阿里云主机防止攻击的建议
(1)关闭不必要的服务
[root@iZ25tti3rxdZ tmp]# chkconfig gshelld --level 35 off
[root@iZ25tti3rxdZ tmp]# service gshelld stop
Stopping gshelld ...
[root@iZ25tti3rxdZ tmp]# ^C
[root@iZ25tti3rxdZ tmp]# chkconfig nscd --level 35 off
[root@iZ25tti3rxdZ tmp]# service nscd stop
Stopping nscd: [FAILED]
[root@iZ25tti3rxdZ tmp]# chkconfig ntpd --level 35 off
[root@iZ25tti3rxdZ tmp]# service ntpd stop
Shutting down ntpd: [ OK ]
[root@iZ25tti3rxdZ tmp]# chkconfig udev-post --level 35 off
[root@iZ25tti3rxdZ tmp]# service udev-post stop
(2)定时杀死可疑进程
ps -ef |grep "/usr/bin/acpid" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/bsd-port/agent" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/.sshd" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/root/.l" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/mnt/linsx" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "getty" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
find /mnt/ -type f |xargs chmod a-x
find /tmp/ -type f |xargs chmod a-x
(3)定期修改root 密码
(4)把经常登录失败的ip放到hosts.deny中
/etc/hosts.deny :
sshd:121.42.0. sshd:121.15.151. #sshd:223.104.38.177 #sshd:117.136.38. sshd:203.201.161. sshd:201.172.242. sshd:189.219.166. sshd:201.175.123. sshd:201.172.78. sshd:201.173.37. sshd:201.172.104. sshd:101.205.43. sshd:189.218.77. sshd:200.239.61. sshd:37.229.68. sshd:187.160.49. sshd:189.219.81. sshd:107.191.207. sshd:50.180.102. sshd:99.194.146. sshd:201.173.168. sshd:189.218.200. sshd:201.172.120.
(5)尽量不要允许mysql的远程访问
mysql> delete from user where host='%'; Query OK, 2 rows affected (0.02 sec) flush privileges;
参考:
http://loutsx.blog.163.com/blog/static/1619920872014554326635/