有人试图在Ec2中破解我的Rails应用程序。我该如何预防?

时间:2017-09-16 22:13:11

标签: ruby-on-rails ruby-on-rails-4 amazon-ec2

我去了我的EC2中的access.log文件,我看到了这些:

XYZ.00.11.222 - - [16/Sep/2017:12:30:04 -0300] "HEAD /phpmyadmin/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:06 -0300] "HEAD /myadmin/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:06 -0300] "HEAD /shopdb/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:06 -0300] "HEAD /program/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:06 -0300] "HEAD /PMA/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:07 -0300] "HEAD /dbadmin/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:07 -0300] "HEAD /pma/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:07 -0300] "HEAD /db/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:07 -0300] "HEAD /admin/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:07 -0300] "HEAD /database/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:08 -0300] "HEAD /db/phpmyadmin/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:08 -0300] "HEAD /db/phpMyAdmin/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:08 -0300] "HEAD /sqlmanager/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:09 -0300] "HEAD /admin/phpmyadmin/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:09 -0300] "HEAD /admin/phpMyAdmin/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:10 -0300] "HEAD /admin/sqladmin/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:10 -0300] "HEAD /admin/db/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:10 -0300] "HEAD /admin/web/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:17 -0300] "HEAD /php-my-admin/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:17 -0300] "HEAD /PMA2011/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:17 -0300] "HEAD /PMA2012/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:20 -0300] "HEAD /pma2018/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:20 -0300] "HEAD /phpmyadmin2011/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"
XYZ.00.11.222 - - [16/Sep/2017:12:30:21 -0300] "HEAD /phpmanager/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 Jorgee"

越来越多......

有没有办法防止这种攻击? 我有一个Rails应用程序,我可以通过routes.rb重定向一些请求,但我不知道如何执行此操作。

如果发生在你身上,你会怎么做? 因为我不知道......

我的环境信息:

OS: Ubuntu 14.04.2 LTS (GNU/Linux 3.13.0-48-generic x86_64)
ruby -v: ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-linux]
rails -v: 4.2.3
nginx: nginx/1.8.0
passenger -v: 5.0.10

我正在使用Load Balancer。

1 个答案:

答案 0 :(得分:3)

这些类型的请求很常见,如果您的网站是公开托管的,则无法阻止它们。但是,您可以采取一些措施来限制来自IP的请求或完全禁止IP。有一个名为rack-attack的宝石,在处理这些场景时非常方便。给它一个旋转,看看它是如何为你工作的。

相关问题
最新问题