妥协的DigitalOcean Droplet路由奇怪的流量

时间:2016-12-06 12:36:37

标签: mysql wordpress apache security

我有预装了Wordpress的DigitalOcean Ubuntu 16.04 Droplet。它有SSH登录 启用root和密码登录禁用。 UFW已启用。

不是安全专家,只是新手webdev,但它似乎已经受到了损害。

我认为这是因为我禁用了严格的SQL模式'根据本教程: https://serverpilot.io/community/articles/how-to-disable-strict-mode-in-mysql-5-7.html

我有第二个Wordpress安装要在服务器上安装,并且只能用它来安装 禁用严格模式。完成安装后,我没有重新启用它。

以下是Apache2 error.log文件的摘录:

[Mon Dec 05 10:32:51.819437 2016] [:error] [pid 15466] [client 172.68.10.110:26708] PHP Warning:  mysqli_query(): MySQL server has gone away in /var/www/html/wp-includes/wp-db.php on line 1868
[Mon Dec 05 10:32:51.821173 2016] [:error] [pid 15466] [client 172.68.10.110:26708] PHP Warning:  mysqli_query(): Error reading result set's header in /var/www/html/wp$
[Mon Dec 05 10:32:51.819142 2016] [:error] [pid 4570] [client 66.249.79.102:64614] PHP Warning:  mysqli_query(): MySQL server has gone away in /var/www/html/wp-include$
[Mon Dec 05 10:32:51.821877 2016] [:error] [pid 4570] [client 66.249.79.102:64614] PHP Warning:  mysqli_query(): Error reading result set's header in /var/www/html/wp-$
[Mon Dec 05 10:32:51.819998 2016] [:error] [pid 3981] [client 173.245.55.78:35305] PHP Warning:  mysqli_query(): MySQL server has gone away in /var/www/html/wp-include$
[Mon Dec 05 10:32:51.822283 2016] [:error] [pid 3981] [client 173.245.55.78:35305] PHP Warning:  mysqli_query(): Error reading result set's header in /var/www/html/wp-$
[Mon Dec 05 15:12:58.198942 2016] [core:error] [pid 17194] (36)File name too long: [client 66.249.79.104:58168] AH00036: access to /read-online-psychedelic-research-in$
[Mon Dec 05 23:02:30.550613 2016] [core:error] [pid 20194] (36)File name too long: [client 66.249.79.98:51473] AH00036: access to /read-online-peoples-temple-including$
[Tue Dec 06 04:15:03.795417 2016] [core:error] [pid 21882] (36)File name too long: [client 66.249.79.98:53902] AH00036: access to /novels-by-tad-williams-including-the$
[Tue Dec 06 07:47:20.068192 2016] [mpm_prefork:notice] [pid 1475] AH00169: caught SIGTERM, shutting down
[Tue Dec 06 07:47:21.097262 2016] [mpm_prefork:notice] [pid 23589] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Tue Dec 06 07:47:21.097393 2016] [core:notice] [pid 23589] AH00094: Command line: '/usr/sbin/apache2'
[Tue Dec 06 07:54:16.190667 2016] [mpm_prefork:notice] [pid 23589] AH00169: caught SIGTERM, shutting down
[Tue Dec 06 07:54:32.918723 2016] [mpm_prefork:notice] [pid 1525] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Tue Dec 06 07:54:32.934492 2016] [core:notice] [pid 1525] AH00094: Command line: '/usr/sbin/apache2'
[Tue Dec 06 07:55:51.504685 2016] [mpm_prefork:notice] [pid 1525] AH00169: caught SIGTERM, shutting down
[Tue Dec 06 07:55:52.592154 2016] [mpm_prefork:notice] [pid 1906] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Tue Dec 06 07:55:52.592279 2016] [core:notice] [pid 1906] AH00094: Command line: '/usr/sbin/apache2'
[Tue Dec 06 08:45:58.655029 2016] [core:error] [pid 2052] (36)File name too long: [client 66.249.79.79:42704] AH00036: access to /read-online-encyclopedia-of-christmas$

以下是Apache2 access.log文件的摘录:

130.193.51.38 - - [05/Dec/2016:08:21:55 +0000] "GET /file-archive-1692.xml HTTP/1.1" 404 517 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)"
66.249.79.98 - - [05/Dec/2016:08:21:55 +0000] "GET /file-archive-1575.xml HTTP/1.1" 404 516 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.htm$
172.68.11.121 - - [05/Dec/2016:08:21:56 +0000] "GET /steps-for-astaire-by-nigel-roberts.pdf HTTP/1.1" 404 537 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yand$
66.249.79.98 - - [05/Dec/2016:08:21:56 +0000] "GET /christian-prayer-liturgy-of-the-hours-black-leather.pdf HTTP/1.1" 404 550 "-" "Mozilla/5.0 (compatible; Googlebot/2$
66.249.79.122 - - [05/Dec/2016:08:21:56 +0000] "GET /colonel-roosevelt.pdf HTTP/1.1" 404 514 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.ht$
66.249.79.98 - - [05/Dec/2016:08:21:57 +0000] "GET /definitive-bob-dylan-songbook-music-sales-america.pdf HTTP/1.1" 404 548 "-" "Mozilla/5.0 (compatible; Googlebot/2.1$
172.68.11.131 - - [05/Dec/2016:08:21:57 +0000] "GET /doris-force-at-locked-gates-gytcjx.pdf HTTP/1.1" 404 537 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yand$
66.249.79.79 - - [05/Dec/2016:08:21:57 +0000] "GET /read-online-le-belv-d-re-du-diable-by-rosemary-carter.pdf HTTP/1.1" 404 548 "-" "Mozilla/5.0 (compatible; Googlebot$
66.249.79.98 - - [05/Dec/2016:08:21:58 +0000] "GET /read-online-furball-and-feathers-by-sean-sweeney.pdf HTTP/1.1" 404 547 "-" "Mozilla/5.0 (compatible; Googlebot/2.1;$
172.68.11.121 - - [05/Dec/2016:08:21:58 +0000] "GET /until-it-breaks-by-suggestivescribe.pdf HTTP/1.1" 404 538 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yan$
66.249.79.98 - - [05/Dec/2016:08:21:58 +0000] "GET /the-knights-templars-the-key-of-solomon-the-king.pdf HTTP/1.1" 404 547 "-" "Mozilla/5.0 (compatible; Googlebot/2.1;$
66.249.79.81 - - [05/Dec/2016:08:21:59 +0000] "GET /file-archive-845.xml HTTP/1.1" 404 527 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html$
66.249.79.98 - - [05/Dec/2016:08:21:59 +0000] "GET /guide-to-old-radios-pointers-pictures-and-prices.pdf HTTP/1.1" 404 547 "-" "Mozilla/5.0 (compatible; Googlebot/2.1;$
172.68.11.134 - - [05/Dec/2016:08:21:59 +0000] "GET /the-puppet-boy-of-warsaw-eva-weaver.pdf HTTP/1.1" 404 538 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yan$
66.249.79.98 - - [05/Dec/2016:08:21:59 +0000] "GET /bon-voyage-level-2-student-edition-glencoe-french.pdf HTTP/1.1" 404 548 "-" "Mozilla/5.0 (compatible; Googlebot/2.1$
66.249.79.102 - - [05/Dec/2016:08:22:00 +0000] "GET /read-online-the-seal-s-surprise-baby-by-amy-j-fetzer.pdf HTTP/1.1" 404 552 "-" "Mozilla/5.0 (compatible; Googlebot$
162.158.91.152 - - [05/Dec/2016:08:22:00 +0000] "GET /my-philosophy-for-successful-living.pdf HTTP/1.1" 404 538 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://ya$
66.249.79.106 - - [05/Dec/2016:08:22:00 +0000] "GET /read-online-time-enough-for-drums-by-ann-rinaldi.pdf HTTP/1.1" 404 548 "-" "Mozilla/5.0 (compatible; Googlebot/2.1$

我正在使用nano来抓住这些,所以他们得到了部分切断。

正如您所看到的,我的服务器正在制作所有这些奇怪的GET请求,它看起来像是流量或其他内容。

172.68.10.110和172.68.11.121是俄罗斯知识产权。

这只是禁用SQL严格模式的结果吗?有什么建议?

1 个答案:

答案 0 :(得分:2)

这是正常的服务器行为,并没有特别关注。

您看到对某些奇怪网址的请求的原因可能是您从DigitalOcean分配的IP地址以前曾用于托管其他网站 - 这是非常常见的内容,无需担心。

相关问题
最新问题