У меня такой журнал размером 4 ~ 5 МБ каждый день! кто-то хотел взломать мой smtp:
....
--------------------- sasl auth daemon Begin ------------------------
SASL Authentications failed 3965 Time(s)
Service smtp (pam) - 3965 Time(s):
Realm - 3959 Time(s):
User: account - PAM auth error - 346 Time(s):
User: admin - PAM auth error - 346 Time(s):
User: admin1 - PAM auth error - 147 Time(s):
User: chris - PAM auth error - 346 Time(s):
User: contact - PAM auth error - 6 Time(s):
User: fax - PAM auth error - 346 Time(s):
User: info1 - PAM auth error - 346 Time(s):
User: master - PAM auth error - 346 Time(s):
User: noname - PAM auth error - 346 Time(s):
User: pamela - PAM auth error - 346 Time(s):
User: scanner - PAM auth error - 346 Time(s):
User: test1 - PAM auth error - 346 Time(s):
User: user1 - PAM auth error - 346 Time(s):
Realm xxxxx.com - 6 Time(s):
User: contact@xxxxxxx.com - PAM auth error - 6 Time(s):
**Unmatched Entries**
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_unix(smtp:auth): check pass; user unknown
.....
какой параметр я должен изменить, чтобы предотвратить эту грубую силу на smtp? Думаю, мне следует изменить номер, но не знаю, какой именно.
Канонический ответ на вопрос «как бороться с атаками методом грубой силы» - использовать fail2ban. Если вы используете какую-то панель управления веб-хостингом, вы можете найти там параметры, связанные с fail2ban.