34 localhost  -- lhcxs[918]: LOGIN ON ttyp96 BY lhcxs
May  8 07:43:07 localhost sshd(pam_unix)[16490]: session opened for user center by center(uid=0)
May  8 07:43:09 localhost su(pam_unix)[20516]: session opened for user guest by center(uid=0)
May  8 07:44:00 localhost login(pam_unix)[2997]: session opened for user lhcxs by lhcxs(uid=0)
May  8 07:44:00 localhost  -- lhcxs[2997]: LOGIN ON ttyp74 BY lhcxs
May  8 07:44:30 localhost login(pam_unix)[2415]: session opened for user lhcxs by lhcxs(uid=0)
May  8 07:44:30 localhost  -- lhcxs[2415]: LOGIN ON ttyp23 BY lhcxs
May  8 07:44:32 localhost sshd(pam_unix)[22391]: session opened for user center by center(uid=0)
May  8 07:44:34 localhost su(pam_unix)[26753]: session opened for user guest by center(uid=0)
May  8 07:44:50 localhost su(pam_unix)[26753]: session closed for user guest
May  8 07:44:50 localhost su(pam_unix)[12817]: session opened for user guest by (uid=0)
May  8 07:44:50 localhost su(pam_unix)[12817]: session closed for user guest
May  8 07:44:50 localhost su(pam_unix)[12987]: session opened for user guest by (uid=0)
May  8 07:44:50 localhost su(pam_unix)[12987]: session closed for user guest
May  8 07:44:50 localhost su(pam_unix)[13161]: session opened for user guest by (uid=0)
May  8 07:44:50 localhost su(pam_unix)[13161]: session closed for user guest
May  8 07:44:50 localhost su(pam_unix)[13319]: session opened for user guest by (uid=0)
May  8 07:44:50 localhost su(pam_unix)[13319]: session closed for user guest
May  8 07:44:50 localhost su(pam_unix)[13481]: session opened for user guest by (uid=0)
May  8 07:44:50 localhost su(pam_unix)[13481]: session closed for user guest
May  8 07:44:50 localhost su(pam_unix)[13653]: session opened for user guest by (uid=0)
May  8 07:44:50 localhost su(pam_unix)[13653]: session closed for user guest
May  8 07:44:50 localhost su(pam_unix)[13825]: session opened for user guest by (uid=0)
May  8 07:44:50 localhost su(pam_unix)[13825]: session closed for user guest
May  8 07:44:50 localhost su(pam_unix)[13998]: session opened for user guest by (uid=0)
May  8 07:44:50 localhost su(pam_unix)[13998]: session closed for user guest
May  8 07:44:50 localhost su(pam_unix)[14161]: session opened for user guest by (uid=0)
May  8 07:44:50 localhost su(pam_unix)[14161]: session closed for user guest
May  8 07:44:50 localhost su(pam_unix)[14325]: session opened for user guest by (uid=0)
May  8 07:44:50 localhost su(pam_unix)[14325]: session closed for user guest
May  8 07:44:50 localhost su(pam_unix)[14498]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[14498]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[14659]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[14659]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[14818]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[14818]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[14987]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[14987]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[15149]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[15149]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[15321]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[15321]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[15485]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[15485]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[15655]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[15655]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[15821]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[15821]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[15989]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[15989]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[16159]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[16159]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[16323]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[16323]: session closed for user guest
May  8 07:44:51 localhost su(pam_unix)[16516]: session opened for user guest by (uid=0)
May  8 07:44:51 localhost su(pam_unix)[16516]: session closed for user guest
May  8 07:44:52 localhost su(pam_unix)[16680]: session opened for user guest by (uid=0)
May  8 07:44:52 localhost su(pam_unix)[16680]: session closed for user guest
May  8 07:44:52 localhost su(pam_unix)[16850]: session opened for user guest by (uid=0)
May  8 07:44:52 localhost su(pam_unix)[16850]: session closed for user guest
May  8 07:44:52 localhost su(pam_unix)[17026]: session opened for user guest by (uid=0)
May  8 07:44:52 localhost su(pam_unix)[17026]: session closed for user guest
May  8 07:44:52 localhost su(pam_unix)[17190]: session opened for user guest by (uid=0)
May  8 07:44:52 localhost su(pam_unix)[17190]: session closed for user guest
May  8 07:44:52 localhost su(pam_unix)[17365]: session opened for user guest by (uid=0)
May  8 07:44:52 localhost su(pam_unix)[17365]: session closed for user guest
May  8 07:44:52 localhost su(pam_unix)[17542]: session opened for user guest by (uid=0)
May  8 07:44:52 localhost su(pam_unix)[17542]: session closed for user guest
May  8 07:44:52 localhost su(pam_unix)[17714]: session opened for user guest by (uid=0)
May  8 07:44:52 localhost su(pam_unix)[17714]: session closed for user guest
May  8 07:44:52 localhost su(pam_unix)[17872]: session opened for user guest by (uid=0)
May  8 07:44:52 localhost su(pam_unix)[17872]: session closed for user guest
May  8 07:44:52 localhost su(pam_unix)[18035]: session opened for user guest by (uid=0)
May  8 07:44:52 localhost su(pam_unix)[18035]: session closed for user guest

下面是我的/var/log/secure的内容
May  4 00:09:40 localhost sshd[11644]: Accepted password for root from ::ffff:16.66.166.61 port 1032 ssh2
May  4 08:09:40 localhost sshd[11643]: Accepted password for root from ::ffff:16.66.166.61 port 1032 ssh2
May  4 00:24:16 localhost sshd[12223]: Accepted password for root from ::ffff:16.66.166.61 port 1045 ssh2
May  4 08:24:16 localhost sshd[12222]: Accepted password for root from ::ffff:16.66.166.61 port 1045 ssh2
May  4 09:09:02 localhost sshd[12708]: Accepted password for center from ::ffff:16.66.166.61 port 1056 ssh2
May  4 01:09:02 localhost sshd[12709]: Accepted password for center from ::ffff:16.66.166.61 port 1056 ssh2
May  4 09:09:49 localhost sshd[12373]: Invalid user cnetr from ::ffff:16.66.166.61
May  4 01:09:49 localhost sshd[12374]: input_userauth_request: invalid user cnetr
May  4 01:09:49 localhost sshd[12374]: Failed none for invalid user cnetr from ::ffff:16.66.166.61 port 1057 ssh2
May  4 01:09:50 localhost sshd[12374]: Failed password for invalid user cnetr from ::ffff:16.66.166.61 port 1057 ssh2
May  4 09:09:50 localhost sshd[12373]: Failed none for invalid user cnetr from ::ffff:16.66.166.61 port 1057 ssh2
May  4 01:09:50 localhost sshd[12374]: Failed password for invalid user cnetr from ::ffff:16.66.166.61 port 1057 ssh2
May  4 09:09:50 localhost sshd[12373]: Failed password for invalid user cnetr from ::ffff:16.66.166.61 port 1057 ssh2
May  4 01:09:54 localhost sshd[12374]: Failed password for invalid user cnetr from ::ffff:16.66.166.61 port 1057 ssh2
May  4 09:09:54 localhost sshd[12373]: Failed password for invalid user cnetr from ::ffff:16.66.166.61 port 1057 ssh2
May  4 01:10:01 localhost sshd[12374]: Failed password for invalid user cnetr from ::ffff:16.66.166.61 port 1057 ssh2
May  4 09:10:01 localhost sshd[12373]: Failed password for invalid user cnetr from ::ffff:16.66.166.61 port 1057 ssh2
May  4 09:10:06 localhost sshd[12373]: Failed password for invalid user cnetr from ::ffff:16.66.166.61 port 1057 ssh2
May  4 01:10:06 localhost sshd[12374]: Failed password for invalid user cnetr from ::ffff:16.66.166.61 port 1057 ssh2
May  4 01:10:16 localhost sshd[12374]: Received disconnect from ::ffff:16.66.166.61: 13: Unable to authenticate
May  4 01:10:27 localhost sshd[12376]: Accepted password for center from ::ffff:16.66.166.61 port 1058 ssh2
May  4 09:10:27 localhost sshd[12375]: Accepted password for center from ::ffff:16.66.166.61 port 1058 ssh2
May  4 09:47:46 localhost sshd[16800]: Accepted password for center from ::ffff:16.66.166.62 port 1081 ssh2
May  4 01:47:46 localhost sshd[16801]: Accepted password for center from ::ffff:16.66.166.62 port 1081 ssh2
May  4 11:10:39 localhost sshd[20760]: Failed password for center from ::ffff:16.66.166.61 port 1136 ssh2
May  4 03:10:39 localhost sshd[20761]: Failed password for center from ::ffff:16.66.166.61 port 1136 ssh2
May  4 11:10:43 localhost sshd[20760]: Accepted password for center from ::ffff:16.66.166.61 port 1136 ssh2
May  4 03:10:43 localhost sshd[20761]: Accepted password for center from ::ffff:16.66.166.61 port 1136 ssh2
May  4 11:17:46 localhost sshd[25185]: Invalid user yizhi from ::ffff:16.66.166.215
May  4 03:17:46 localhost sshd[25186]: input_userauth_request: invalid user yizhi
May  4 03:17:46 localhost sshd[25186]: Failed none for invalid user yizhi from ::ffff:16.66.166.215 port 1027 ssh2
May  4 03:17:50 localhost sshd[25186]: Failed password for invalid user yizhi from ::ffff:16.66.166.215 port 1027 ssh2
May  4 11:17:50 localhost sshd[25185]: Failed none for invalid user yizhi from ::ffff:16.66.166.215 port 1027 ssh2
May  4 11:17:51 localhost sshd[25185]: Failed password for invalid user yizhi from ::ffff:16.66.166.215 port 1027 ssh2
May  4 03:17:51 localhost sshd[25186]: Failed password for invalid user yizhi from ::ffff:16.66.166.215 port 1027 ssh2
May  4 11:17:52 localhost sshd[25185]: Failed password for invalid user yizhi from ::ffff:16.66.166.215 port 1027 ssh2
May  4 03:17:52 localhost sshd[25186]: Failed password for invalid user yizhi from ::ffff:16.66.166.215 port 1027 ssh2
May  4 11:18:01 localhost sshd[25185]: Failed password for invalid user yizhi from ::ffff:16.66.166.215 port 1027 ssh2
May  4 03:18:01 localhost sshd[25186]: Failed password for invalid user yizhi from ::ffff:16.66.166.215 port 1027 ssh2
May  4 11:18:01 localhost sshd[25185]: Failed password for invalid user yizhi from ::ffff:16.66.166.215 port 1027 ssh2
May  4 03:18:01 localhost sshd[25186]: Failed password for invalid user yizhi from ::ffff:16.66.166.215 port 1027 ssh2
May  4 03:18:05 localhost sshd[25186]: Connection closed by ::ffff:16.66.166.215
May  4 03:18:43 localhost sshd[25190]: Accepted password for lhcxs from ::ffff:16.66.166.215 port 1028 ssh2
May  4 11:18:43 localhost sshd[25189]: Accepted password for lhcxs from ::ffff:16.66.166.215 port 1028 ssh2
May  4 11:18:45 localhost sshd[25191]: Received disconnect from ::ffff:16.66.166.215: 11: All open channels closed
May  4 15:19:13 localhost xinetd[16004]: START: telnet pid=27461 from=16.66.166.195
May  4 15:19:43 localhost xinetd[16004]: START: telnet pid=27490 from=16.66.166.195
May  4 15:20:15 localhost xinetd[16004]: START: telnet pid=27520 from=16.66.166.195
May  4 15:25:09 localhost xinetd[16004]: START: telnet pid=27615 from=16.66.166.168
May  4 15:25:16 localhost xinetd[16004]: START: telnet pid=27643 from=16.66.166.195
May  4 08:13:44 localhost sshd[28449]: Connection closed by ::ffff:16.66.166.215
May  5 08:28:15 localhost sshd[798]: Accepted password for test from ::ffff:16.66.166.61 port 1035 ssh2
May  5 00:28:15 localhost sshd[799]: Accepted password for test from ::ffff:16.66.166.61 port 1035 ssh2
May  5 00:37:31 localhost sshd[1001]: Accepted password for center from ::ffff:16.66.166.61 port 1037 ssh2
May  5 08:37:31 localhost sshd[1000]: Accepted password for center from ::ffff:16.66.166.61 port 1037 ssh2
May  5 09:05:44 localhost xinetd[16004]: START: telnet pid=16733 from=16.66.166.168
May  5 09:05:52 localhost login: FAILED LOGIN 1 FROM 16.66.166.168 FOR root, Authentication failure
May  5 09:06:00 localhost sshd[28255]: Accepted password for root from ::ffff:16.66.166.168 port 1189
May  5 01:06:00 localhost sshd[28267]: Accepted password for root from ::ffff:16.66.166.168 port 1189
May  5 10:00:44 localhost xinetd[16004]: START: telnet pid=27707 from=16.66.166.215
May  5 02:01:06 localhost sshd[10760]: Connection closed by ::ffff:16.66.166.215
May  5 10:47:33 localhost xinetd[16004]: START: telnet pid=30734 from=16.66.166.195
May  5 16:24:51 localhost xinetd[16004]: START: telnet pid=22768 from=16.66.166.61
May  5 16:29:14 localhost xinetd[16004]: START: telnet pid=21332 from=16.66.166.61
May  5 19:31:46 localhost xinetd[16004]: START: telnet pid=11232 from=16.66.166.222
May  6 07:58:06 localhost sshd[26590]: Accepted password for center from ::ffff:16.66.166.61 port 1036 ssh2
May  5 23:58:06 localhost sshd[26609]: Accepted password for center from ::ffff:16.66.166.61 port 1036 ssh2
May  6 10:44:21 localhost sshd[25270]: Accepted password for root from ::ffff:16.66.166.195 port 4738
May  6 02:44:21 localhost sshd[25282]: Accepted password for root from ::ffff:16.66.166.195 port 4738
May  6 11:12:38 localhost sshd[3191]: Accepted password for root from ::ffff:16.66.166.195 port 4823
May  6 03:12:38 localhost sshd[3202]: Accepted password for root from ::ffff:16.66.166.195 port 4823
May  6 11:17:25 localhost sshd[20616]: Accepted password for root from ::ffff:16.66.166.195 port 4842
May  6 03:17:25 localhost sshd[20629]: Accepted password for root from ::ffff:16.66.166.195 port 4842
May  6 12:17:46 localhost sshd[12512]: Accepted password for root from ::ffff:16.66.166.195 port 1788
May  6 04:17:46 localhost sshd[12517]: Accepted password for root from ::ffff:16.66.166.195 port 1788
May  6 06:18:23 localhost sshd[3544]: Accepted password for root from ::ffff:16.66.166.195 port 2956
May  6 14:18:23 localhost sshd[3536]: Accepted password for root from ::ffff:16.66.166.195 port 2956
May  6 16:18:39 localhost sshd[23526]: Accepted password for root from ::ffff:16.66.166.195 port 4613
May  6 08:18:39 localhost sshd[23531]: Accepted password for root from ::ffff:16.66.166.195 port 4613
May  6 08:50:15 localhost sshd[29157]: Connection closed by ::ffff:16.66.166.215
May  6 17:04:01 localhost xinetd[16004]: START: telnet pid=17696 from=16.66.166.210
May  6 09:04:33 localhost sshd[19110]: Connection closed by ::ffff:16.66.166.212
May  6 09:06:09 localhost sshd[4011]: Connection closed by ::ffff:16.66.166.215
May  7 09:52:08 localhost xinetd[16004]: START: telnet pid=8998 from=16.66.166.212
May  7 01:52:29 localhost sshd[24353]: Connection closed by ::ffff:16.66.166.212
May  7 09:54:02 localhost xinetd[16004]: START: telnet pid=15113 from=16.66.166.211
May  7 09:57:00 localhost sshd[16361]: Accepted password for center from ::ffff:16.66.166.62 port 1069 ssh2
May  7 01:57:00 localhost sshd[16375]: Accepted password for center from ::ffff:16.66.166.62 port 1069 ssh2
May  7 10:26:05 localhost xinetd[16004]: START: telnet pid=1542 from=16.66.166.212
May  7 10:27:55 localhost xinetd[16004]: START: telnet pid=2989 from=16.66.166.213
May  7 10:28:55 localhost xinetd[16004]: START: telnet pid=9547 from=16.66.166.213
May  7 10:29:55 localhost xinetd[16004]: START: telnet pid=16025 from=16.66.166.213
May  7 10:30:37 localhost xinetd[16004]: START: telnet pid=607 from=16.66.166.168
May  7 10:30:55 localhost xinetd[16004]: START: telnet pid=22558 from=16.66.166.213
May  7 10:31:55 localhost xinetd[16004]: START: telnet pid=29089 from=16.66.166.213
May  7 10:32:55 localhost xinetd[16004]: START: telnet pid=3054 from=16.66.166.213
May  7 10:33:55 localhost xinetd[16004]: START: telnet pid=9519 from=16.66.166.213
May  7 10:34:55 localhost xinetd[16004]: START: telnet pid=16005 from=16.66.166.213
May  7 10:35:56 localhost xinetd[16004]: START: telnet pid=22476 from=16.66.166.213
May  7 10:35:59 localhost xinetd[16004]: START: telnet pid=26468 from=16.66.166.79
May  7 10:36:56 localhost xinetd[16004]: START: telnet pid=29006 from=16.66.166.213
May  7 10:37:56 localhost xinetd[16004]: START: telnet pid=3044 from=16.66.166.213
May  7 10:38:56 localhost xinetd[16004]: START: telnet pid=9492 from=16.66.166.213
May  7 10:39:56 localhost xinetd[16004]: START: telnet pid=16054 from=16.66.166.213
May  7 10:40:56 localhost xinetd[16004]: START: telnet pid=22582 from=16.66.166.213
May  7 10:40:57 localhost xinetd[16004]: START: telnet pid=23791 from=16.66.166.79
May  7 10:41:28 localhost xinetd[16004]: START: telnet pid=28072 from=16.66.166.79
May  7 10:41:56 localhost xinetd[16004]: START: telnet pid=29091 from=16.66.166.213
May  7 10:42:56 localhost xinetd[16004]: START: telnet pid=3115 from=16.66.166.213
May  7 10:43:16 localhost xinetd[16004]: START: telnet pid=27396 from=16.66.166.168
May  7 10:43:56 localhost xinetd[16004]: START: telnet pid=9647 from=16.66.166.213
May  7 10:44:56 localhost xinetd[16004]: START: telnet pid=16100 from=16.66.166.213
May  7 10:45:56 localhost xinetd[16004]: START: telnet pid=22536 from=16.66.166.213
May  7 10:46:56 localhost xinetd[16004]: START: telnet pid=28920 from=16.66.166.213
May  7 10:47:56 localhost xinetd[16004]: START: telnet pid=2930 from=16.66.166.213
May  7 10:48:56 localhost xinetd[16004]: START: telnet pid=9432 from=16.66.166.213
May  7 10:49:56 localhost xinetd[16004]: START: telnet pid=15957 from=16.66.166.213
May  7 10:50:56 localhost xinetd[16004]: START: telnet pid=22483 from=16.66.166.213
May  7 10:51:56 localhost xinetd[16004]: START: telnet pid=28912 from=16.66.166.213
May  7 10:52:56 localhost xinetd[16004]: START: telnet pid=3017 from=16.66.166.213
May  7 10:53:56 localhost xinetd[16004]: START: telnet pid=9540 from=16.66.166.213
May  7 10:54:56 localhost xinetd[16004]: START: telnet pid=15996 from=16.66.166.213
May  7 10:55:56 localhost xinetd[16004]: START: telnet pid=22423 from=16.66.166.213
May  7 10:56:56 localhost xinetd[16004]: START: telnet pid=28909 from=16.66.166.213
May  7 10:57:56 localhost xinetd[16004]: START: telnet pid=2841 from=16.66.166.213
May  7 10:58:56 localhost xinetd[16004]: START: telnet pid=9330 from=16.66.166.213
May  7 10:59:57 localhost xinetd[16004]: START: telnet pid=15873 from=16.66.166.213
May  7 11:00:57 localhost xinetd[16004]: START: telnet pid=22478 from=16.66.166.213

rucypli · 发表于 2008-5-15 17:06:00

把guest密码改了，然后让它猜root密码去吧，猜个十年也猜不出来

		自动登录	找回密码
密码			注册

各位大哥，下面是我的message里的内容，是不是遭受攻击了？

本帖子中包含更多资源

浏览过的版块