我的群晖被盯上了吗?这么多被自动封锁的IP?
本帖最后由 epwwm 于 2019-7-30 09:18 编辑这几天,突然来了这么多个IP,我设定成3分钟内输错码次密码就封锁IP,之前好多天才一个IP..
另外,群晖本为很快,这段时间么应变慢了,特别是主界面,经常是加载中的,但FTP和映射的磁盘却没慢,moment也是变慢了 感觉你开的端口多了,可能被扫了,我只开了两个端口,过一段再开几个 ssh,telnet都开了,没办法是黑群,不开,怕被砖了,到时救不了,已试一次,还好救回了 epwwm 发表于 2019-7-30 11:45
ssh,telnet都开了,没办法是黑群,不开,怕被砖了,到时救不了,已试一次,还好救回了 ...
被砖, 是什么样的情况? zajia 发表于 2019-7-30 11:47
被砖, 是什么样的情况?
打不开管理页面,显示找不到网页…… 6.1.7 update3的黑裙,貌似没有过打不开管理页面的情况啊,只要数据盘还在,用启动盘进去可以修复,找回数据的 黑裙没啥意义吧,不能远程,家庭共享装个ubuntu就可以了。 epwwm 发表于 2019-7-30 11:45
ssh,telnet都开了,没办法是黑群,不开,怕被砖了,到时救不了,已试一次,还好救回了 ...
我觉得ssh,telnet都开也没问题吧,难道你直接挂公网上了?挂局域网的话,端口别转发这几个,外面也连不了吧 改成1分钟2次错误就封IP,操!!!一上午就有十多个IP被封,那来的?
风险高,只好改了DSM的默认端口,于是世界清静了…… jiaowoxiaolu 发表于 2019-7-30 16:58
前两天手机看新闻,有一个说现在很多黑客专门扫描网络上的NAS,用字典不断尝试登陆密码,成功后放个勒索病 ...
mbd我买的腾讯云装win2016结果一天有几万个登录失败日志,艹,立马上官网把IP策略调了一遍,清净了 wye11083 发表于 2019-7-30 23:08
mbd我买的腾讯云装win2016结果一天有几万个登录失败日志,艹,立马上官网把IP策略调了一遍,清净了 ...
登录成功或者失败的日志在哪里看?另外,能不能看得到哪个用户啥时候在活动?我的是win2008 epwwm 发表于 2019-7-30 11:45
ssh,telnet都开了,没办法是黑群,不开,怕被砖了,到时救不了,已试一次,还好救回了 ...
之前出什么情况了? meerlin 发表于 2019-7-31 00:00
之前出什么情况了?
打不开管理页面,显示找不到网页……
只要是黑群就会有这个风险,数据不会掉,但得重装,麻烦 想知道楼主的群晖是怎么上外网的,我的一直不成功 原来你用了默认5000端口,肯定被扫啊
换成六位数的高端口就极少有报警 吓得我看了下我的openwrt,也是一大堆登陆请求。我是连着外网开ssh和luci的,还有端口转发映射到香蕉派。方便上班时偶尔玩一下,或者在外面能访问香蕉派硬盘里的数据。
Tue Jul 30 20:03:10 2019 authpriv.info dropbear: Exit before auth (user 'root', 1 fails): Disconnect received
Tue Jul 30 20:05:00 2019 cron.info crond: USER root pid 17647 cmd /root/refreship.sh
Tue Jul 30 20:05:03 2019 authpriv.info dropbear: Child connection from 222.187.200.229:39446
Tue Jul 30 20:05:05 2019 authpriv.warn dropbear: Bad password attempt for 'root' from 222.187.200.229:39446
Tue Jul 30 20:05:05 2019 authpriv.info dropbear: Exit before auth (user 'root', 1 fails): Disconnect received
Tue Jul 30 20:05:18 2019 authpriv.info dropbear: Child connection from 119.147.213.219:34126
Tue Jul 30 20:05:19 2019 authpriv.warn dropbear: Bad password attempt for 'root' from 119.147.213.219:34126
Tue Jul 30 20:05:20 2019 authpriv.info dropbear: Exit before auth (user 'root', 1 fails): Disconnect received
Tue Jul 30 20:06:03 2019 authpriv.info dropbear: Child connection from 222.187.200.229:38226
Tue Jul 30 20:06:05 2019 authpriv.warn dropbear: Bad password attempt for 'root' from 222.187.200.229:38226
Tue Jul 30 20:06:05 2019 authpriv.info dropbear: Exit before auth (user 'root', 1 fails): Disconnect received
Tue Jul 30 20:06:16 2019 authpriv.info dropbear: Child connection from 119.147.213.219:56454
Tue Jul 30 20:06:17 2019 authpriv.warn dropbear: Bad password attempt for 'root' from 119.147.213.219:56454
Tue Jul 30 20:06:17 2019 authpriv.info dropbear: Exit before auth (user 'root', 1 fails): Disconnect received
Tue Jul 30 20:07:59 2019 authpriv.info dropbear: Child connection from 222.187.200.229:33410
Tue Jul 30 20:08:01 2019 authpriv.warn dropbear: Bad password attempt for 'root' from 222.187.200.229:33410
Tue Jul 30 20:08:01 2019 authpriv.info dropbear: Exit before auth (user 'root', 1 fails): Disconnect received
Tue Jul 30 20:08:29 2019 authpriv.info dropbear: Child connection from 119.147.213.219:55284
Tue Jul 30 20:08:31 2019 authpriv.warn dropbear: Bad password attempt for 'root' from 119.147.213.219:55284
Tue Jul 30 20:08:31 2019 authpriv.info dropbear: Exit before auth (user 'root', 1 fails): Disconnect received
Tue Jul 30 20:08:59 2019 authpriv.info dropbear: Child connection from 222.187.200.229:60322
Tue Jul 30 20:09:00 2019 authpriv.warn dropbear: Bad password attempt for 'root' from 222.187.200.229:60322
Tue Jul 30 20:09:01 2019 authpriv.info dropbear: Exit before auth (user 'root', 1 fails): Disconnect received
Tue Jul 30 20:09:29 2019 authpriv.info dropbear: Child connection from 119.147.213.219:49810
Tue Jul 30 20:09:31 2019 authpriv.warn dropbear: Bad password attempt for 'root' from 119.147.213.219:49810
Tue Jul 30 20:09:31 2019 authpriv.info dropbear: Exit before auth (user 'root', 1 fails): Disconnect received
Tue Jul 30 20:10:00 2019 cron.info crond: USER root pid 17665 cmd /root/refreship.sh
Tue Jul 30 20:10:54 2019 authpriv.info dropbear: Child connection from 222.187.200.229:55506
Tue Jul 30 20:10:55 2019 authpriv.warn dropbear: Bad password attempt for 'root' from 222.187.200.229:55506
Tue Jul 30 20:10:56 2019 authpriv.info dropbear: Exit before auth (user 'root', 1 fails): Disconnect received
Tue Jul 30 20:11:54 2019 authpriv.info dropbear: Child connection from 222.187.200.229:54308
Tue Jul 30 20:11:55 2019 authpriv.warn dropbear: Bad password attempt for 'root' from 222.187.200.229:54308
Tue Jul 30 20:11:56 2019 authpriv.info dropbear: Exit before auth (user 'root', 1 fails): Disconnect received epwwm 发表于 2019-7-31 08:52
打不开管理页面,显示找不到网页……
只要是黑群就会有这个风险,数据不会掉,但得重装,麻烦 ...
你通过ssh怎么解决问题的? meerlin 发表于 2019-7-31 14:13
你通过ssh怎么解决问题的?
黑裙没啥意义吧,不能远程{:smile:}{:smile:} epwwm 发表于 2019-7-31 14:24
在U盘里装linux,通过u盘启动,修改群晖系统文件? enthier 发表于 2019-7-30 12:28
黑裙没啥意义吧,不能远程,家庭共享装个ubuntu就可以了。
家庭共享装个ubuntu,能远程么? meerlin 发表于 2019-7-31 15:21
在U盘里装linux,通过u盘启动,修改群晖系统文件?
U盘启动我没试过,不清楚。发现问题,不要关机, 有开SSH,就可以做上面的了
页:
[1]