Administravimas
Kovojame prieš SSH bruteforce
by neworld on Geg.07, 2008, under Administravimas, Sagumas, Serveris
jau ne pirmą dieną loguose pastebiu maždaug tokias eilutes:
May 5 20:51:05 server sshd(pam_unix)[15951]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root (continue reading…)
May 5 20:51:10 server sshd(pam_unix)[15969]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
May 5 20:51:15 server sshd(pam_unix)[15989]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
May 5 20:51:20 server sshd(pam_unix)[16011]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
May 5 20:51:25 server sshd(pam_unix)[16030]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
May 5 20:51:29 server sshd(pam_unix)[16050]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
May 5 20:51:34 server sshd(pam_unix)[16068]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
May 5 20:51:39 server sshd(pam_unix)[16088]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
May 5 20:51:44 server sshd(pam_unix)[16144]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
May 5 20:51:49 server sshd(pam_unix)[16164]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
May 5 20:51:53 server sshd(pam_unix)[16183]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
May 5 20:51:58 server sshd(pam_unix)[16199]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
May 5 20:52:03 server sshd(pam_unix)[16219]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-106-25-60.r-bl100.sakura.ne.jp user=root
Žudom užciklinusius php-cgi procesus
by neworld on Bal.04, 2008, under Administravimas, php, Serveris
Buvau susidūręs su problema. Keletą dienų karts nuo karto užsiciklindavo visi 5 php-chi threadai. Nepadėdavo nė kas valandinis php perkrovimas. Problemą išsprendžiau kas minutę paleisdamas tokį skriptuką:
for process in `ps -C php-cgi | grep '.*00:[0-9][1-9]:.*' | awk '{print $1}'`
do
kill -QUIT $process
done
/usr/bin/spawn-fcgi -f /usr/bin/php-cgi -C 5 -p 10001 -u web -g web
Dar php perkraunu kas parą 6 valandą ryto, kai būna mažiausias srautas. Problemos dingo.
