Re: случай: взлом сервера, предположения, советы
Posted: Tue Aug 30, 2016 8:09 am
Я после установки, сразу выношу SSH и Vesta на нестандартный порт. И добавляю его в fail2ban это отсекает 99% попыток перебора. В логах чисто почти.
Community Forum
https://forum.vestacp.com/
Во всех без исключения адекватных сервисах на случай утери доступа к 2FA создаются длинные и сложные одноразовые пароли для входа и отключение 2FA. Эти пароли создаёт сам сервис еще в момент привязки устройства к аккаунту. Сходите на cloudflare.com за примером, прекрасная реализация авторизации.Alex Connor wrote: ↑Fri Apr 13, 2018 4:11 am2.Google Authenticator конечно вещь хорошая, не спорю. Но представьте себе ситуацию, когда по независящим от вас обстоятельствам вы не можете воспользоваться данной програмой? (например элементарная причина - случайно удалил). Один раз столкнулся с ситуацией, когда настроил 2FA на своей учетке TeamViewer и через несколько месяцев у меня сломался телефон (ремонту он не подлежит). В этом случае для того, чтобы восстановить свою учтетную запись, пришлось несколько дней потратить на общение с ТП и искать среди тысяч документов файл, в котором есть подтверждение, что я владелец/совладелец лицензии. Благо он нашелся и удалось восстановить доступ. С того момента использую подобную программу (Authy), в ней есть возможность резервного копирования и защита дополнительным паролем всех данных на облаке, а так же при открытии проги надо тоже ввести пароль.
Я вот это для кого писал? Научись читать внимательно, флуд разводишь.Alex Connor wrote: ↑Fri Apr 13, 2018 4:11 amНо представьте себе ситуацию, когда по независящим от вас обстоятельствам вы не можете воспользоваться данной програмой?
Code: Select all
May 10 04:35:01 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 10 04:35:01 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 10 04:35:02 username sudo: pam_unix(sudo:session): session closed for user root
May 10 04:35:02 username CRON[24861]: pam_unix(cron:session): session closed for user admin
May 10 04:35:03 username sudo: root : TTY=unknown ; PWD=/usr/local/vesta/web/softaculous ; USER=root ; COMMAND=/usr/local/vesta/bin/v-list-user admin json
May 10 04:35:03 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 10 04:35:03 username sudo: pam_unix(sudo:session): session closed for user root
May 10 04:35:03 username sudo: root : TTY=unknown ; PWD=/usr/local/vesta/web/softaculous ; USER=root ; COMMAND=/usr/local/vesta/bin/v-list-user username json
May 10 04:35:03 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 10 04:35:03 username sudo: pam_unix(sudo:session): session closed for user root
May 10 04:35:03 username CRON[24859]: pam_unix(cron:session): session closed for user root
May 10 04:35:05 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:05:02 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:05:02 username CRON[4407]: pam_unix(cron:session): session closed for user admin
May 11 17:05:02 username sudo: root : TTY=unknown ; PWD=/usr/local/vesta/web/softaculous ; USER=root ; COMMAND=/usr/local/vesta/bin/v-list-user admin json
May 11 17:05:02 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 11 17:05:03 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:05:03 username sudo: root : TTY=unknown ; PWD=/usr/local/vesta/web/softaculous ; USER=root ; COMMAND=/usr/local/vesta/bin/v-list-user username json
May 11 17:05:03 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 11 17:05:03 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:05:03 username CRON[4405]: pam_unix(cron:session): session closed for user root
May 11 17:05:04 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:05:04 username CRON[4406]: pam_unix(cron:session): session closed for user admin
May 11 17:05:36 username sshd[4609]: Invalid user teran from 36.189.255.162 port 52653
May 11 17:05:36 username sshd[4609]: pam_unix(sshd:auth): check pass; user unknown
May 11 17:05:36 username sshd[4609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.189.255.162
May 11 17:05:37 username sshd[4609]: Failed password for invalid user teran from 36.189.255.162 port 52653 ssh2
May 11 17:05:38 username sshd[4609]: Received disconnect from 36.189.255.162 port 52653:11: Bye Bye [preauth]
May 11 17:05:38 username sshd[4609]: Disconnected from invalid user teran 36.189.255.162 port 52653 [preauth]
May 11 17:06:01 username CRON[4613]: pam_unix(cron:session): session opened for user username by (uid=0)
May 11 17:06:01 username CRON[4612]: pam_unix(cron:session): session opened for user username by (uid=0)
May 11 17:06:02 username CRON[4613]: pam_unix(cron:session): session closed for user username
May 11 17:06:02 username CRON[4612]: pam_unix(cron:session): session closed for user username
May 11 17:08:01 username CRON[4641]: pam_unix(cron:session): session opened for user username by (uid=0)
May 11 17:08:01 username CRON[4640]: pam_unix(cron:session): session opened for user username by (uid=0)
May 11 17:08:01 username CRON[4639]: pam_unix(cron:session): session opened for user root by (uid=0)
May 11 17:08:01 username CRON[4639]: pam_unix(cron:session): session closed for user root
May 11 17:08:02 username CRON[4641]: pam_unix(cron:session): session closed for user username
May 11 17:08:02 username CRON[4640]: pam_unix(cron:session): session closed for user username
May 11 17:09:01 username CRON[7476]: pam_unix(cron:session): session opened for user root by (uid=0)
May 11 17:09:01 username CRON[7476]: pam_unix(cron:session): session closed for user root
May 11 17:09:24 username sshd[9648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.189.255.162 user=admin
May 11 17:09:26 username sshd[9648]: Failed password for admin from 36.189.255.162 port 44439 ssh2
May 11 17:09:26 username sshd[9648]: Received disconnect from 36.189.255.162 port 44439:11: Bye Bye [preauth]
May 11 17:09:26 username sshd[9648]: Disconnected from authenticating user admin 36.189.255.162 port 44439 [preauth]
May 11 17:10:01 username CRON[14585]: pam_unix(cron:session): session opened for user username by (uid=0)
May 11 17:10:01 username CRON[14584]: pam_unix(cron:session): session opened for user username by (uid=0)
May 11 17:10:01 username CRON[14583]: pam_unix(cron:session): session opened for user admin by (uid=0)
May 11 17:10:01 username CRON[14582]: pam_unix(cron:session): session opened for user admin by (uid=0)
May 11 17:10:01 username CRON[14581]: pam_unix(cron:session): session opened for user root by (uid=0)
May 11 17:10:01 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 11 17:10:01 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 11 17:10:03 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:10:03 username CRON[14583]: pam_unix(cron:session): session closed for user admin
May 11 17:10:05 username CRON[14584]: pam_unix(cron:session): session closed for user username
May 11 17:10:05 username CRON[14585]: pam_unix(cron:session): session closed for user username
May 11 17:10:06 username sudo: root : TTY=unknown ; PWD=/usr/local/vesta/web/softaculous ; USER=root ; COMMAND=/usr/local/vesta/bin/v-list-user admin json
May 11 17:10:06 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 11 17:10:06 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:10:06 username sudo: root : TTY=unknown ; PWD=/usr/local/vesta/web/softaculous ; USER=root ; COMMAND=/usr/local/vesta/bin/v-list-user username json
May 11 17:10:06 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 11 17:10:06 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:10:07 username CRON[14581]: pam_unix(cron:session): session closed for user root
May 11 17:10:09 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:10:09 username CRON[14582]: pam_unix(cron:session): session closed for user admin
May 11 17:12:01 username CRON[29105]: pam_unix(cron:session): session opened for user username by (uid=0)
May 11 17:12:01 username CRON[29104]: pam_unix(cron:session): session opened for user username by (uid=0)
May 11 17:12:03 username CRON[29104]: pam_unix(cron:session): session closed for user username
May 11 17:12:03 username CRON[29105]: pam_unix(cron:session): session closed for user username
May 11 17:14:02 username CRON[9136]: pam_unix(cron:session): session opened for user username by (uid=0)
May 11 17:14:02 username CRON[9137]: pam_unix(cron:session): session opened for user username by (uid=0)
May 11 17:14:04 username CRON[9137]: pam_unix(cron:session): session closed for user username
May 11 17:14:04 username CRON[9136]: pam_unix(cron:session): session closed for user username
May 11 17:15:01 username CRON[13328]: pam_unix(cron:session): session opened for user root by (uid=0)
May 11 17:15:01 username CRON[13330]: pam_unix(cron:session): session opened for user admin by (uid=0)
May 11 17:15:01 username CRON[13329]: pam_unix(cron:session): session opened for user admin by (uid=0)
May 11 17:15:01 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 11 17:15:01 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 11 17:15:02 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:15:02 username CRON[13330]: pam_unix(cron:session): session closed for user admin
May 11 17:15:03 username sudo: root : TTY=unknown ; PWD=/usr/local/vesta/web/softaculous ; USER=root ; COMMAND=/usr/local/vesta/bin/v-list-user admin json
May 11 17:15:03 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 11 17:15:03 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:15:03 username sudo: root : TTY=unknown ; PWD=/usr/local/vesta/web/softaculous ; USER=root ; COMMAND=/usr/local/vesta/bin/v-list-user username json
May 11 17:15:03 username sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 11 17:15:03 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:15:04 username CRON[13328]: pam_unix(cron:session): session closed for user root
May 11 17:15:08 username sudo: pam_unix(sudo:session): session closed for user root
May 11 17:15:08 username CRON[13329]: pam_unix(cron:session): session closed for user admin
May 11 17:16:01 username CRON[13584]: pam_unix(cron:session): session opened for user username by (uid=0)
May 11 17:16:01 username CRON[13583]: pam_unix(cron:session): session opened for user username by (uid=0)