以下是否表示存在安全威胁?如果是,我该如何阻止它?
2018-10-25T18:54:50.549213Z 217151 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T18:54:50.783917Z 217153 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:24.779369Z 218340 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:25.271370Z 218344 [Note] Access denied for user 'test'@'localhost' (using password: YES)
2018-10-25T19:00:25.746069Z 218348 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:26.720098Z 218353 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:27.204406Z 218358 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:27.681921Z 218361 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:28.162192Z 218364 [Note] Access denied for user 'wordpress'@'localhost' (using password: YES)
2018-10-25T19:00:28.651509Z 218368 [Note] Access denied for user 'admin'@'localhost' (using password: YES)
2018-10-25T19:00:29.146605Z 218372 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:30.124145Z 218377 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:30.615942Z 218379 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:31.105515Z 218382 [Note] Access denied for user 'popa3d'@'localhost' (using password: YES)
2018-10-25T19:00:31.601103Z 218386 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:32.081792Z 218389 [Note] Access denied for user 'joomla'@'localhost' (using password: YES)
2018-10-25T19:00:32.575698Z 218393 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:33.067957Z 218396 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:33.555079Z 218398 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:34.031557Z 218402 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T19:00:34.519629Z 218407 [Note] Access denied for user 'root'@'localhost' (using password: YES)
答案1
因此我在我的服务器上搜索了其他 joomla 实例等。这在 apache 访问日志中发现了数千个如下所示的条目。
142.93.210.85 - - [25/Oct/2018:19:00:29 +0000] "GET /phpmyadmin/index.php?pma_username=root&pma_password=1234 HTTP/1.1" 200 12100 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
因此,印度的一个脚本小子(或通过印度代理)正在追踪 php my admin。将执行以下操作以在 /etc/apache2/conf-available/phpmyadmin.conf 中添加白名单