Profile

Cover photo
Yoine Li
78 followers|456,632 views
AboutPostsPhotosVideos

Stream

Pinned

Yoine Li

技术分享讨论、问题咨询专区  - 
 
Ban掉那些企图尝试连接你ss的地址Forever [修正启动脚本路径]

        首先声明本人新手,刚接触linux、ss时间不长,基本就是零基础也是看了 +Anonymous V​​​​​​​​​​​​ 的贴,自己动手实践后成功的搭建好了自己的ss,真的很高兴有这样易懂、上手的教程,可以帮助到更多像我这样的朋友。
        这些天在社群摸爬滚打,看到了很多朋友分享自己的心得,同时也能看到很多遇到困难的朋友,得到了大神们的帮助与细心解答,瞬间感觉了社区温暖,尤其是新人这种体会真是暖暖人心、更是受益匪浅,在此对于帮助过我的人谢谢你们!
       下面言归正传,昨天得到 +Francisco Lin​​​​​​​​​​​​ 的提醒,在shadowsocks.log里看到很多密码错误的尝试,起初自己也不相信怎么会,但看了下自己的log才知道(无鞋)里面的确有很多不同ip尝试密码的提示,这才觉得自己的ss并不是那么安全,已经被N多人顶上了,那么我们需要做的是要么加强自己的密码,或是采取一些手段来尽可能的保护自己的ss安全。这里我准备向大家介绍下作者 clowwindy 提供的方法, Ban Brute Force Crackers(https://github.com/shadowsocks/shadowsocks/wiki/Ban-Brute-Force-Crackers)。该方法是当同一个ip出现3次(默认)以上尝试破译你的ss密码会被永久ban掉,最大程度上减少同一个地址出现次数,也就说防止无限次暴力破译ss密码 。下面让我们开始部署下 autoban ,让它为我们服务:

1、首先查看shadowsocks.log及是否有密码错误尝试:
执行:cat /var/log/shadowsocks.log
你应该能够看到很多类似这样的
2015-01-22 20:51:22 INFO     connecting http://8.8.8.8:53 from XX.XX.XX.XX:50414
2015-01-22 20:51:22 INFO     connecting http://23.59.190.32:80 from XX.XX.XX.XX:50414
2015-01-22 20:51:22 INFO     connecting http://23.59.191.145:80 from XX.XX.XX.XX:50414
2015-01-22 20:51:23 INFO     connecting http://184.27.178.57:80 from XX.XX.XX.XX:50414
不必担心这些都是正常通过ss走的连接,而密码错误尝试的如下:
2015-01-22 14:58:05 WARNING  unsupported addrtype 128, maybe wrong password
2015-01-22 14:58:05 ERROR    can not parse header when handling connection from http://182.118.60.56:18374
这里的addrtype 128是尝试地址类型,而这是从那里来的呢,下面的信息大家一定明白了,是从182.118.60.56来的尝试,大家可以对这样的信息具体查看一下ip归宿,大致可以知道是哪里的,自己的ss有没有被骚扰。不知道大家看到这些心里会不会有一丝不安,反正我是can not this happened。

2、具体开始部署下autoban.py到自己的vps,更好的保护ss:
首先autoban.py支持python版(其他版本希望有大神提供方法), 以下在均在搬瓦工、linode Debian7下测试正常
1、首先下载autoban.py到vps:
wget https://raw.githubusercontent.com/shadowsocks/shadowsocks/master/utils/autoban.py
下载完成后运行:
python autoban.py < /var/log/shadowsocks.log
此时你可以看到尝试连接过你ss的地址

2、将autoban.py添加到开机自启并监视log(已更正​​):
编辑 vi /etc/init.d/rc.local (感谢 +Yanel C )
将下面内容添加到末尾esac的下面即可:
python /root/autoban.py < /var/log/shadowsocks.log
nohup tail -F /var/log/shadowsocks.log | python /root/autoban.py >log 2>log &
或是编辑 vi /etc/rc.local (感谢 +Kid Nanaya )
将下面内容添加到exit 0的上面即可:
python /root/autoban.py < /var/log/shadowsocks.log
nohup tail -F /var/log/shadowsocks.log | /usr/bin/python /root/autoban.py >log 2>log &
以上两种方法均已测试正常。
特别提醒:python autoban.py那部分,autoban.py需要是完整路径,具体查看find / -name autoban.py,可以看到autoban.py的位置,然后加上去就可以了。(感谢 +Kid Nanaya​​​​​​)

3、查看是否有被ban的地址:
运行:iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  http://v811.sioru.com       anywhere
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
可以看到Drop开头的规则后面的地址 http://v811.sioru.com 已经被永久ban掉了,哈哈这两天还是有收获的,至此安装完毕。
        如果你觉得麻烦或是没必要,那么请把你的密码设复杂一些,这些天也看了看,大致每天都有不同次数不同地区的访问,要是弱口令还是比较容易破译的,再加上同一个地址无限次的出现尝试,破译的概率还是挺大的。
        最后,此贴只是简单的分享下心得,大神级可以无视,毕竟水平有限只能从简单的开始,希望能帮助到更多的人,如果你有更好的方法,可以分享给大家。



2014-1-27:修正之前错误的启动脚本路径
ps:之前已经在 vi /etc/rc.local 添加的下列内容请删除:
python /root/autoban.py < /var/log/shadowsocks.log
nohup tail -F /var/log/shadowsocks.log | python /root/autoban.py >log 2>log &;
并将其 vi /etc/init.d/rc.local重新添加到末尾esac的下面即可。




Have a great day:)
 ·  Translate
54
124
Hupo Hupo's profile photo王周祥's profile photoYoine Li's profile photoCheer Chen's profile photo
199 comments
 
+Yoine Li OK thanks
Add a comment...

Yoine Li

<<VPS二手交易>>  - 
 
收个9.99的瓦工,5机房可更换邮箱,有的直接环聊我。
 ·  Translate
1
Add a comment...

Yoine Li

杂谈  - 
 
6p,最近不知道怎么了,突然好耐用,白天上班4g晚上回家连接的wifi,很满意了。
 ·  Translate
1
Loukky Wang's profile photo王雎正's profile photo
2 comments
 
+Loukky Wang 这是什么
 ·  Translate
Add a comment...

Yoine Li

杂谈  - 
 
最近发现个问题,6p通过指纹解锁,在屏幕唤醒点亮前,屏幕上会出现许多小白点,在夜晚或是光线暗时,很容易看到,十分不爽,是不是我的屏幕坏了?
 ·  Translate
1
kupa zhong's profile photoBright Chu's profile photoYoine Li's profile photo
3 comments
 
太恶心了,悲催。
 ·  Translate
Add a comment...

Yoine Li

杂谈  - 
 
七月更新已出😘😘😘
 ·  Translate
Nexus factory images for Android developers.
4
Add a comment...

Yoine Li

杂谈  - 
 
5月的更新mtc19t,WiFi就算是关闭,电量始终是保持开启的,电用的好快,没有上个月耐用,大伙有这类的情况吗?
 ·  Translate
1
Nian Cheng's profile photoYun W's profile photoYoine Li's profile photoKent Lee's profile photo
10 comments
 
我刚更新5月更新的时候,WiFi会一直显示开着,不管你是否已关闭WiFi开关
但上周开始又不会了
Nexus5 Android6.01
 ·  Translate
Add a comment...

Yoine Li

其他  - 
 
收个9.99的瓦工,5机房可更换邮箱,有的直接环聊我。
 ·  Translate
1
Add a comment...

Yoine Li

咨询交流  - 
 
收个9.99的瓦工,5机房可更换邮箱,有的直接环聊我。
 ·  Translate
1
呼风唤雨撒豆成兵's profile photo
 
同求
 ·  Translate
Add a comment...

Yoine Li

杂谈  - 
 
1月OTA,多点几次检查更新就来了。
 ·  Translate
1
Weilin Cao's profile photo石围塘's profile photoHuamin Long's profile photo
16 comments
 
没有
 ·  Translate
Add a comment...

Yoine Li

杂谈  - 
 
升级到7.0,开发者选项里的OEM解锁默认是灰色的?大伙的是啥样的。
 ·  Translate
6
iroy wang's profile photoMongolia Navy's profile photoYoine Li's profile photo囤囤张's profile photo
10 comments
 
灰的
 ·  Translate
Add a comment...

Yoine Li

杂谈  - 
 
pa复活了
 ·  Translate
 
Paranoid Android 2016 Launch

We are launching brand spanking fresh. All new features. New team members. New everything and we have made sure that everything that we are releasing has been polished to our best.

The main features and enhancements that you will probably end up noticing are our custom Quick Settings tile reordering functionality, floating window support, immersive mode, the new on-the-spot interface and CM Theme Engine.

Quick Settings tiles can be managed with ease - you can reorder the tiles by simply long pressing them, remove them by dropping them in the trash bin and add them back in from the add panel. The hidden tiles will be out of your way when checking the notifications but will still be usable from the add panel without any hassles if you want to do that all of a sudden.

You can make an application float either by long pressing a notification and tapping the floating button or by tapping the floating button for the application in the recents list. Additionally, you can make peeking (heads-up) notifications open floating windows by enabling that behavior in the "Floating peek" tile.

Those are not the only changes and features we have added. There are a variety of improvements to CAF devices (OnePlus, OPPO and others) which add custom kernels, advanced gesture and buttons control and more to provide a great experience on those devices. Of course we have spent a lot of attention on making all the visual details look right and on making all the functionality work right.

Over the months we have gained a bunch of new team members. We are now ready for all varieties of work - be it low level, aesthetics, user experience, motion design, testing or anything in-between. What we strive for is the best and we are stronger than ever to reach that.

On Paranoid Android 2016 launch we are supporting popular Nexus devices (6P, 5X, 6, 5, 4, 7 2013, 9) and the OnePlus family (One, 2, X) along with some Sony devices. The lineup is this way to make sure we release the best possible experience on all the devices we release for. No compromises, pure greatness.

We highly recommend everyone to use BANKS GApps package (hold off on OpenGapps for now, we have heard some complaints). Nexus 6P users need to make sure their vendor partitions are up-to-date (6.0.1). Our Nexus 5X builds come with a prebuilt vendor image so no worries for you folks!

There is more to come in #aospa2016 but for now, grab your builds at http://get.aospa.co/ and #stayparanoid!
492 comments on original post
5
1
Chi Tim Poon's profile photo欄樹's profile photoshubin Sun's profile photo
3 comments
 
这个是啥?有啥用
 ·  Translate
Add a comment...

Yoine Li

杂谈  - 
 
今天无聊,弄了个检测屏幕有无坏点的软件,结果其他颜色都正常,反而是纯黑色下,能够看到两个很微亮的亮点(甚至我还在被窝里,再保证没有外界干扰下,也是如此)顿时心情就不好了,反正不特别仔细看看不出来,可是我的完美屏啊,就这么和我说拜拜了。
 ·  Translate
1
欄樹's profile photoYoine Li's profile photoVictory Chan's profile photo陆嘉宾's profile photo
11 comments
 
应该是心中的完美屏,byebye了
 ·  Translate
Add a comment...
Collections Yoine is following
View all
Links
YouTube
Basic Information
Gender
Male