Apache 错误日志显示以下消息。在我看来,这似乎是一次攻击,但不确定这意味着什么。谁能告诉我这些攻击是什么以及如何防止此类攻击造成的损害
[Wed Jan 22 00:39:36 2014] [error] [client x.y.z.a] File does not exist: /var/www/site/webdav
[Wed Jan 22 00:39:36 2014] [error] [client x.y.z.a] File does not exist: /var/www/site/administrator
[Wed Jan 22 00:39:37 2014] [error] [client x.y.z.a] File does not exist: /var/www/site/wp-login.php
[Wed Jan 22 00:39:37 2014] [error] [client x.y.z.a] File does not exist: /var/www/site/blog
[Wed Jan 22 00:39:37 2014] [error] [client x.y.z.a] File does not exist: /var/www/site/zecmd
[Wed Jan 22 00:39:37 2014] [error] [client x.y.z.a] File does not exist: /var/www/site/web-console
[Wed Jan 22 00:39:38 2014] [error] [client x.y.z.a] File does not exist: /var/www/site/manager
[Wed Jan 22 11:18:19 2014] [error] [client x.y.z.a] script not found or unable to stat: /usr/lib/cgi-bin/php
[Wed Jan 22 11:18:19 2014] [error] [client x.y.z.a] script not found or unable to stat: /usr/lib/cgi-bin/php5
[Wed Jan 22 11:18:19 2014] [error] [client x.y.z.a] script not found or unable to stat: /usr/lib/cgi-bin/php-cgi
[Wed Jan 22 11:18:19 2014] [error] [client x.y.z.a] script not found or unable to stat: /usr/lib/cgi-bin/php.cgi
[Wed Jan 22 11:18:19 2014] [error] [client x.y.z.a] script not found or unable to stat: /usr/lib/cgi-bin/php4
答案1
不幸的是,这类请求很正常。许多攻击者编写了多个脚本来查找存在安全漏洞的服务器。这些脚本正在扫描互联网并寻找不安全的服务器。
你能做的是
- 保持服务器软件的所有系统组件为最新版本(apache httpd、博客软件如 wordpress 等......)
- 关闭所有不需要的开放端口或/并删除所有不再使用的软件组件