晚上收到腾讯云短信提示中木马了:
赶紧登录服务器调查,起初怀疑网站有漏洞,调查后发现我设置的 FTP 用户名密码太简单了,被人暴力破解了:
# grep failed /var/log/messages | wc -l
1008
# grep failed /var/log/messages | tail -10
Jan 16 22:57:06 VM-4-3-centos pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [www-data]
Jan 16 22:57:11 VM-4-3-centos pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [www-data]
Jan 16 22:57:15 VM-4-3-centos pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [www-data]
Jan 16 22:57:21 VM-4-3-centos pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [www-data]
Jan 16 22:57:26 VM-4-3-centos pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [www-data]
Jan 16 22:57:30 VM-4-3-centos pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [www-data]
Jan 16 22:57:34 VM-4-3-centos pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [www-data]
Jan 16 22:57:37 VM-4-3-centos pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [www-data]
Jan 16 22:57:43 VM-4-3-centos pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [www-data]
我已经修改了 FTP 登录信息,改用更加复杂的密码了,并重启了 FTP 服务。现在还想想了解下如何防止暴力破解?
环境:腾讯云轻量服务器官方宝塔控制面板(CentOS)+ Pure-FTPd