帮忙看看,这家伙在做什么?

element

Jul 29 23:58:20 localhost vsftpd(pam_unix)[6948]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:20 localhost vsftpd(pam_unix)[6950]: check pass; user unknown
Jul 29 23:58:20 localhost vsftpd(pam_unix)[6950]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:20 localhost vsftpd(pam_unix)[6952]: check pass; user unknown

Jul 29 23:58:20 localhost vsftpd(pam_unix)[6952]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:20 localhost vsftpd(pam_unix)[6956]: check pass; user unknown
Jul 29 23:58:20 localhost vsftpd(pam_unix)[6956]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6953]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6953]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd: warning: can't get client address: Bad file descriptor
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6958]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6958]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd: warning: can't get client address: Bad file descriptor
Jul 29 23:58:21 localhost last message repeated 6 times
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6960]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6960]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6964]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6964]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6968]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6968]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6962]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6962]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6966]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6966]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6970]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6970]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6972]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6972]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd: warning: can't get client address: Bad file descriptor
Jul 29 23:58:21 localhost last message repeated 8 times
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6974]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6974]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6976]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6976]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6978]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6978]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6980]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6980]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6982]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6982]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6983]: check pass; user unknown
Jul 29 23:58:21 localhost vsftpd(pam_unix)[6983]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6986]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6986]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6988]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6988]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6990]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6990]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd: warning: can't get client address: Bad file descriptor
Jul 29 23:58:22 localhost last message repeated 3 times
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6992]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6992]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6994]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6994]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6996]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6996]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6998]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[6998]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd: warning: can't get client address: Bad file descriptor
Jul 29 23:58:22 localhost last message repeated 6 times
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7000]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7000]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7002]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7002]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7008]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7008]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7010]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7010]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7003]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7003]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7006]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7006]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd: warning: can't get client address: Bad file descriptor
Jul 29 23:58:22 localhost last message repeated 3 times
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7018]: check pass; user unknown
Jul 29 23:58:22 localhost vsftpd(pam_unix)[7018]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:22 localhost vsftpd: warning: can't get client address: Bad file descriptor
Jul 29 23:58:25 localhost last message repeated 26 times
Jul 29 23:58:25 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:25 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:28 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:28 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:30 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:30 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:33 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:33 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:35 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:35 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:38 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:38 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:40 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:40 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:43 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:43 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:45 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:45 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:48 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:48 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:50 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:50 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:53 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:53 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:55 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:55 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:58:58 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:58:58 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:59:00 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:59:00 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83
Jul 29 23:59:03 localhost vsftpd(pam_unix)[7074]: check pass; user unknown
Jul 29 23:59:03 localhost vsftpd(pam_unix)[7074]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.114.32.83

Glue

10.114.32.83，这个IP不是你的吧。
你是说有人想黑你。
有可能。

Glue

可是你的信息太少了，
没法子看出什么来。

tower

有没有办法让对方在n时间内x次pam auth错误就 封了对方的IP的配置？
是不是要针对pam 和 iptables写脚本，有没有人会啊

nobody_am

10.0.0.0是A类保留地址，直接用iptables挡住(但是希望不是你内部网的地址)
# iptables -A INPUT -s 10.0.0.0/8 -i eth0 -j DROP

seraph_q

那家伙在用蚂蚁一类的软件想下载你的东西，并且设置了“总是重试”。

folklore

uid=0,euip=0,就是说它想得到root权限（root的uid=0,当然euid也=0）

包子

他在以10.114.32.83用root登陆，但是失败，我估计是在用一些跑密码的东西来跑，我没用过vsftpd，但听说他是最安全的FTPD，不过我觉得他在用户配置那里很麻烦，而且相关的DOC也特别的少，所以我就选择了pure-ftpd

那家伙在用蚂蚁一类的软件想下载你的东西，并且设置了“总是重试”。

这个不大可能，因为uid是0……

不过logname=这个是空的又很奇怪哦……

没接触过vsftpd了，如果可以放一段正常的日志上来比较就最好不过了

folklore

quot：不过logname=这个是空的又很奇怪哦
没什么怪的，关键在uid=0!
如果你可以更改passwd和group文件的话，你大可以把你的root账号改为sa或其他什么东西，但它的uid是0，它还是root!!

包子

对哦
但是我觉得那个人应该是在猜密码的，因为他猜的是uid=0的密码，一般猜这个比较有意义吧……不过vsftpd可以chroot的，如果没有SSH OR TELNET的话，意义不大

但是如果是在猜密码的话，登陆名应该是root啊~~~~

难道……
那个机器他以前黑过？
被人加了个为空的用户，UID为0，但是他忘记密码了~~？
我试了一下，把用户名改为空了登陆不了，ssh
是不是空用户名有另外一个表示方法呢？
还请各位兄弟赐教哦