我刚刚看到一系列新的错误/var/log/apache2/error.log
[Thu May 07 17:12:35.433760 2015] [:error] [pid 3488] [client 190.79.132.215:51660] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:38.066293 2015] [:error] [pid 3471] [client 190.79.132.215:51679] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:43.523091 2015] [:error] [pid 3474] [client 190.204.156.103:59542] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:45.213665 2015] [:error] [pid 3451] [client 190.204.156.103:59568] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:50.660274 2015] [:error] [pid 3472] [client 190.204.156.103:59592] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:51.354739 2015] [:error] [pid 3473] [client 82.8.22.23:49205] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:51.512948 2015] [:error] [pid 3446] [client 82.8.22.23:49206] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:51.669047 2015] [:error] [pid 3488] [client 82.8.22.23:49207] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:51.838961 2015] [:error] [pid 3471] [client 82.8.22.23:49208] script '/var/www/html/r.php' not found or unable to stat
r.php不存在。
该服务器在 LAMP 设置中运行 Ubuntu 14.04。
我以前从未见过这种攻击,我是否应该担心或以任何方式保护我的系统?
答案1
似乎有人正在通过不同的端口扫描您的网站并寻找特定文件(php源码) 可能是后门或类似的东西。由于文件不存在,它会抛出错误(这很好)...我有时也会看到这种日志条目。
关于如何总体确保 LAMP 安全,请遵循以下答案:保护 LAMP 服务器的技巧