Bị hacker scan database thì phải làm sao?

#1

Cứu em với!!!

scan_log
scan_log1231×888 85.1 KB

Log trong ảnh:

2023-05-09 03:24:54.43 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:24:54.43 Logon       Login failed for user 'faruk'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:25:06.41 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:25:06.41 Logon       Login failed for user 'B01KSR2'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:25:12.90 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:25:12.90 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:25:23.36 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:25:23.36 Logon       Login failed for user 'B01KSR3'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:25:32.34 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:25:32.34 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:25:42.57 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:25:42.57 Logon       Login failed for user 'B02ADMIN'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:25:47.84 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:25:47.84 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:26:01.16 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:26:01.16 Logon       Login failed for user 'B02KASIR'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:26:06.97 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:26:06.97 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:26:10.21 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:26:10.21 Logon       Login failed for user 'agim'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:26:17.43 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:26:17.43 Logon       Login failed for user 'B03ADMIN'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:26:22.02 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:26:22.02 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:26:37.32 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:26:37.32 Logon       Login failed for user 'B03KASIR'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:26:41.42 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:26:41.42 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:26:52.13 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:26:52.13 Logon       Login failed for user 'B04ADMIN'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:26:57.27 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:26:57.27 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:27:10.34 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:27:10.34 Logon       Login failed for user 'B04KASIR'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:27:13.14 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:27:13.14 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:27:25.06 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:27:25.06 Logon       Login failed for user 'burim'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:27:28.27 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:27:28.27 Logon       Login failed for user 'B05ADMIN'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:27:33.03 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:27:33.03 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:27:45.48 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:27:45.48 Logon       Login failed for user 'B05KASIR'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:27:48.12 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:27:48.12 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:28:05.68 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:28:05.68 Logon       Login failed for user 'B06ADMIN'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:28:08.01 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:28:08.01 Logon       Login failed for user 'parking'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:28:20.93 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:28:20.93 Logon       Login failed for user 'B06KASIR'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:28:23.39 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:28:23.39 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:28:40.02 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:28:40.02 Logon       Login failed for user 'senat'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:28:40.84 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:28:40.84 Logon       Login failed for user 'B07ADMIN'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:28:42.15 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:28:42.15 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:28:56.91 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:28:56.91 Logon       Login failed for user 'B07KASIR'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:28:58.62 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:28:58.62 Logon       Login failed for user 'jinshi'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:29:14.43 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:29:14.43 Logon       Login failed for user 'S0002'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:29:15.74 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:29:15.74 Logon       Login failed for user 'webcitas'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:29:32.89 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:29:32.89 Logon       Login failed for user 'S0003'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:29:32.94 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:29:32.94 Logon       Login failed for user 'zhwj'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:29:49.29 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:29:49.29 Logon       Login failed for user 'rpt'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:29:49.60 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:29:49.60 Logon       Login failed for user 'S0004'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:29:54.94 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:29:54.94 Logon       Login failed for user 'adnank'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:30:08.87 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:30:08.87 Logon       Login failed for user 'sql'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:30:09.33 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:30:09.33 Logon       Login failed for user 'GLOADMIN'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:30:24.20 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:30:24.20 Logon       Login failed for user 'jero'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:30:24.99 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:30:24.99 Logon       Login failed for user 'GLOKASIR'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:30:42.14 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:30:42.14 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:30:42.91 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:30:42.91 Logon       Login failed for user 'ADM3'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:30:59.80 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:30:59.80 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:31:00.66 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:31:00.66 Logon       Login failed for user 'ADMG1'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:31:09.87 Logon       Error: 18456, Severity: 14, State: 5.

2023-05-09 03:31:09.87 Logon       Login failed for user 'prod2'. Reason: Could not find a login matching the name provided. [CLIENT: 213.226.123.99]

2023-05-09 03:31:17.15 Logon       Error: 18456, Severity: 14, State: 8.

2023-05-09 03:31:17.15 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 213.226.123.99]

2023-05-09 03:31:18.15 Logon       Error: 18456, Severity: 14, State: 5.

Máy đột nhiên bị chiếm nhiều RAM, dùng đến cả swap, kết quả sau khi chạy lệnh top:

top - 11:34:07 up 94 days,  6:28,  1 user,  load average: 0.37, 0.48, 0.31
Tasks: 417 total,   2 running, 415 sleeping,   0 stopped,   0 zombie
%Cpu(s):   7.5/8.6    16[|||||||||||||||||                                                                                   ]
MiB Mem : 79.7/9826.0   [||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||                    ] 
MiB Swap: 43.3/3796.0   [|||||||||||||||||||||||||||||||||||||||||||                                                         ]

Lấy IP từ clien log faild thì ra kết quả IP Nga:

check_ip
check_ip769×891 72.6 KB

Có 2 IP cùng lớp mạng thay nhau Brute Force Attack là 213.226.123.99213.226.123.98

Hiện tại nó vẫn đang scan nhưng em đã xóa hết data server rồi!

#2

Trước đó em có cài proxy hàng tàu này vào máy không biết có phải do nó không :cold_face:


1 Like
#3

việc bạn mở ra thì bị scan là chuyện rất bình thường, câu hỏi đặt ra là tại sao bạn lại mở nó ra ngoài?
khi bạn làm gì đó, bạn cần phải biết, phải hiểu là mình đang làm gì chứ

#4

Em mở port database để em remote access vào database, bây giờ cho dù em nhập đúng password thì DBMS cũng không cho em access.

#5

Em muốn config chỉ cho phép dãy IP VIệt Nam truy cập server, cho em hỏi tìm list IP của ISP Việt Nam ở đâu. Em cảm ơn.

#6

image
image823×81 8.55 KB

Đây là để từ chiều qua đến sáng nay vào mà nó còn như này, mấy cái scan này ông để mật khẩu đặc biệt mạnh là oke rồi

#7

nên dùng 1 máy chủ trung gian rồi cài tunnel ssh hoặc tương tự để dứt điểm
tất nhiên lúc này con máy trung gian sẽ thành tâm điểm bị brute force

1 Like
83% thành viên diễn đàn không hỏi bài tập, còn bạn thì sao?