我们的服务器最近遭到攻击,日志中的内容类似于以下内容:
[Mon Feb 18 09:18:43 2019] [IP_ADDRESS] script '/var/www/ynm.php' not found or unable to stat
[Mon Feb 18 09:18:43 2019] [IP_ADDRESS] script '/var/www/71.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/wadre.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/vm.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/test.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/1q.php' not found or unable to stat
[Mon Feb 18 09:18:45 2019] [IP_ADDRESS] script '/var/www/1111.php' not found or unable to stat
[Mon Feb 18 09:18:45 2019] [IP_ADDRESS] script '/var/www/errors.php' not found or unable to stat
[Mon Feb 18 09:18:46 2019] [IP_ADDRESS] script '/var/www/q.php' not found or unable to stat
这些攻击有时持续数小时,并冻结服务器。
如何防止这种情况发生? (这仅供Amazon EC2实例参考)
谢谢!
答案 0 :(得分:0)
这很常见,只需使用fail2ban并启用诸如badbot之类的监狱。只要您没有重大的安全漏洞,这些机器人就不会冒犯。通常,他们扫描/ admin或/ phpmyadmin或预安装的文件夹,这对于更改这些文件夹的名称是一件好事。