С моего сервера исходить вредоносная активность.
Не могу поймать процесс, так как он запускается все время хаотично. В основном ночью. И хостер отключает сервер.
Хочу заблокировать исходящие подключения. Но чтобы сайт работа. Использую NGINX+PHP-FPM+MySQL. Это возможно? Какое правило мне нужно прописать для iptables?
Вот лог исходящей активности:
Jan 11 01:18:31 shared03 sshd[17228]: Invalid user ts3 from 185.178.46.241
Jan 11 01:18:31 shared03 sshd[17228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241
Jan 11 01:18:33 shared03 sshd[17228]: Failed password for invalid user ts3 from 185.178.46.241 port 44084 ssh2
Jan 11 01:18:33 shared03 sshd[17228]: Received disconnect from 185.178.46.241 port 44084:11: Bye Bye [preauth]
Jan 11 01:18:33 shared03 sshd[17228]: Disconnected from 185.178.46.241 port 44084 [preauth]
Jan 11 01:34:34 shared03 sshd[20438]: Invalid user support from 185.178.46.241
Jan 11 01:34:34 shared03 sshd[20438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241
Jan 11 01:34:36 shared03 sshd[20438]: Failed password for invalid user support from 185.178.46.241 port 50100 ssh2
Jan 11 01:34:36 shared03 sshd[20438]: Received disconnect from 185.178.46.241 port 50100:11: Bye Bye [preauth]
Jan 11 01:34:36 shared03 sshd[20438]: Disconnected from 185.178.46.241 port 50100 [preauth]
Jan 13 19:37:41 shared03 sshd[25092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241 user=bin
Jan 13 19:37:44 shared03 sshd[25092]: Failed password for bin from 185.178.46.241 port 53658 ssh2
Jan 13 19:37:44 shared03 sshd[25092]: Received disconnect from 185.178.46.241 port 53658:11: Bye Bye [preauth]
Jan 13 19:37:44 shared03 sshd[25092]: Disconnected from 185.178.46.241 port 53658 [preauth]
Jan 13 19:42:19 shared03 sshd[26181]: Invalid user zachary from 185.178.46.241
Jan 13 19:42:19 shared03 sshd[26181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.178.46.241
Jan 13 19:42:21 shared03 sshd[26181]: Failed password for invalid user zachary from 185.178.46.241 port 54196 ssh2
Jan 13 19:42:21 shared03 sshd[26181]: Received disconnect from 185.178.46.241 port 54196:11: Bye Bye [preauth]
Jan 13 19:42:21 shared03 sshd[26181]: Disconnected from 185.178.46.241 port 54196 [preauth]