0.26.10版本有确定的SSH字典攻击,只要启动npc,在secure日志中就可以看到大量的ssh攻击,我也是花费了几天的时间查清楚的,幸好没有被攻破。 Jun 21 01:42:54 P40 sshd[90342]: Failed password for invalid user rootuser from 127.0.0.1 port 41392 ssh2 Jun 21 01:42:56 P40 sshd[90342]: Connection closed by invalid user rootuser 127.0.0.1 port 41392 [preauth] Jun 21 01:44:21 P40 sshd[90513]: Invalid user rfm from 127.0.0.1 port 52754 Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:22 P40 sshd[90513]: Failed password for invalid user rfm from 127.0.0.1 port 52754 ssh2 Jun 21 01:44:23 P40 sshd[90513]: Connection closed by invalid user rfm 127.0.0.1 port 52754 [preauth] Jun 21 01:44:36 P40 sshd[90537]: Invalid user huangmengqi from 127.0.0.1 port 38172 Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:39 P40 sshd[90537]: Failed password for invalid user huangmengqi from 127.0.0.1 port 38172 ssh2 Jun 21 01:44:41 P40 sshd[90537]: Connection closed by invalid user huangmengqi 127.0.0.1 port 38172 [preauth] Jun 21 01:45:07 P40 sshd[90585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=root Jun 21 01:45:10 P40 sshd[90585]: Failed password for root from 127.0.0.1 port 50230 ssh2 Jun 21 01:45:10 P40 sshd[90585]: Connection closed by authenticating user root 127.0.0.1 port 50230 [preauth]
------------------ 原始邮件 ------------------ 发件人: atomsi ***@***.***> 发送时间: 2024年6月21日 01:57 收件人: ehang-io/nps ***@***.***> 抄送: xrmhxj ***@***.***>, Comment ***@***.***> 主题: Re: [ehang-io/nps] 有木马,千万别用 (Issue #1264) 0.26.10版本有确定的SSH字典攻击,只要启动npc,在secure日志中就可以看到大量的ssh攻击,我也是花费了几天的时间查清楚的,幸好没有被攻破。 Jun 21 01:42:54 P40 sshd[90342]: Failed password for invalid user rootuser from 127.0.0.1 port 41392 ssh2 Jun 21 01:42:56 P40 sshd[90342]: Connection closed by invalid user rootuser 127.0.0.1 port 41392 [preauth] Jun 21 01:44:21 P40 sshd[90513]: Invalid user rfm from 127.0.0.1 port 52754 Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:22 P40 sshd[90513]: Failed password for invalid user rfm from 127.0.0.1 port 52754 ssh2 Jun 21 01:44:23 P40 sshd[90513]: Connection closed by invalid user rfm 127.0.0.1 port 52754 [preauth] Jun 21 01:44:36 P40 sshd[90537]: Invalid user huangmengqi from 127.0.0.1 port 38172 Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:39 P40 sshd[90537]: Failed password for invalid user huangmengqi from 127.0.0.1 port 38172 ssh2 Jun 21 01:44:41 P40 sshd[90537]: Connection closed by invalid user huangmengqi 127.0.0.1 port 38172 [preauth] Jun 21 01:45:07 P40 sshd[90585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=root Jun 21 01:45:10 P40 sshd[90585]: Failed password for root from 127.0.0.1 port 50230 ssh2 Jun 21 01:45:10 P40 sshd[90585]: Connection closed by authenticating user root 127.0.0.1 port 50230 [preauth] — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: ***@***.***>
9条答案
按热度按时间b1payxdu1#
这个不是开源的吗?有木马的话自己看源代码自己编译啊
6za6bjd02#
这个不是开源的吗?有木马的话自己看源代码自己编译啊
可惜我不是直接用的源码编译, 用的是编译好的, 我想大部分人应该用的都是编译好的版本, 所以在前面有人说最好用源码自己编译,不要用编译好的版本.
kr98yfug3#
之前曝光过默认配置有漏洞,要改一下,可以google搜一下
w80xi6nr4#
怎么更改呢
idfiyjo85#
这个好久没更新了,有漏洞的。你可以去用别人改的版本,也可以自己修复一下。 https://blog.hgtrojan.com/index.php/archives/247/
上面这篇博文的评论区有修复教程。
这个是别人推出漏洞修复版:
https://github.com/yisier/nps
cmssoen26#
漏洞挺严重的
https://github.com/weishen250/npscrack
unhi4e5o7#
腾讯云发提醒短信了。
sh7euo9m8#
0.26.10版本有确定的SSH字典攻击,只要启动npc,在secure日志中就可以看到大量的ssh攻击,我也是花费了几天的时间查清楚的,幸好没有被攻破。
Jun 21 01:42:54 P40 sshd[90342]: Failed password for invalid user rootuser from 127.0.0.1 port 41392 ssh2
Jun 21 01:42:56 P40 sshd[90342]: Connection closed by invalid user rootuser 127.0.0.1 port 41392 [preauth]
Jun 21 01:44:21 P40 sshd[90513]: Invalid user rfm from 127.0.0.1 port 52754
Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1
Jun 21 01:44:22 P40 sshd[90513]: Failed password for invalid user rfm from 127.0.0.1 port 52754 ssh2
Jun 21 01:44:23 P40 sshd[90513]: Connection closed by invalid user rfm 127.0.0.1 port 52754 [preauth]
Jun 21 01:44:36 P40 sshd[90537]: Invalid user huangmengqi from 127.0.0.1 port 38172
Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1
Jun 21 01:44:39 P40 sshd[90537]: Failed password for invalid user huangmengqi from 127.0.0.1 port 38172 ssh2
Jun 21 01:44:41 P40 sshd[90537]: Connection closed by invalid user huangmengqi 127.0.0.1 port 38172 [preauth]
Jun 21 01:45:07 P40 sshd[90585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=root
Jun 21 01:45:10 P40 sshd[90585]: Failed password for root from 127.0.0.1 port 50230 ssh2
Jun 21 01:45:10 P40 sshd[90585]: Connection closed by authenticating user root 127.0.0.1 port 50230 [preauth]
4xrmg8kj9#
是的,这个是有鉴权漏洞,Github中搜索一下就能找到…
------------------ 原始邮件 ------------------ 发件人: atomsi ***@***.***> 发送时间: 2024年6月21日 01:57 收件人: ehang-io/nps ***@***.***> 抄送: xrmhxj ***@***.***>, Comment ***@***.***> 主题: Re: [ehang-io/nps] 有木马,千万别用 (Issue #1264) 0.26.10版本有确定的SSH字典攻击,只要启动npc,在secure日志中就可以看到大量的ssh攻击,我也是花费了几天的时间查清楚的,幸好没有被攻破。 Jun 21 01:42:54 P40 sshd[90342]: Failed password for invalid user rootuser from 127.0.0.1 port 41392 ssh2 Jun 21 01:42:56 P40 sshd[90342]: Connection closed by invalid user rootuser 127.0.0.1 port 41392 [preauth] Jun 21 01:44:21 P40 sshd[90513]: Invalid user rfm from 127.0.0.1 port 52754 Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:22 P40 sshd[90513]: Failed password for invalid user rfm from 127.0.0.1 port 52754 ssh2 Jun 21 01:44:23 P40 sshd[90513]: Connection closed by invalid user rfm 127.0.0.1 port 52754 [preauth] Jun 21 01:44:36 P40 sshd[90537]: Invalid user huangmengqi from 127.0.0.1 port 38172 Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:39 P40 sshd[90537]: Failed password for invalid user huangmengqi from 127.0.0.1 port 38172 ssh2 Jun 21 01:44:41 P40 sshd[90537]: Connection closed by invalid user huangmengqi 127.0.0.1 port 38172 [preauth] Jun 21 01:45:07 P40 sshd[90585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=root Jun 21 01:45:10 P40 sshd[90585]: Failed password for root from 127.0.0.1 port 50230 ssh2 Jun 21 01:45:10 P40 sshd[90585]: Connection closed by authenticating user root 127.0.0.1 port 50230 [preauth] — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: ***@***.***>