VPS 全量巡检报告

更新时间:2026-05-22T21:40:10 | 数据源:/root/.hermes/vps_inventory/inventory.json | 巡检方式:SSH 只读采集

本次按 inventory.json 巡查 11 台 VPS,成功 11 台,失败 0 台;高风险 0 台,需关注 11 台,正常 0 台。

11
总节点
11
成功巡检
0
高风险
11
需关注
0
正常

结论与影响

说明:本报告是只读巡查,没有重启、删除或修改远端服务。风险等级用于排序:红色代表可能影响登录、安全或稳定性;黄色代表建议维护窗口内处理;绿色代表本轮未见明显异常。

逐台巡检结果

节点风险/原因系统资源关键服务失败单元公网监听SSH 策略更新/日志
JP
64.118.144.182
jpp.88665577.xyz		需关注
主机防火墙未启用或无输出		JP
Ubuntu 24.04.4 LTS
up 1 week, 3 days, 1 hour, 9 minutes		负载 0.08,0.02,0.01 / CPU 1
内存 362/849MB 43%; swap 44/511MB
磁盘 3.9G/9.8G 42%
inode 97K/625K 16%		xray: active sing-box: 未安装/不适用 nginx: active hermes-gateway: 未安装/不适用 fail2ban: active0tcp 0.0.0.0:22 <->
tcp 0.0.0.0:80 <->
tcp 0.0.0.0:443 <->
tcp 0.0.0.0:11704 <->
tcp [::]:22 <->
tcp *:27262 <->
tcp [::]:80 <->		maxauthtries 3 passwordauthentication no permitrootlogin without-password port 22更新包:0
安全相关:0
需重启:否
24h warning+:152
journal:36.6M in the file system.
KR
131.186.27.212
krr.88665577.xyz		需关注
主机防火墙未启用或无输出		instance-20260422-2348
Ubuntu 24.04.4 LTS
up 3 weeks, 2 hours, 56 minutes		负载 0.16,0.04,0.01 / CPU 2
内存 445/954MB 47%; swap 0/0MB
磁盘 4.3G/48G 10%
inode 180K/6.2M 3%		xray: active sing-box: 未安装/不适用 nginx: active hermes-gateway: 未安装/不适用 fail2ban: active0tcp 0.0.0.0:443 <->
tcp 0.0.0.0:443 <->
tcp 0.0.0.0:80 <->
tcp 0.0.0.0:28229 <->
tcp 0.0.0.0:22 <->
tcp *:16492 <->
tcp [::]:22 <->		maxauthtries 3 passwordauthentication no permitrootlogin without-password port 22更新包:0
安全相关:0
需重启:否
24h warning+:1
journal:241.2M in the file system.
USB
161.153.95.69
uss.88665577.xyz		需关注
主机防火墙未启用或无输出
系统提示需要重启		instance-20260423-0151
Ubuntu 24.04.4 LTS
up 3 weeks, 2 hours, 56 minutes		负载 0.15,0.05,0.01 / CPU 2
内存 488/954MB 51%; swap 0/0MB
磁盘 5.3G/48G 12%
inode 136K/6.2M 3%		xray: active sing-box: 未安装/不适用 nginx: active hermes-gateway: 未安装/不适用 fail2ban: active0tcp 0.0.0.0:23430 <->
tcp 0.0.0.0:443 <->
tcp 0.0.0.0:443 <->
tcp 0.0.0.0:80 <->
tcp 0.0.0.0:22 <->
tcp *:13679 <->
tcp [::]:22 <->		maxauthtries 3 passwordauthentication no permitrootlogin without-password port 22更新包:1
安全相关:0
需重启:是
24h warning+:81
journal:45.6M in the file system.
DE
47.254.140.158
www.88665577.xyz		需关注
失败 systemd 单元 1 个
主机防火墙未启用或无输出
系统提示需要重启		iZgw8bgfuauyw9zjm1qsftZ
Ubuntu 24.04.4 LTS
up 2 weeks, 6 days, 21 hours, 52 minutes		负载 0.00,0.00,0.00 / CPU 2
内存 548/1613MB 34%; swap 84/2047MB
磁盘 19G/40G 50%
inode 231K/2.5M 10%		xray: active sing-box: 未安装/不适用 nginx: active hermes-gateway: 未安装/不适用 fail2ban: active● aegis.service loaded failed failed Aegis Servicetcp 0.0.0.0:22 <->
tcp 0.0.0.0:80 <->
tcp 0.0.0.0:443 <->
tcp [::]:22 <->
tcp *:17473 <->
tcp [::]:80 <->
tcp [::]:443 <->		maxauthtries 3 passwordauthentication no permitrootlogin without-password port 22更新包:4
安全相关:4
需重启:是
24h warning+:331
journal:244.4M in the file system.
HK
82.158.88.91
hkk.88665577.xyz		需关注
主机防火墙未启用或无输出
系统提示需要重启		serq25t4zyrk3xk
Ubuntu 24.04.4 LTS
up 3 weeks, 2 hours, 56 minutes		负载 0.23,0.05,0.02 / CPU 2
内存 446/1967MB 23%; swap 0/0MB
磁盘 11G/39G 27%
inode 259K/5.0M 6%		xray: active sing-box: 未安装/不适用 nginx: active hermes-gateway: 未安装/不适用 fail2ban: active0tcp 0.0.0.0:22 <->
tcp 0.0.0.0:80 <->
tcp 0.0.0.0:19740 <->
tcp 0.0.0.0:443 <->
tcp 0.0.0.0:443 <->
tcp [::]:22 <->
tcp [::]:80 <->
tcp *:18661 <->		maxauthtries 3 passwordauthentication no permitrootlogin without-password port 22更新包:7
安全相关:0
需重启:是
24h warning+:153
journal:1012.5M in the file system.
TK
103.232.213.10
tkk.88665577.xyz		需关注
主机防火墙未启用或无输出		jppro1-2023101300230338
Ubuntu 22.04.5 LTS
up 3 weeks, 2 hours, 56 minutes		负载 0.08,0.02,0.01 / CPU 1
内存 291/957MB 30%; swap 79/2047MB
磁盘 8.8G/20G 47%
inode 187K/1.3M 15%		xray: active sing-box: 未安装/不适用 nginx: active hermes-gateway: 未安装/不适用 fail2ban: active0tcp 0.0.0.0:80 <->
tcp 0.0.0.0:443 <->
tcp 0.0.0.0:41756 <->
tcp [::]:80 <->
tcp *:22 <->
tcp *:23007 <->
tcp [::]:41756 <->		maxauthtries 3 passwordauthentication no permitrootlogin without-password port 22更新包:0
安全相关:0
需重启:否
24h warning+:23
journal:64.0M in the file system.
AR
129.146.59.53
loveason.com		需关注
主机防火墙未启用或无输出		instance-20260423-0914
Ubuntu 24.04.4 LTS
up 3 weeks, 6 days, 4 hours, 34 minutes		负载 0.19,0.17,0.17 / CPU 4
内存 7078/23974MB 30%; swap 0/0MB
磁盘 51G/116G 44%
inode 1.2M/15M 8%		xray: 未安装/不适用 sing-box: 未安装/不适用 nginx: active hermes-gateway: active fail2ban: active0tcp 0.0.0.0:443 <->
tcp 0.0.0.0:80 <->
tcp 0.0.0.0:22 <->
tcp [::]:443 <->
tcp [::]:80 <->
tcp [::]:22 <->		maxauthtries 3 passwordauthentication no permitrootlogin without-password port 22更新包:14
安全相关:0
需重启:否
24h warning+:85
journal:127.5M in the file system.
KRB
161.118.130.5
krb.88665577.xyz		需关注
主机防火墙未启用或无输出
系统提示需要重启		instance-20260429-1226
Ubuntu 24.04.4 LTS
up 3 weeks, 2 hours, 56 minutes		负载 0.10,0.05,0.01 / CPU 2
内存 417/954MB 44%; swap 0/0MB
磁盘 3.1G/45G 8%
inode 129K/5.8M 3%		xray: 未安装/不适用 sing-box: 未安装/不适用 nginx: active hermes-gateway: 未安装/不适用 fail2ban: active0tcp 0.0.0.0:443 <->
tcp 0.0.0.0:443 <->
tcp 0.0.0.0:80 <->
tcp 0.0.0.0:22 <->
tcp [::]:80 <->
tcp [::]:22 <->		maxauthtries 3 passwordauthentication no permitrootlogin without-password port 22更新包:0
安全相关:0
需重启:是
24h warning+:48
journal:258.7M in the file system.
US
186.244.244.52
usa.88665577.xyz		需关注
24h warning+ 日志 5856 行
系统提示需要重启		ser0570106010
Ubuntu 24.04.4 LTS
up 2 weeks, 1 day, 1 hour, 34 minutes		负载 0.18,0.06,0.01 / CPU 4
内存 975/3915MB 25%; swap 0/2047MB
磁盘 13G/29G 42%
inode 271K/3.7M 8%		xray: 未安装/不适用 sing-box: 未安装/不适用 nginx: active hermes-gateway: 未安装/不适用 fail2ban: active0tcp 0.0.0.0:443 <->
tcp 0.0.0.0:8317 <->
tcp 0.0.0.0:80 <->
tcp 0.0.0.0:22 <->
tcp 0.0.0.0:888 <->
tcp 0.0.0.0:1455 <->
tcp 0.0.0.0:8085 <->
tcp [::]:8317 <->
tcp [::]:22 <->
tcp *:2058 <->
tcp [::]:1455 <->
tcp [::]:8085 <->		maxauthtries 3 passwordauthentication no permitrootlogin without-password port 22更新包:0
安全相关:0
需重启:是
24h warning+:5856
journal:253.5M in the file system.
HKA
38.76.188.244
hka.88665577.xyz		需关注
主机防火墙未启用或无输出
系统提示需要重启		ser4062572352
Ubuntu 24.04.4 LTS
up 2 days, 30 minutes		负载 0.42,0.21,0.12 / CPU 4
内存 754/3915MB 19%; swap 0/0MB
磁盘 13G/29G 43%
inode 337K/3.7M 9%		xray: 未安装/不适用 sing-box: 未安装/不适用 nginx: active hermes-gateway: 未安装/不适用 fail2ban: active0udp *:34230 <->
udp *:57067 <->
udp *:51439 <->
udp *:57858 <->
udp *:39705 <->
tcp 0.0.0.0:80 <->
tcp 0.0.0.0:22 <->
tcp [::]:80 <->
tcp [::]:22 <->
tcp *:443 <->		maxauthtries 3 passwordauthentication no permitrootlogin without-password port 22更新包:0
安全相关:0
需重启:是
24h warning+:83
journal:40.2M in the file system.
HKY
185.155.235.171
需关注
主机防火墙未启用或无输出
系统提示需要重启		hks2-202404291529122cb8ee
Ubuntu 22.04.5 LTS
up 2 weeks, 1 day, 1 hour, 19 minutes		负载 0.08,0.02,0.01 / CPU 1
内存 191/957MB 20%; swap 0/0MB
磁盘 1.9G/9.8G 20%
inode 63K/625K 11%		xray: active sing-box: 未安装/不适用 nginx: 未安装/不适用 hermes-gateway: 未安装/不适用 fail2ban: active0tcp 0.0.0.0:22 <->
tcp [::]:22 <->
tcp *:14726 <->		maxauthtries 3 passwordauthentication no permitrootlogin without-password port 22更新包:6
安全相关:6
需重启:是
24h warning+:11
journal:40.0M in the file system.

建议下一步

  1. 先处理红色节点:确认 SSH、磁盘、密码登录或关键失败单元。
  2. 黄色节点按维护窗口分批收口:更新包、MaxAuthTries、失败单元、日志噪声。
  3. 如需修复,我会先单台试点,备份配置并验证后再扩展;涉及 SSH/防火墙/重启会先等你明确授权。

日志与进程摘要

JP — 日志/进程摘要

最近错误日志(最多 40 行)

May 22 11:58:01 JP sshd[85313]: error: maximum authentication attempts exceeded for root from 62.210.199.83 port 57530 ssh2 [preauth]
May 22 13:04:46 JP sshd[85596]: error: maximum authentication attempts exceeded for invalid user emmaline from 213.209.159.56 port 14212 ssh2 [preauth]
May 22 13:08:14 JP sshd[85608]: error: maximum authentication attempts exceeded for root from 103.176.90.41 port 28546 ssh2 [preauth]
May 22 13:10:41 JP sshd[85621]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 42049 ssh2 [preauth]
May 22 13:10:45 JP sshd[85623]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 54396 ssh2 [preauth]
May 22 14:05:11 JP sshd[85881]: error: maximum authentication attempts exceeded for root from 148.113.221.241 port 62340 ssh2 [preauth]
May 22 14:12:54 JP sshd[85910]: error: maximum authentication attempts exceeded for invalid user izabel from 213.209.159.56 port 43414 ssh2 [preauth]
May 22 14:24:05 JP sshd[85951]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 46644 ssh2 [preauth]
May 22 14:24:16 JP sshd[85955]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 52863 ssh2 [preauth]
May 22 14:26:53 JP sshd[85966]: error: maximum authentication attempts exceeded for root from 85.190.254.104 port 45518 ssh2 [preauth]
May 22 14:30:48 JP sshd[85988]: error: maximum authentication attempts exceeded for root from 89.37.116.208 port 56522 ssh2 [preauth]
May 22 14:32:30 JP sshd[85991]: error: maximum authentication attempts exceeded for root from 148.113.221.241 port 25860 ssh2 [preauth]
May 22 14:47:40 JP sshd[86059]: error: maximum authentication attempts exceeded for root from 103.57.224.219 port 21676 ssh2 [preauth]
May 22 15:03:25 JP sshd[86146]: error: maximum authentication attempts exceeded for root from 123.30.240.7 port 38878 ssh2 [preauth]
May 22 15:20:52 JP sshd[86202]: error: maximum authentication attempts exceeded for invalid user jaylah from 213.209.159.56 port 64627 ssh2 [preauth]
May 22 15:30:03 JP sshd[86222]: error: maximum authentication attempts exceeded for root from 45.252.188.23 port 50146 ssh2 [preauth]
May 22 15:37:13 JP sshd[86241]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 25175 ssh2 [preauth]
May 22 15:37:28 JP sshd[86244]: error: maximum authentication attempts exceeded for invalid user user from

CPU 占用靠前

COMMAND         %CPU %MEM
python3         11.1  1.4
agent            0.5  1.3
sshd             0.3  1.1
fail2ban-server  0.1  5.5
kworker/0:2-cgr  0.0  0.0

内存占用靠前

COMMAND         %CPU %MEM
fail2ban-server  0.1  5.5
xray             0.0  2.9
python3         10.6  1.4
agent            0.5  1.3
sshd             0.3  1.1

最近登录

reboot   system boot  Tue May 12 20:30   still running      6.8.0-107-generic
root     pts/0        Tue May 12 20:11 - crash  (00:19)     223.90.73.202
root     pts/0        Sun May 10 11:16 - 11:22  (00:06)     129.146.59.53
root     pts/0        Sat May  9 16:05 - 16:23  (00:17)     222.140.170.86
root     pts/0        Wed May  6 00:01 - 00:17  (00:16)     38.76.188.244
KR — 日志/进程摘要

最近错误日志(最多 40 行)

-- No entries --

CPU 占用靠前

COMMAND         %CPU %MEM
ps              50.0  0.4
systemd          3.2  1.1
agent            1.0  1.3
python3          0.5  1.2
sshd             0.1  1.0

内存占用靠前

COMMAND         %CPU %MEM
fail2ban-server  0.0  3.3
fwupd            0.0  3.2
systemd-journal  0.0  3.0
multipathd       0.0  2.8
snapd            0.0  2.3

最近登录

root     pts/0        Tue May  5 15:40 - 16:17  (00:37)     38.76.188.244
root     pts/0        Tue May  5 03:32 - 03:32  (00:00)     223.90.73.101
reboot   system boot  Fri May  1 10:43   still running      6.17.0-1011-oracle
root     pts/1        Fri May  1 10:30 - down   (00:12)     223.90.73.101
root     pts/0        Fri May  1 10:30 - down   (00:12)     223.90.73.101
USB — 日志/进程摘要

最近错误日志(最多 40 行)

May 22 02:47:51 instance-20260423-0151 sshd[765031]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 37097 ssh2 [preauth]
May 22 02:47:58 instance-20260423-0151 sshd[765033]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 30375 ssh2 [preauth]
May 22 02:50:51 instance-20260423-0151 sshd[765053]: error: maximum authentication attempts exceeded for invalid user yash from 213.209.159.56 port 45348 ssh2 [preauth]
May 22 03:21:31 instance-20260423-0151 sshd[765277]: error: kex_exchange_identification: read: Connection reset by peer
May 22 04:00:11 instance-20260423-0151 sshd[765457]: error: maximum authentication attempts exceeded for invalid user dasha from 213.209.159.56 port 60812 ssh2 [preauth]
May 22 04:01:54 instance-20260423-0151 sshd[765468]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 54297 ssh2 [preauth]
May 22 04:01:57 instance-20260423-0151 sshd[765470]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 24484 ssh2 [preauth]
May 22 04:41:52 instance-20260423-0151 sshd[765701]: error: kex_exchange_identification: read: Connection reset by peer
May 22 05:09:04 instance-20260423-0151 sshd[765939]: error: maximum authentication attempts exceeded for invalid user emmaline from 213.209.159.56 port 41046 ssh2 [preauth]
May 22 05:15:17 instance-20260423-0151 sshd[765975]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 28787 ssh2 [preauth]
May 22 05:15:19 instance-20260423-0151 sshd[765977]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 22334 ssh2 [preauth]
May 22 05:50:00 instance-20260423-0151 sshd[766124]: error: maximum authentication attempts exceeded for root from 61.77.63.232 port 54574 ssh2 [preauth]
May 22 05:50:03 instance-20260423-0151 sshd[766129]: error: maximum authentication attempts exceeded for root from 61.77.63.232 port 54904 ssh2 [preauth]
May 22 05:50:05 instance-20260423-0151 sshd[766131]: error: maximum authentication attempts exceeded for root from 61.77.63.232 port 55362 ssh2 [preauth]
May 22 06:15:38 instance-20260423-0151 sshd[766351]: error: kex_exchange_identification: read: Connection reset by peer
May 22 06:17:12 instance-20260423-0151 sshd[766363]: error: maximum authentication attempts exceeded for invalid user izabel from 213.209.159.56 port 10057 ssh2 [pr

CPU 占用靠前

COMMAND         %CPU %MEM
systemd          3.2  1.1
agent            0.9  1.3
python3          0.4  1.2
bash             0.1  0.3
gomon            0.0  1.6

内存占用靠前

COMMAND         %CPU %MEM
fwupd            0.0  4.5
fail2ban-server  0.0  4.3
multipathd       0.0  2.8
snapd            0.0  2.4
systemd-journal  0.0  2.3

最近登录

root     pts/1        Mon May  4 08:15 - 08:20  (00:05)     223.90.73.101
root     pts/0        Mon May  4 08:15 - 08:20  (00:05)     223.90.73.101
reboot   system boot  Fri May  1 10:43   still running      6.17.0-1011-oracle
root     pts/1        Fri May  1 10:31 - down   (00:11)     223.90.73.101
root     pts/0        Fri May  1 10:31 - down   (00:11)     223.90.73.101
DE — 日志/进程摘要

最近错误日志(最多 40 行)

May 22 13:05:39 iZgw8bgfuauyw9zjm1qsftZ sshd[2257139]: error: maximum authentication attempts exceeded for root from 104.243.38.174 port 51946 ssh2 [preauth]
May 22 13:07:43 iZgw8bgfuauyw9zjm1qsftZ sshd[2257159]: error: maximum authentication attempts exceeded for root from 193.46.255.86 port 16507 ssh2 [preauth]
May 22 13:11:12 iZgw8bgfuauyw9zjm1qsftZ sshd[2257182]: error: maximum authentication attempts exceeded for root from 206.212.242.68 port 9190 ssh2 [preauth]
May 22 13:41:37 iZgw8bgfuauyw9zjm1qsftZ sshd[2257883]: error: kex_exchange_identification: read: Connection reset by peer
May 22 13:57:05 iZgw8bgfuauyw9zjm1qsftZ sshd[2258005]: error: maximum authentication attempts exceeded for invalid user izabel from 213.209.159.56 port 39219 ssh2 [preauth]
May 22 14:06:57 iZgw8bgfuauyw9zjm1qsftZ sshd[2258063]: error: maximum authentication attempts exceeded for admin from 2.57.121.112 port 20525 ssh2 [preauth]
May 22 14:07:00 iZgw8bgfuauyw9zjm1qsftZ sshd[2258065]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 32744 ssh2 [preauth]
May 22 14:50:46 iZgw8bgfuauyw9zjm1qsftZ sshd[2258343]: error: maximum authentication attempts exceeded for root from 104.243.38.174 port 43684 ssh2 [preauth]
May 22 15:02:37 iZgw8bgfuauyw9zjm1qsftZ sshd[2258461]: error: maximum authentication attempts exceeded for root from 74.48.69.130 port 47702 ssh2 [preauth]
May 22 15:05:02 iZgw8bgfuauyw9zjm1qsftZ sshd[2258482]: error: maximum authentication attempts exceeded for invalid user jaylah from 213.209.159.56 port 32090 ssh2 [preauth]
May 22 15:13:19 iZgw8bgfuauyw9zjm1qsftZ sshd[2258582]: error: maximum authentication attempts exceeded for root from 104.194.9.81 port 37558 ssh2 [preauth]
May 22 15:20:04 iZgw8bgfuauyw9zjm1qsftZ sshd[2258623]: error: maximum authentication attempts exceeded for admin from 2.57.121.112 port 58596 ssh2 [preauth]
May 22 15:20:12 iZgw8bgfuauyw9zjm1qsftZ sshd[2258628]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 53130 ssh2 [preauth]
May 22 15:33:14 iZgw8bgfuauyw9zjm1qsftZ sshd[2258691]: error: maximum authentication attempts exceeded for root from 216.245.216.166 port 31696 ssh2 [preauth]
May 22 15:47:57 iZgw8bgfuauyw9zjm1qsftZ sshd[2258770]: error: kex_exchange_identification: read: Connection reset by peer
May 22 16:12:53 iZgw8bgfuauyw9zjm1qsftZ sshd[2258897]: error: maximum authentication attempts exceeded for invalid user jazzmine from 213.209.159.56 port 49858

CPU 占用靠前

COMMAND         %CPU %MEM
python3          1.0  0.7
agent            0.4  0.7
AliYunDunMonito  0.4  2.5
AliYunDun        0.1  0.5
python           0.0  8.6

内存占用靠前

COMMAND         %CPU %MEM
python           0.0  8.6
AliYunDunMonito  0.4  2.5
fail2ban-server  0.0  2.3
multipathd       0.0  1.6
systemd-journal  0.0  1.4

最近登录

root     pts/0        Sat May 16 22:53 - 22:56  (00:02)     171.13.63.243
root     pts/0        Tue May  5 23:40 - 00:17  (00:36)     38.76.188.244
root     pts/0        Tue May  5 11:31 - 11:31  (00:00)     223.90.73.101
root     pts/1        Tue May  5 00:58 - 01:08  (00:10)     223.90.73.101
root     pts/0        Tue May  5 00:58 - 01:08  (00:10)     223.90.73.101
HK — 日志/进程摘要

最近错误日志(最多 40 行)

May 21 23:57:29 serq25t4zyrk3xk sshd[1590502]: error: maximum authentication attempts exceeded for root from 37.59.115.172 port 44680 ssh2 [preauth]
May 22 00:16:26 serq25t4zyrk3xk sshd[1591294]: error: maximum authentication attempts exceeded for root from 212.192.240.126 port 35736 ssh2 [preauth]
May 22 00:38:37 serq25t4zyrk3xk sshd[1591562]: error: maximum authentication attempts exceeded for root from 89.45.12.110 port 2138 ssh2 [preauth]
May 22 00:40:59 serq25t4zyrk3xk sshd[1591597]: error: kex_exchange_identification: read: Connection reset by peer
May 22 00:44:26 serq25t4zyrk3xk sshd[1591646]: error: kex_exchange_identification: read: Connection reset by peer
May 22 00:45:41 serq25t4zyrk3xk sshd[1591653]: error: kex_exchange_identification: read: Connection reset by peer
May 22 00:49:51 serq25t4zyrk3xk sshd[1591740]: error: maximum authentication attempts exceeded for root from 192.95.10.204 port 54082 ssh2 [preauth]
May 22 02:06:37 serq25t4zyrk3xk sshd[1592887]: error: maximum authentication attempts exceeded for root from 103.205.17.26 port 54202 ssh2 [preauth]
May 22 02:26:21 serq25t4zyrk3xk sshd[1593088]: error: maximum authentication attempts exceeded for root from 148.113.221.241 port 61618 ssh2 [preauth]
May 22 02:37:25 serq25t4zyrk3xk sshd[1593189]: error: maximum authentication attempts exceeded for root from 103.57.224.219 port 17660 ssh2 [preauth]
May 22 02:52:43 serq25t4zyrk3xk sshd[1593332]: error: maximum authentication attempts exceeded for root from 184.154.157.184 port 39296 ssh2 [preauth]
May 22 03:29:47 serq25t4zyrk3xk sshd[1593783]: error: kex_exchange_identification: read: Connection reset by peer
May 22 03:35:46 serq25t4zyrk3xk sshd[1593859]: error: kex_exchange_identification: read: Connection reset by peer
May 22 04:03:44 serq25t4zyrk3xk sshd[1594160]: error: maximum authentication attempts exceeded for root from 91.208.184.122 port 54838 ssh2 [preauth]
May 22 04:17:00 serq25t4zyrk3xk sshd[1594318]: error: maximum authentication attempts exceeded for root from 148.113.221.241 port 61620 ssh2 [preauth]
May 22 04:56:34 serq25t4zyrk3xk sshd[1594826]: error: maximum authentication attempts exceeded for root from 31.58.144.12 port 36802 ssh2 [preauth]
May 22 05:00:02 serq25t4zyrk3xk sshd[1594867]: error: maximum authentication attempts exceeded for root from 216.59.16.55 port 60670 ssh2 [preauth]
May 22 05:02:29 serq25t4zyrk3xk sshd[1594888]: error: kex_exchange_identification: read: Connection reset by peer
May 22 05:25:11 serq25

CPU 占用靠前

COMMAND         %CPU %MEM
ps               100  0.2
python3          1.0  0.6
agent            0.8  0.6
sshd             0.3  0.5
fail2ban-server  0.1  3.1

内存占用靠前

COMMAND         %CPU %MEM
systemd-journal  0.0  7.5
fail2ban-server  0.1  3.1
xray             0.0  2.1
multipathd       0.0  1.3
snapd            0.0  1.2

最近登录

root     pts/0        Tue May  5 03:30 - 03:31  (00:00)     171.13.63.88
root     pts/1        Sun May  3 14:26 - 14:27  (00:01)     171.14.141.69
root     pts/0        Sun May  3 14:26 - 14:27  (00:01)     171.14.141.69
root     pts/1        Sun May  3 06:11 - 08:23  (02:12)     171.14.141.69
root     pts/0        Sun May  3 06:11 - 08:23  (02:12)     171.14.141.69
TK — 日志/进程摘要

最近错误日志(最多 40 行)

May 21 13:50:13 jppro1-2023101300230338 sshd[1703010]: error: kex_exchange_identification: Connection closed by remote host
May 21 13:51:29 jppro1-2023101300230338 sshd[1703017]: error: kex_exchange_identification: Connection closed by remote host
May 21 14:43:06 jppro1-2023101300230338 sshd[1703259]: error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
May 21 14:43:06 jppro1-2023101300230338 sshd[1703262]: error: kex_exchange_identification: client sent invalid protocol identifier "GET /favicon.ico HTTP/1.1"
May 21 14:54:16 jppro1-2023101300230338 sshd[1703316]: error: kex_exchange_identification: Connection closed by remote host
May 21 15:18:09 jppro1-2023101300230338 sshd[1703437]: error: kex_exchange_identification: Connection closed by remote host
May 21 16:10:49 jppro1-2023101300230338 sshd[1703703]: error: kex_exchange_identification: Connection closed by remote host
May 21 18:39:15 jppro1-2023101300230338 sshd[1704480]: error: kex_exchange_identification: Connection closed by remote host
May 21 21:46:49 jppro1-2023101300230338 sshd[1705416]: error: kex_exchange_identification: Connection closed by remote host
May 21 21:47:05 jppro1-2023101300230338 sshd[1705419]: error: kex_exchange_identification: Connection closed by remote host
May 21 22:30:16 jppro1-2023101300230338 sshd[1705642]: error: kex_exchange_identification: Connection closed by remote host
May 21 22:58:15 jppro1-2023101300230338 sshd[1705763]: error: kex_exchange_identification: Connection closed by remote host
May 22 01:53:22 jppro1-2023101300230338 sshd[1707088]: error: kex_protocol_error: type 20 seq 2 [preauth]
May 22 01:53:22 jppro1-2023101300230338 sshd[1707088]: error: kex_protocol_error: type 30 seq 3 [preauth]
May 22 01:53:23 jppro1-2023101300230338 sshd[1707088]: error: kex_protocol_error: type 20 seq 4 [preauth]
May 22 01:53:23 jppro1-2023101300230338 sshd[1707088]: error: kex_protocol_error: type 30 seq 5 [preauth]
May 22 01:53:25 jppro1-2023101300230338 sshd[1707088]: error: kex_protocol_error: type 20 seq 6 [preauth]
May 22 01:53:25 jppro1-2023101300230338 sshd[1707088]: error: kex_protocol_error: type 30 seq 7 [preauth]
May 22 01:55:59 jppro1-2023101300230338 sshd[1707113]: error: kex_exchange_identification: Connection closed by remote host
May 22 04:35:05 jppro1-2023101300230338 sshd[1707895]: error: kex_exchange_identification: banner line contains invalid characters
May 22 04:35:24 jppro1-2023101300230338 sshd[1707898]: error:

CPU 占用靠前

COMMAND         %CPU %MEM
python3          2.0  1.0
sshd             0.5  1.1
agent            0.3  1.0
xray             0.1  3.0
systemd          0.0  0.9

内存占用靠前

COMMAND         %CPU %MEM
python           0.0 14.4
xray             0.1  3.0
multipathd       0.0  2.7
fail2ban-server  0.0  1.8
systemd-journal  0.0  1.5

最近登录

root     pts/0        Wed May 20 14:53 - 17:36  (02:42)     223.90.73.156
root     pts/0        Sat May 16 14:53 - 14:56  (00:02)     223.90.73.156
root     pts/0        Wed May 13 14:05 - 14:33  (00:27)     171.13.62.201
root     pts/0        Sat May  9 06:10 - 06:22  (00:12)     171.13.63.220
root     pts/0        Tue May  5 15:39 - 16:17  (00:37)     38.76.188.244
AR — 日志/进程摘要

最近错误日志(最多 40 行)

May 22 09:04:55 instance-20260423-0914 sshd[1370452]: error: maximum authentication attempts exceeded for invalid user admin from 193.46.255.86 port 49942 ssh2 [preauth]
May 22 09:37:40 instance-20260423-0914 sshd[1382571]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 20175 ssh2 [preauth]
May 22 09:37:53 instance-20260423-0914 sshd[1382633]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 25428 ssh2 [preauth]
May 22 09:44:44 instance-20260423-0914 sshd[1385174]: error: maximum authentication attempts exceeded for invalid user wallace from 213.209.159.56 port 10612 ssh2 [preauth]
May 22 10:07:23 instance-20260423-0914 sshd[1393646]: error: kex_exchange_identification: read: Connection reset by peer
May 22 10:51:45 instance-20260423-0914 sshd[1410052]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 18423 ssh2 [preauth]
May 22 10:51:49 instance-20260423-0914 sshd[1410093]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 65159 ssh2 [preauth]
May 22 10:54:18 instance-20260423-0914 sshd[1411000]: error: maximum authentication attempts exceeded for invalid user yash from 213.209.159.56 port 10332 ssh2 [preauth]
May 22 11:40:54 instance-20260423-0914 sshd[1428204]: error: kex_exchange_identification: read: Connection reset by peer
May 22 12:03:37 instance-20260423-0914 sshd[1436601]: error: maximum authentication attempts exceeded for invalid user dasha from 213.209.159.56 port 12942 ssh2 [preauth]
May 22 12:05:28 instance-20260423-0914 sshd[1437270]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 60393 ssh2 [preauth]
May 22 12:05:28 instance-20260423-0914 sshd[1437272]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 39418 ssh2 [preauth]
May 22 12:37:19 instance-20260423-0914 sshd[1449368]: error: kex_exchange_identification: read: Connection reset by peer
May 22 13:12:31 instance-20260423-0914 sshd[1462357]: error: maximum authentication attempts exceeded for invalid user emmaline from 213.209.159.56 port 44561 ssh2 [preauth]
May 22 13:19:04 instance-20260423-0914 sshd[1464768]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 55704 ssh2 [preauth]
May 22 13:19:10 instance-20260423-0914 sshd[1464830]: error: maximum authentication attempts exceeded

CPU 占用靠前

COMMAND         %CPU %MEM
restic           6.4  0.4
agy              4.7  0.9
ssh              2.1  0.0
agent            1.9  0.0
ssh              1.2  0.0

内存占用靠前

COMMAND         %CPU %MEM
next-server (v   0.1  2.2
python           0.1  2.0
python           0.1  1.4
python           0.1  1.2
node             0.0  1.2

最近登录

root     pts/0        Fri May 22 21:37 - 21:38  (00:01)     38.76.188.244
root     pts/0        Fri May 22 20:47 - 20:48  (00:00)     223.90.73.9
root     pts/0        Fri May 22 20:47 - 20:47  (00:00)     223.90.73.9
root     pts/0        Thu May 21 18:39 - 21:49  (03:09)     223.90.73.9
root     pts/0        Wed May 20 19:53 - 19:59  (00:05)     223.90.73.156
KRB — 日志/进程摘要

最近错误日志(最多 40 行)

May 21 17:05:16 instance-20260429-1226 sshd[867895]: error: maximum authentication attempts exceeded for invalid user magdalena from 193.46.255.86 port 63844 ssh2 [preauth]
May 21 17:13:23 instance-20260429-1226 sshd[867933]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 28920 ssh2 [preauth]
May 21 17:52:36 instance-20260429-1226 sshd[868216]: error: maximum authentication attempts exceeded for invalid user chace from 213.209.159.56 port 53137 ssh2 [preauth]
May 21 18:30:25 instance-20260429-1226 sshd[868355]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 23435 ssh2 [preauth]
May 21 19:03:43 instance-20260429-1226 sshd[868464]: error: maximum authentication attempts exceeded for invalid user claudio from 213.209.159.56 port 64840 ssh2 [preauth]
May 21 19:20:27 instance-20260429-1226 sshd[868511]: error: kex_exchange_identification: read: Connection reset by peer
May 21 19:45:48 instance-20260429-1226 sshd[868602]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 40001 ssh2 [preauth]
May 21 20:08:47 instance-20260429-1226 sshd[868680]: error: kex_exchange_identification: read: Connection reset by peer
May 21 20:14:31 instance-20260429-1226 sshd[868701]: error: maximum authentication attempts exceeded for invalid user demetri from 213.209.159.56 port 19138 ssh2 [preauth]
May 21 21:00:49 instance-20260429-1226 sshd[868839]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 21778 ssh2 [preauth]
May 21 21:25:01 instance-20260429-1226 sshd[868911]: error: maximum authentication attempts exceeded for invalid user deric from 213.209.159.56 port 21605 ssh2 [preauth]
May 21 22:15:27 instance-20260429-1226 sshd[869080]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 18673 ssh2 [preauth]
May 21 22:35:06 instance-20260429-1226 sshd[869227]: error: maximum authentication attempts exceeded for invalid user justen from 213.209.159.56 port 55296 ssh2 [preauth]
May 21 23:30:00 instance-20260429-1226 sshd[869365]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 7458 ssh2 [preauth]
May 21 23:44:40 instance-20260429-1226 sshd[869421]: error: maximum authentication attempts exceeded for invalid user robbie from 213.209.159.56 port 42833 ssh2 [preauth]
May 22 00:44:21 instance-20260429-1226 sshd[869744]: e

CPU 占用靠前

COMMAND         %CPU %MEM
ps               100  0.4
systemd          4.1  1.1
agent            0.9  1.3
python3          0.5  1.2
sshd             0.1  1.0

内存占用靠前

COMMAND         %CPU %MEM
fail2ban-server  0.0  4.4
fwupd            0.0  4.4
multipathd       0.0  2.8
systemd-journal  0.0  2.5
snapd            0.0  2.3

最近登录

root     pts/0        Tue May  5 03:33 - 03:33  (00:00)     223.90.73.101
root     pts/1        Mon May  4 08:27 - 08:28  (00:00)     223.90.73.101
root     pts/0        Mon May  4 08:27 - 08:28  (00:00)     223.90.73.101
reboot   system boot  Fri May  1 10:43   still running      6.17.0-1011-oracle
root     pts/1        Fri May  1 10:30 - down   (00:11)     223.90.73.101
US — 日志/进程摘要

最近错误日志(最多 40 行)

May 22 02:01:21 ser0570106010 sshd[1033870]: error: maximum authentication attempts exceeded for invalid user wallace from 213.209.159.56 port 44096 ssh2 [preauth]
May 22 03:09:15 ser0570106010 sshd[1034462]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 44187 ssh2 [preauth]
May 22 03:09:18 ser0570106010 sshd[1034464]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 46214 ssh2 [preauth]
May 22 03:10:48 ser0570106010 sshd[1034475]: error: maximum authentication attempts exceeded for invalid user yash from 213.209.159.56 port 33930 ssh2 [preauth]
May 22 04:23:00 ser0570106010 sshd[1035262]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 38219 ssh2 [preauth]
May 22 04:23:03 ser0570106010 sshd[1035264]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 7830 ssh2 [preauth]
May 22 05:03:04 ser0570106010 sshd[1035436]: error: kex_protocol_error: type 20 seq 2 [preauth]
May 22 05:03:04 ser0570106010 sshd[1035436]: error: kex_protocol_error: type 30 seq 3 [preauth]
May 22 05:03:05 ser0570106010 sshd[1035436]: error: kex_protocol_error: type 20 seq 4 [preauth]
May 22 05:03:05 ser0570106010 sshd[1035436]: error: kex_protocol_error: type 30 seq 5 [preauth]
May 22 05:03:07 ser0570106010 sshd[1035436]: error: kex_protocol_error: type 20 seq 6 [preauth]
May 22 05:03:07 ser0570106010 sshd[1035436]: error: kex_protocol_error: type 30 seq 7 [preauth]
May 22 05:29:39 ser0570106010 sshd[1035480]: error: maximum authentication attempts exceeded for invalid user emmaline from 213.209.159.56 port 13981 ssh2 [preauth]
May 22 05:36:22 ser0570106010 sshd[1035495]: error: kex_exchange_identification: read: Connection reset by peer
May 22 05:36:27 ser0570106010 sshd[1035496]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 16390 ssh2 [preauth]
May 22 05:36:35 ser0570106010 sshd[1035498]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 45764 ssh2 [preauth]
May 22 06:37:39 ser0570106010 sshd[1036672]: error: maximum authentication attempts exceeded for invalid user izabel from 213.209.159.56 port 52354 ssh2 [preauth]
May 22 06:49:44 ser0570106010 sshd[1036699]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 6231 ssh2 [preauth]
May 22 06:49:58 ser0570106010 sshd[1036701]: er

CPU 占用靠前

COMMAND         %CPU %MEM
ps              1000  0.1
agent            1.7  0.3
python3          1.0  0.3
sshd             0.4  0.2
python           0.2  4.7

内存占用靠前

COMMAND         %CPU %MEM
python           0.2  4.7
dockerd          0.0  2.3
containerd       0.2  1.4
fail2ban-server  0.1  1.2
snapd            0.0  1.0

最近登录

root     pts/0        Mon May 18 03:22 - 03:28  (00:06)     171.13.59.203
root     pts/0        Sat May 16 14:54 - 14:54  (00:00)     171.13.63.243
root     pts/0        Sat May 16 14:51 - 14:53  (00:02)     171.13.63.243
root     pts/0        Sun May 10 13:43 - 14:01  (00:17)     82.158.88.91
root     pts/1        Sat May  9 08:13 - 08:23  (00:09)     222.140.170.86
HKA — 日志/进程摘要

最近错误日志(最多 40 行)

May 22 00:24:20 ser4062572352 sshd[17498]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 59071 ssh2 [preauth]
May 22 01:05:42 ser4062572352 sshd[17717]: error: maximum authentication attempts exceeded for invalid user admin from 193.46.255.86 port 19893 ssh2 [preauth]
May 22 01:38:05 ser4062572352 sshd[17892]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 28032 ssh2 [preauth]
May 22 01:38:21 ser4062572352 sshd[17894]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 28505 ssh2 [preauth]
May 22 02:40:13 ser4062572352 sshd[18039]: error: kex_exchange_identification: read: Connection reset by peer
May 22 02:52:12 ser4062572352 sshd[18070]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 28792 ssh2 [preauth]
May 22 02:52:21 ser4062572352 sshd[18072]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 11111 ssh2 [preauth]
May 22 04:05:57 ser4062572352 sshd[18242]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 52883 ssh2 [preauth]
May 22 04:06:00 ser4062572352 sshd[18244]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 12645 ssh2 [preauth]
May 22 04:34:37 ser4062572352 sshd[18448]: error: kex_exchange_identification: read: Connection reset by peer
May 22 05:19:35 ser4062572352 sshd[18752]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 9222 ssh2 [preauth]
May 22 05:19:39 ser4062572352 sshd[18755]: error: maximum authentication attempts exceeded for invalid user user from 2.57.121.25 port 18252 ssh2 [preauth]
May 22 05:21:01 ser4062572352 sshd[18762]: error: kex_exchange_identification: read: Connection reset by peer
May 22 05:28:07 ser4062572352 sshd[18795]: error: kex_exchange_identification: read: Connection reset by peer
May 22 05:28:46 ser4062572352 sshd[18800]: error: kex_exchange_identification: read: Connection reset by peer
May 22 05:32:28 ser4062572352 sshd[18816]: error: kex_exchange_identification: read: Connection reset by peer
May 22 05:35:10 ser4062572352 sshd[18837]: error: kex_exchange_identification: read: Connection reset by peer
May 22 06:32:56 ser4062572352 sshd[19347]: error: maximum authentication attempts exceeded for invalid user admin from 2.57.121.112 port 11765 ssh2 [preauth]

CPU 占用靠前

COMMAND         %CPU %MEM
ps               300  0.1
agent            2.6  0.3
python3          0.7  0.3
python           0.7  3.5
fail2ban-server  0.4  0.9

内存占用靠前

COMMAND         %CPU %MEM
python           0.7  3.5
dockerd          0.0  2.0
containerd       0.3  1.2
snapd            0.0  1.0
fail2ban-server  0.4  0.9

最近登录

reboot   system boot  Wed May 20 13:09   still running      6.8.0-111-generic
root     pts/0        Sat May 16 14:53 - 14:56  (00:02)     171.13.63.243
reboot   system boot  Fri May 15 03:07   still running      6.8.0-111-generic
reboot   system boot  Mon May 11 00:47   still running      6.8.0-111-generic
root     pts/0        Sun May 10 11:49 - 12:01  (00:11)     38.76.188.244
HKY — 日志/进程摘要

最近错误日志(最多 40 行)

May 21 15:48:43 hks2-202404291529122cb8ee sshd[203596]: error: kex_exchange_identification: banner line contains invalid characters
May 21 15:49:02 hks2-202404291529122cb8ee sshd[203597]: error: kex_exchange_identification: Connection closed by remote host
May 21 15:49:04 hks2-202404291529122cb8ee sshd[203600]: error: Protocol major versions differ: 2 vs. 1
May 21 16:09:40 hks2-202404291529122cb8ee sshd[203620]: error: kex_exchange_identification: banner line contains invalid characters
May 21 21:26:13 hks2-202404291529122cb8ee sshd[203963]: error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_185.155.235.171_22"
May 22 00:12:47 hks2-202404291529122cb8ee sshd[204134]: error: kex_exchange_identification: Connection closed by remote host
May 22 06:57:28 hks2-202404291529122cb8ee sshd[204644]: error: kex_exchange_identification: banner line contains invalid characters
May 22 11:51:54 hks2-202404291529122cb8ee sshd[205347]: error: kex_exchange_identification: read: Connection reset by peer
May 22 12:03:40 hks2-202404291529122cb8ee sshd[205362]: error: kex_exchange_identification: Connection closed by remote host

CPU 占用靠前

COMMAND         %CPU %MEM
systemd          2.3  0.9
python3          0.8  1.0
agent            0.6  1.2
sshd             0.3  1.1
fail2ban-server  0.1  2.0

内存占用靠前

COMMAND         %CPU %MEM
multipathd       0.0  2.7
fail2ban-server  0.1  2.0
xray             0.0  1.6
networkd-dispat  0.0  1.2
agent            0.6  1.2

最近登录

root     pts/1        Thu May  7 13:32 - 13:51  (00:19)     47.76.157.133
root     pts/0        Thu May  7 12:34 - 13:54  (01:20)     185.155.235.171
root     pts/0        Thu May  7 12:29 - 12:34  (00:04)     185.155.235.171
root     pts/0        Thu May  7 12:29 - 12:29  (00:00)     103.232.213.10
root     pts/1        Thu May  7 12:22 - 12:29  (00:07)     103.232.213.10

原始结构化结果保存在本机:/root/.hermes/profiles/network/reports/vps_audit_20260522_214010.json