Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-05-14, 17:05:29
« previous next »
Pages: [1]   Go Down

Author Topic: Arti Log Secure pada kloxo MR  (Read 4513 times)

0 Members and 1 Guest are viewing this topic.

Offline anasmcguire

  • Junior Member
  • *
  • Posts: 37
  • Karma: +0/-0
  • Gender: Male
    • View Profile
Arti Log Secure pada kloxo MR
« on: 2014-06-09, 09:56:34 »
Mohon bantuannya, beberapa waktu yang lalu website saya loadingnya sangat lambat. Ketika saya cek di log manager bagian Secure muncul log seperti berikut:

Code: [Select]
Jun  8 03:38:46 vps sshd[3998]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 03:39:38 vps Rootkit Hunter: Rootkit hunter check started (version 1.4.0)
Jun  8 03:46:21 vps sshd[7763]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 03:46:35 vps Rootkit Hunter: Scanning took 6 minutes and 55 seconds
Jun  8 03:46:35 vps Rootkit Hunter: Please inspect this machine, because it may be infected.
Jun  8 03:53:55 vps sshd[10427]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 04:01:42 vps sshd[10469]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 04:16:50 vps sshd[10590]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 04:24:24 vps sshd[10647]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 04:32:06 vps sshd[10665]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 04:39:46 vps sshd[10692]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 04:47:16 vps sshd[10714]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 04:53:54 vps sshd[10730]: refused connect from 116.10.191.169 (116.10.191.169)
Jun  8 04:54:31 vps sshd[10733]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 05:02:16 vps sshd[10768]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 05:09:54 vps sshd[10790]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 05:17:19 vps sshd[10820]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 05:25:29 vps sshd[10859]: refused connect from 116.10.191.166 (116.10.191.166)
Jun  8 05:32:03 vps sshd[10891]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 05:39:45 vps sshd[10927]: refused connect from 95.253.198.178 (95.253.198.178)
Jun  8 05:46:15 vps sshd[1617]: Received disconnect from 125.164.2.161: 11: User exit
Jun  8 05:46:15 vps sshd[1617]: pam_unix(sshd:session): session closed for user root
Jun  8 05:46:16 vps sshd[979]: Received signal 15; terminating.
Jun  8 05:46:16 vps sshd[10969]: Server listening on 0.0.0.0 port 22000.
Jun  8 05:46:16 vps sshd[10969]: Server listening on :: port 22000.
Jun  8 05:46:32 vps sshd[10972]: reverse mapping checking getaddrinfo for 161.subnet125-164-2.speedy.telkom.net.id [125.164.2.161] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun  8 05:46:32 vps sshd[10972]: Accepted password for root from 125.164.2.161 port 54370 ssh2
Jun  8 05:46:32 vps sshd[10972]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun  8 05:46:32 vps sshd[10972]: subsystem request for sftp
Jun  8 05:46:32 vps sshd[10972]: subsystem request for sftp
Jun  8 05:46:32 vps sshd[10976]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun  8 05:46:32 vps sshd[10976]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun  8 06:46:44 vps sshd[10972]: Received disconnect from 125.164.2.161: 11: User exit
Jun  8 06:46:44 vps sshd[10972]: pam_unix(sshd:session): session closed for user root
Jun  8 07:18:03 vps sshd[11571]: reverse mapping checking getaddrinfo for 161.subnet125-164-2.speedy.telkom.net.id [125.164.2.161] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun  8 07:18:06 vps sshd[11571]: Accepted password for root from 125.164.2.161 port 60346 ssh2
Jun  8 07:18:08 vps sshd[11571]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun  8 07:18:08 vps sshd[11571]: subsystem request for sftp
Jun  8 07:18:08 vps sshd[11574]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun  8 07:18:08 vps sshd[11574]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun  8 07:21:38 vps sshd[11571]: Received disconnect from 125.164.2.161: 11: User exit
Jun  8 07:21:38 vps sshd[11571]: pam_unix(sshd:session): session closed for user root
Jun  8 07:22:28 vps sshd[11663]: reverse mapping checking getaddrinfo for 161.subnet125-164-2.speedy.telkom.net.id [125.164.2.161] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun  8 07:22:28 vps sshd[11663]: Accepted password for root from 125.164.2.161 port 60595 ssh2
Jun  8 07:22:28 vps sshd[11663]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun  8 07:22:29 vps sshd[11663]: subsystem request for sftp
Jun  8 07:22:29 vps sshd[11666]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun  8 07:22:29 vps sshd[11666]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jun  8 07:23:00 vps sshd[11663]: Received disconnect from 125.164.2.161: 11: User exit
Jun  8 07:23:00 vps sshd[11663]: pam_unix(sshd:session): session closed for user root
Jun  9 03:43:47 vps Rootkit Hunter: Rootkit hunter check started (version 1.4.0)
Jun  9 03:47:45 vps Rootkit Hunter: Scanning took 3 minutes and 57 seconds
Jun  9 03:47:45 vps Rootkit Hunter: Please inspect this machine, because it may be infected.
Logged
Kloxo-MR emang markotop!!!

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Arti Log Secure pada kloxo MR
« Reply #1 on: 2014-06-09, 10:33:23 »
Coba bandingkan dengan 'lxguard'.

Banyak hacker coba akses ke ssh tapi Kloxo-MR sudah ada 'pertahanan' melalui lxguard.
Logged
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline anasmcguire

  • Junior Member
  • *
  • Posts: 37
  • Karma: +0/-0
  • Gender: Male
    • View Profile
Re: Arti Log Secure pada kloxo MR
« Reply #2 on: 2014-06-09, 10:50:54 »
di Lxguard sendiri ada banyak sekali IP Address yang diblokir. Saya menduga ada yang mencoba masuk melalui ssh menggunakan brute force.

Untuk pencegahan saya mengubah nilai pada "Disable When This Many Wrong Attempts" pada bagian Lxguard menjadi 2. Kemudian mengganti port ssh selain 22. Apakah yang saya lakukan sudah benar? langkah apa lagi yang harus saya lakukan untuk pencegahan brute force ssh?
Logged
Kloxo-MR emang markotop!!!

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Arti Log Secure pada kloxo MR
« Reply #3 on: 2014-06-09, 10:59:14 »
Quote from: anasmcguire on 2014-06-09, 10:50:54
di Lxguard sendiri ada banyak sekali IP Address yang diblokir. Saya menduga ada yang mencoba masuk melalui ssh menggunakan brute force.

Untuk pencegahan saya mengubah nilai pada "Disable When This Many Wrong Attempts" pada bagian Lxguard menjadi 2. Kemudian mengganti port ssh selain 22. Apakah yang saya lakukan sudah benar? langkah apa lagi yang harus saya lakukan untuk pencegahan brute force ssh?
Sebaiknya jangan nilai 2. Cukup 10. Jangan lupa tambahkan IP remote anda pada whitelist (tentunya jika anda akses melalui 'static' IP). Ganti port ssh adalah salahsatu solusi.
Logged
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline anasmcguire

  • Junior Member
  • *
  • Posts: 37
  • Karma: +0/-0
  • Gender: Male
    • View Profile
Re: Arti Log Secure pada kloxo MR
« Reply #4 on: 2014-06-09, 11:22:11 »
Baik, saya sudah mengganti menjadi 10. namun, saya tidak menggunakan whitelist karena IP saya dinamis. Makasih ya om :)
Logged
Kloxo-MR emang markotop!!!
Pages: [1]   Go Up
« previous next »
 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix

Page created in 0.063 seconds with 22 queries.

web stats analysis