Centos5
安裝了 psa-proftpd 的未經授權的 FTP 會話;Plesk Centos 5 伺服器
我已經解除安裝了所有的 ftp 程序,除了一個 plesk 正在執行 psa-proftpd。使用 yum(Centos 5 伺服器)刪除時,它似乎解除安裝了很多 plesk 軟體包。也許我反應過度了,所以我在這裡就這些日誌顯示的內容髮表意見。這是讓我擔心的系統消息日誌:
Jan 12 05:08:27 server1 xinetd[10239]: START: smtp pid=28459 from=180.246.57.51 Jan 12 05:08:31 server1 xinetd[10239]: EXIT: smtp status=0 pid=28459 duration=4(sec) Jan 12 05:48:49 server1 xinetd[10239]: START: smtp pid=12157 from=67.212.234.107 Jan 12 05:48:53 server1 xinetd[10239]: EXIT: smtp status=0 pid=12157 duration=4(sec) Jan 12 07:26:24 server1 xinetd[10239]: START: smtp pid=18076 from=127.0.0.1 Jan 12 07:26:24 server1 xinetd[10239]: EXIT: smtp status=0 pid=18076 duration=0(sec) Jan 12 07:54:20 server1 xinetd[10239]: START: smtp pid=3805 from=209.85.214.196 Jan 12 07:54:22 server1 xinetd[10239]: START: smtp pid=3822 from=127.0.0.1 Jan 12 07:54:22 server1 xinetd[10239]: EXIT: smtp status=0 pid=3822 duration=0(sec) Jan 12 07:54:51 server1 xinetd[10239]: EXIT: smtp status=0 pid=3805 duration=31(sec) Jan 12 16:17:31 server1 xinetd[10239]: START: ftp pid=24476 from=122.195.23.132 Jan 12 16:17:31 server1 proftpd[24476]: 207.55.244.72 (122.195.23.132[122.195.23.132]) - FTP session opened. Jan 12 16:17:32 server1 proftpd[24476]: 207.55.244.72 (122.195.23.132[122.195.23.132]) - Preparing to chroot to directory '/var/www/vhosts/centerondisability.org/web_users/test' Jan 12 16:17:35 server1 xinetd[10239]: EXIT: ftp status=0 pid=24476 duration=4(sec) Jan 12 21:37:42 server1 xinetd[10239]: START: smtp pid=27839 from=200.86.88.101 Jan 12 21:37:46 server1 xinetd[10239]: EXIT: smtp status=1 pid=27839 duration=4(sec) Jan 13 00:06:29 server1 xinetd[10239]: START: smtp pid=21939 from=182.177.193.108 Jan 13 00:06:33 server1 xinetd[10239]: EXIT: smtp status=1 pid=21939 duration=4(sec) Jan 13 04:53:48 server1 statistics: Unable to get dir size of /var/lib/mysql/test Jan 13 04:53:48 server1 statistics: Unable to get database status for "test": Unknown database 'test' Jan 13 13:38:41 server1 xinetd[10239]: START: smtp pid=21828 from=190.11.80.187 Jan 13 13:38:49 server1 xinetd[10239]: EXIT: smtp status=0 pid=21828 duration=8(sec) Jan 13 15:47:04 server1 xinetd[10239]: START: smtp pid=16102 from=72.18.226.236 Jan 13 15:47:07 server1 xinetd[10239]: EXIT: smtp status=0 pid=16102 duration=3(sec) Jan 13 15:47:44 server1 xinetd[10239]: START: ftp pid=18085 from=67.205.103.181 Jan 13 15:47:44 server1 proftpd[18085]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session opened. Jan 13 15:47:44 server1 proftpd[18085]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session closed. Jan 13 15:47:44 server1 xinetd[10239]: EXIT: ftp status=0 pid=18085 duration=0(sec) Jan 13 15:47:44 server1 xinetd[10239]: START: ftp pid=18093 from=67.205.103.181 Jan 13 15:47:44 server1 proftpd[18093]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session opened. Jan 13 15:47:44 server1 proftpd[18093]: 207.55.244.72 (67.205.103.181[67.205.103.181]) - FTP session closed. Jan 13 15:47:44 server1 xinetd[10239]: EXIT: ftp status=0 pid=18093 duration=0(sec) Jan 13 17:55:59 server1 xinetd[10239]: START: smtp pid=21697 from=127.0.0.1 Jan 13 17:55:59 server1 xinetd[10239]: EXIT: smtp status=0 pid=21697 duration=0(sec) Jan 13 19:58:20 server1 xinetd[10239]: START: smtp pid=9543 from=127.0.0.1 Jan 13 19:58:20 server1 xinetd[10239]: EXIT: smtp status=0 pid=9543 duration=0(sec) Jan 14 04:53:55 server1 statistics: Unable to get dir size of /var/lib/mysql/test Jan 14 04:53:55 server1 statistics: Unable to get database status for "test": Unknown database 'test' Jan 14 05:08:29 server1 xinetd[10239]: START: ftp pid=3482 from=208.98.22.226 Jan 14 05:08:29 server1 proftpd[3482]: 207.55.244.72 (208.98.22.226[208.98.22.226]) - FTP session opened. Jan 14 05:08:30 server1 xinetd[10239]: EXIT: ftp status=0 pid=3482 duration=1(sec) Jan 14 05:08:30 server1 xinetd[10239]: START: ftp pid=3486 from=208.98.22.226 Jan 14 05:08:30 server1 proftpd[3486]: 207.55.244.72 (208.98.22.226[208.98.22.226]) - FTP session opened. Jan 14 05:08:30 server1 xinetd[10239]: EXIT: ftp status=0 pid=3486 duration=0(sec) Jan 14 05:08:30 server1 xinetd[10239]: START: ftp pid=3488 from=208.98.22.226
我們不使用 FTP 做任何事情。只有ssh。我該怎麼辦?我是否冒著破壞 Plesk 的風險以及訪問它的非技術使用者只是 SOL(我的理想),還是有其他方法可以阻止這些訪問嘗試?
最簡單的方法就是在您的伺服器上編輯防火牆規則
/etc/sysconfig/iptables
並關閉對外部 IP 的埠 20 和 21 的訪問,這不會破壞 plesk 並且您將不再看到那些討厭的嘗試。