未知IP远程访问数据库
大家有没遇到过ECS下 Mysql连接日志中出现大量的未知访问的ip,重点是IP几乎全是阿里云的ECS实例的IP,
下面是我列出来的几个IP,剩下的几乎全部是阿里巴巴,北京、杭州、青岛的IP,连接我数据库的日志。
前几日登录数据库,数据库管理员密码莫名失效了,我就觉得奇怪,感觉像是被人给修改了 (然后我修改root密码后限制了,只有固定IP段才可以访问数据库,之前是Host = % ) ,
并且打开了数据库的所有日志。
今天查看数据库连接日志
151005 20:27:14 [Warning] IP address '101.45.76.162' could not be resolved: Name or service not known
151005 22:00:00 [Warning] IP address '120.25.146.67' could not be resolved: Name or service not known
151006 0:26:54 [Warning] IP address '139.129.132.248' could not be resolved: Name or service not known
151006 5:00:45 [Warning] IP address '182.92.81.192' could not be resolved: Name or service not known
151006 10:51:43 [Warning] IP address '42.156.250.118' could not be resolved: Name or service not known
151006 17:51:19 [Warning] IP address '182.92.148.203' could not be resolved: Name or service not known
151006 18:54:50 [Warning] IP address '123.56.141.19' could not be resolved: Name or service not known
151006 21:45:06 [Warning] IP address '121.42.29.237' could not be resolved: Name or service not known
151007 0:09:44 [Warning] IP address '112.126.66.193' could not be resolved: Name or service not known
151007 7:51:21 [Warning] IP address '101.200.3.141' could not be resolved: Name or service not known
151007 14:38:38 [Warning] IP address '223.4.90.116' could not be resolved: Name or service not known
151007 17:14:33 [Warning] IP address '114.215.111.222' could not be resolved: Name or service not known
151007 22:39:50 [Warning] IP address '115.28.84.24' could not be resolved: Name or service not known
151008 12:27:12 [Warning] IP address '42.96.146.230' could not be resolved: Name or service not known
151008 16:26:42 [Warning] IP address '139.196.28.139' could not be resolved: Name or service not known
151009 7:08:32 [Warning] IP address '121.42.0.36' could not be resolved: Name or service not known
151009 7:08:32 [Warning] IP address '121.42.0.36' could not be resolved: Name or service not known
151009 10:51:45 [Warning] IP address '42.156.250.116' could not be resolved: Name or service not known
151009 20:41:26 [Warning] IP address '101.200.201.66' could not be resolved: Name or service not known
151010 2:26:22 [Warning] IP address '121.43.108.246' could not be resolved: Name or service not known
151010 5:16:08 [Warning] IP address '
112.124.109.197' could not be resolved: Name or service not known
151010 6:02:12 [Warning] IP address '123.56.130.80' could not be resolved: Name or service not known
151010 8:15:04 [Warning] IP address '182.92.131.151' could not be resolved: Name or service not known
151010 14:10:16 [Warning] IP address '218.244.137.95' could not be resolved: Name or service not known
151011 1:19:33 [Warning] IP address '
182.92.6.190' could not be resolved: Name or service not known
151011 14:44:44 [Warning] IP address '182.92.3.47' could not be resolved: Name or service not known
151012 11:25:31 [Warning] IP address '
123.57.135.3' could not be resolved: Name or service not known
151012 11:53:21 [Warning] IP address '61.129.101.130' could not be resolved: Name or service not known
151012 11:55:34 [Warning] IP address '121.40.88.77' could not be resolved: Name or service not known
151012 13:23:07 [Warning] IP address '121.199.1.78' could not be resolved: Name or service not known
这些列出的几个IP,其他的IP 我都逐个查过几乎全是阿里云的IP,发了工单,售后建议我关闭数据库外部端口! 我只是很奇怪,我的ECS在深圳,访问的IP 居然全是阿里云的全国各地的IP.
IP地址: 182.92.6.19北京市 阿里巴巴
IP地址: 123.57.135.3北京市 阿里巴巴
IP地址: 112.124.109.197浙江省杭州市阿里巴巴
IP地址: 121.42.29.237山东省青岛市 阿里巴巴
IP地址: 223.4.90.116浙江省杭州市 电信
写回答
-
回 3楼(aston008) 的帖子估计只能个别举报,不过目前阿里云应该是没有太多这方面的通道。
论坛举报一下试试吧。-------------------------
回 8楼(aston008) 的帖子恩,可能他们是特定的扫描阿里的服务器,然后在使用阿里云服务区尝试连接2015-10-12 16:06:20赞同 展开评论 打赏 -
回楼主aston008的帖子有没办法可以把这些IP拉黑 了-------------------------
回1楼ivmmff的帖子有没办法可以把这些IP拉黑 了-------------------------
回5楼ivmmff的帖子只能通过iptables 来禁止 了-------------------------
回4楼啊里新人的帖子举报估计不管用,售后人员说,他们有后端有服务器监控服务器的行为,如果有服务器持续对外攻击,他们会对攻击的服务器做处理,锁定服务器, 我是觉得不出现大量的攻击行为他们是不会管的2015-10-12 16:04:27赞同 展开评论 打赏 -
解决方案工程师,负责为企业规划上云迁移方案和云上架构设计,在网站建设开发和云计算领域有多年经验,专注于Linux平台的系统维护以及应用部署。致力于以场景化的方式让云计算,用更加通俗易懂的方式让更多人体验云计算,让云端的计算更质朴的落地。有不法人士买阿里云的服务器去攻击别人。
因为ip显示的是阿里云,不知道的还以为是云盾或者官方升级什么的,来误导受攻击者。
这个怪不得阿里云-------------------------
回 3楼(aston008) 的帖子通过防火墙机制可以屏蔽呀
-------------------------
回 6楼(aston008) 的帖子对的,就是这个意思,因为不知道你的系统,所以我说用防火墙2015-10-12 15:06:30赞同 展开评论 打赏
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
