mysql 日志显示可能存在奇怪的尝试访问 mysql 服务器的情况。如果是这样,如何确定来源?

mysql 日志显示可能存在奇怪的尝试访问 mysql 服务器的情况。如果是这样,如何确定来源?

以下是否表示存在安全威胁?如果是,我该如何阻止它?

2018-10-25T18:54:50.549213Z 217151 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T18:54:50.783917Z 217153 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:24.779369Z 218340 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:25.271370Z 218344 [Note] Access denied for user 'test'@'localhost' (using password: YES)
2018-10-25T19:00:25.746069Z 218348 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:26.720098Z 218353 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:27.204406Z 218358 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:27.681921Z 218361 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:28.162192Z 218364 [Note] Access denied for user 'wordpress'@'localhost' (using password: YES)
2018-10-25T19:00:28.651509Z 218368 [Note] Access denied for user 'admin'@'localhost' (using password: YES)
2018-10-25T19:00:29.146605Z 218372 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:30.124145Z 218377 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:30.615942Z 218379 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:31.105515Z 218382 [Note] Access denied for user 'popa3d'@'localhost' (using password: YES)
2018-10-25T19:00:31.601103Z 218386 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:32.081792Z 218389 [Note] Access denied for user 'joomla'@'localhost' (using password: YES)
2018-10-25T19:00:32.575698Z 218393 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:33.067957Z 218396 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:33.555079Z 218398 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:34.031557Z 218402 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:34.519629Z 218407 [Note] Access denied for user 'root'@'localhost' (using password: YES)

答案1

因此我在我的服务器上搜索了其他 joomla 实例等。这在 apache 访问日志中发现了数千个如下所示的条目。

142.93.210.85 - - [25/Oct/2018:19:00:29 +0000] "GET /phpmyadmin/index.php?pma_username=root&pma_password=1234 HTTP/1.1" 200 12100 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"

因此,印度的一个脚本小子(或通过印度代理)正在追踪 php my admin。将执行以下操作以在 /etc/apache2/conf-available/phpmyadmin.conf 中添加白名单

https://community.rackspace.com/products/f/public-cloud-forum/7386/configuring-phpmyadmin-with-restricted-ip-access

相关内容