apache – 我被黑客了?

这里只是从我的Apache 2.0 error_log几行:

[Sun Nov 25 08:22:04 2012] [error] [client 64.34.195.190] File does not exist: /var/www/vhosts/default/htdocs/admin
[Sun Nov 25 14:14:32 2012] [error] [client 96.254.171.2] File does not exist: /var/www/vhosts/default/htdocs/azenv.php
[Wed Nov 28 03:02:01 2012] [error] [client 91.205.189.15] File does not exist: /var/www/vhosts/default/htdocs/user
[Wed Nov 28 03:44:35 2012] [error] [client 66.193.171.223] File does not exist: /var/www/vhosts/default/htdocs/vtigercrm
[Mon Dec 03 00:09:16 2012] [error] [client 82.223.239.68] File does not exist: /var/www/vhosts/default/htdocs/jmx-console
[Mon Dec 03 20:48:44 2012] [error] [client 221.2.209.46] File does not exist: /var/www/vhosts/default/htdocs/manager
[Thu Dec 06 07:37:04 2012] [error] [client 116.254.203.24] File does not exist: /var/www/vhosts/default/htdocs/w00tw00t.at.blackhats.romanian.anti-sec:)
[Thu Dec 06 07:37:05 2012] [error] [client 116.254.203.24] File does not exist: /var/www/vhosts/default/htdocs/phpMyAdmin
[Thu Dec 06 07:37:05 2012] [error] [client 116.254.203.24] File does not exist: /var/www/vhosts/default/htdocs/phpmyadmin
[Thu Dec 06 07:37:06 2012] [error] [client 116.254.203.24] File does not exist: /var/www/vhosts/default/htdocs/pma
[Thu Dec 06 07:37:06 2012] [error] [client 116.254.203.24] File does not exist: /var/www/vhosts/default/htdocs/myadmin
[Thu Dec 06 07:37:07 2012] [error] [client 116.254.203.24] File does not exist: /var/www/vhosts/default/htdocs/MyAdmin
[Thu Dec 13 02:19:53 2012] [error] [client 96.254.171.2] File does not exist: /var/www/vhosts/default/htdocs/judge.php

最常见的错误是“phpMyAdmin”文件和“w00tw00t.at.blackhats.romanian.anti-sec :)”的请求。

我可以看到请求来自的IP地址。但谁是“客户”?

谢谢,
沙恩

这只是许多Script Kiddies部署的自动脚本,在您的apache版本/配置中寻找安全漏洞。签名w00tw00t通常由DFind留下。

只需使用像这个例子这样配置的fail2ban这样的程序就可以避免被这些请求所淹没:

07000

这并不一定意味着你被黑客入侵,但服务器已经被扫描了漏洞。但是,如果您使用在这些日志中看到的任何软件,并且它是具有已知漏洞的旧版本,则应检查服务器是否存在异常文件和登录活动。

http://stackoverflow.com/questions/13897993/am-i-being-hacked

本站文章除注明转载外,均为本站原创或编译
转载请明显位置注明出处:apache – 我被黑客了?