Исправить ошибку на сервере

Добрый день,

Вот такие жалобы поступили на сервер:

1.

We have detected abuse from the IP address 46.182.30.74. See below for how we obtained your email address in case it is wrong. We would appreciate if you would investigate and take action as appropriate.

** THIS IP ADDRESS IS NULL ROUTED on our entire network, including peering and transit, for a period of time not exceeding 24 hours from the date and time of this email. YOU ARE NOT REQUIRED to reply to this email unless you need more information.

You can see more information on this incident by reviewing the data at http://darknet.superb.net/ip/46.182.30.74 and log lines are given below. Please ask if you require any further information.

2.

you receive this automatically generated mail based on WHOIS and/or SOA information from the IP 46.182.30.74, because a SSH bruteforce attack was executed towards our host (ID 12) from that origin.

3.

Note: Local timezone is +0300 (EEST)

May 3 20:50:16 boomer sshd[949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root

May 3 20:50:18 boomer sshd[949]: Failed password for root from 46.182.30.74 port 47011 ssh2

May 3 20:50:18 boomer sshd[950]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 3 20:50:19 boomer sshd[951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root

May 3 20:50:21 boomer sshd[951]: Failed password for root from 46.182.30.74 port 48012 ssh2

May 3 20:50:21 boomer sshd[952]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 3 20:50:21 boomer sshd[953]: Invalid user blonda from 46.182.30.74

May 3 20:50:21 boomer sshd[953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74

May 3 20:50:24 boomer sshd[953]: Failed password for invalid user blonda from 46.182.30.74 port 48980 ssh2

May 3 20:50:24 boomer sshd[954]: Received disconnect from 46.182.30.74: 11: Bye Bye

4.

In an effort to protect our service from further brute force attacks, we have blacklisted your/your clients host. Furthermore, this IP address has been uploaded to DenyHosts' centralised database. This means that this IP address will also shortly be blacklisted by any member who queries DenyHosts' central database.

Please find attached an excerpt from our logfiles. All times shown are in GMT+1:

May 4 02:46:25 holoforum sshd[12750]: User root from 46.182.30.74 not allowed because not listed in AllowUsers

May 4 02:46:25 holoforum sshd[12750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root

May 4 02:46:26 holoforum sshd[12750]: Failed password for invalid user root from 46.182.30.74 port 42583 ssh2

May 4 02:46:26 holoforum sshd[12753]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:27 holoforum sshd[12755]: User root from 46.182.30.74 not allowed because not listed in AllowUsers

May 4 02:46:27 holoforum sshd[12755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root

May 4 02:46:28 holoforum sshd[12755]: Failed password for invalid user root from 46.182.30.74 port 43782 ssh2

May 4 02:46:28 holoforum sshd[12758]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:29 holoforum sshd[12759]: Invalid user blonda from 46.182.30.74

May 4 02:46:29 holoforum sshd[12759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74

May 4 02:46:31 holoforum sshd[12759]: Failed password for invalid user blonda from 46.182.30.74 port 45010 ssh2

May 4 02:46:31 holoforum sshd[12762]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:31 holoforum sshd[12764]: User root from 46.182.30.74 not allowed because not listed in AllowUsers

May 4 02:46:31 holoforum sshd[12764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root

May 4 02:46:33 holoforum sshd[12764]: Failed password for invalid user root from 46.182.30.74 port 46337 ssh2

May 4 02:46:33 holoforum sshd[12767]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:34 holoforum sshd[12768]: Invalid user nan from 46.182.30.74

May 4 02:46:34 holoforum sshd[12768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74

May 4 02:46:35 holoforum sshd[12768]: Failed password for invalid user nan from 46.182.30.74 port 47565 ssh2

May 4 02:46:35 holoforum sshd[12771]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:36 holoforum sshd[12773]: Invalid user gusr from 46.182.30.74

May 4 02:46:36 holoforum sshd[12773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74

May 4 02:46:38 holoforum sshd[12773]: Failed password for invalid user gusr from 46.182.30.74 port 48638 ssh2

May 4 02:46:38 holoforum sshd[12776]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:39 holoforum sshd[12777]: Invalid user postgres from 46.182.30.74

May 4 02:46:39 holoforum sshd[12777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74

May 4 02:46:40 holoforum sshd[12777]: Failed password for invalid user postgres from 46.182.30.74 port 49911 ssh2

May 4 02:46:40 holoforum sshd[12780]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:41 holoforum sshd[12782]: User root from 46.182.30.74 not allowed because not listed in AllowUsers

May 4 02:46:41 holoforum sshd[12782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root

May 4 02:46:43 holoforum sshd[12782]: Failed password for invalid user root from 46.182.30.74 port 51059 ssh2

May 4 02:46:43 holoforum sshd[12785]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:43 holoforum sshd[12786]: User root from 46.182.30.74 not allowed because not listed in AllowUsers

May 4 02:46:43 holoforum sshd[12786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root

May 4 02:46:45 holoforum sshd[12786]: Failed password for invalid user root from 46.182.30.74 port 52199 ssh2

May 4 02:46:45 holoforum sshd[12789]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:46 holoforum sshd[12791]: User root from 46.182.30.74 not allowed because not listed in AllowUsers

May 4 02:46:46 holoforum sshd[12791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root

May 4 02:46:47 holoforum sshd[12791]: Failed password for invalid user root from 46.182.30.74 port 53296 ssh2

May 4 02:46:47 holoforum sshd[12794]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:48 holoforum sshd[12795]: Invalid user plesk from 46.182.30.74

May 4 02:46:48 holoforum sshd[12795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74

May 4 02:46:50 holoforum sshd[12795]: Failed password for invalid user plesk from 46.182.30.74 port 54267 ssh2

May 4 02:46:50 holoforum sshd[12798]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:51 holoforum sshd[12800]: User root from 46.182.30.74 not allowed because not listed in AllowUsers

May 4 02:46:51 holoforum sshd[12800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root

May 4 02:46:53 holoforum sshd[12800]: Failed password for invalid user root from 46.182.30.74 port 55482 ssh2

May 4 02:46:53 holoforum sshd[12803]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:53 holoforum sshd[12804]: User root from 46.182.30.74 not allowed because not listed in AllowUsers

May 4 02:46:53 holoforum sshd[12804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root

May 4 02:46:55 holoforum sshd[12804]: Failed password for invalid user root from 46.182.30.74 port 56678 ssh2

May 4 02:46:55 holoforum sshd[12807]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:56 holoforum sshd[12810]: User root from 46.182.30.74 not allowed because not listed in AllowUsers

May 4 02:46:56 holoforum sshd[12810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.182.30.74 user=root

May 4 02:46:57 holoforum sshd[12810]: Failed password for invalid user root from 46.182.30.74 port 57803 ssh2

May 4 02:46:57 holoforum sshd[12814]: Received disconnect from 46.182.30.74: 11: Bye Bye

May 4 02:46:57 holoforum sshd[12838]: refused connect from 46.182.30.74 (46.182.30.74)

В общем тысячи их.

Саппорт пишет:

Исходя из жалоб поступающих к нам, следует что на Вашем сервере присутствует вредоносное ПО/код/вирусы по средствам которых происходит подключение/перебор паролей к другим сервисам от которых приходят жалобы.

Попробуйте проанализировать систему, проверить на наличие вирусов. Так же необходимо сменить все пароли. В идеале это будет переустановка системы.

Так же вы можете проверить свой сервер на предмет подозрительной активности, возможно он был скомпрометирован или используются имеющиеся на нем уязвимости.