查看登录日志

$ last -f /var/log/wtmp

查看�安全日志

$ cat /var/log/secure

Bad protocol version identification 'GET / HTTP/1.0' from 107.182.184.18 port 59428
Did not receive identification string from 107.182.184.18
Bad protocol version identification 'GET / HTTP/1.0' from 107.182.184.18 port 38416
Did not receive identification string from 107.182.184.18
Bad protocol version identification 'GET / HTTP/1.0' from 107.182.184.18 port 50051
Did not receive identification string from 107.182.184.18
Bad protocol version identification 'GET / HTTP/1.0' from 107.182.184.18 port 36287
Did not receive identification string from 107.182.184.18
Bad protocol version identification 'GET / HTTP/1.0' from 107.182.184.18 port 55816

可以看到107.182.184.18这个ip一直在攻击服务器

封ip

执行之前看一个是不是自己的ip，千万不要把自己的ip给封了_{_}

// 封ip
$ iptables -I INPUT -s 107.182.184.18 -j DROP

// 解封
$ iptables -D INPUT -s 107.182.184.18 -j DROP

// 查看规则
$ iptables -L -n

禁用ping

// 禁用ping
$ echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

// 允许ping
$ echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all

参考

Centos 禁止IP、封IP、解除封IP的方法、CentOS安全防御