Jun 28, 2013 1:04:27 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "admin"
Jun 28, 2013 1:04:27 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "admin"
Jun 28, 2013 1:51:08 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Jun 28, 2013 1:51:55 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Jun 28, 2013 1:51:55 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Jun 28, 2013 1:52:36 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Jun 28, 2013 1:52:36 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
我看到上述几百次尝试。有人试图破解我的网站吗?我应该担心吗?
答案 0 :(得分:6)
欢迎来到互联网。您的服务器很可能已连接到互联网,因此它将捕获所有类型的背景噪音。更智能的机器人将为您正在运行的平台尝试标准帐户,其他人则会盲目地发送随机请求。
发生了什么事吗?不在你在这个日志文件中的行 - 在其他情况下机器人是否成功?谁知道。
这就是为什么所有加固文档中的#1都是:消除默认帐户。不幸的是,在所有软件开发过程中,这还不是第一,但是这种漏洞可以使用越来越少的默认帐户。
它还很好地证明了为什么你不应该在易于猜测的帐户名称中拥有100个最受欢迎的密码之一。