防范PHP文件攻击
[英]Protect against PHP file attack
问题描述
Our server has been attacked recently and looks something like the following in the logs: 
我们的服务器最近遭到攻击,日志中的内容类似于以下内容:
[Mon Feb 18 09:18:43 2019] [IP_ADDRESS] script '/var/www/ynm.php' not found or unable to stat
[Mon Feb 18 09:18:43 2019] [IP_ADDRESS] script '/var/www/71.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/wadre.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/vm.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/test.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/1q.php' not found or unable to stat
[Mon Feb 18 09:18:45 2019] [IP_ADDRESS] script '/var/www/1111.php' not found or unable to stat
[Mon Feb 18 09:18:45 2019] [IP_ADDRESS] script '/var/www/errors.php' not found or unable to stat
[Mon Feb 18 09:18:46 2019] [IP_ADDRESS] script '/var/www/q.php' not found or unable to stat
These attacks go on for hours sometimes and freezes the server. 这些攻击有时持续数小时,并冻结服务器。
How can one protect against this? 如何防止这种情况发生? (This is for an Amazon EC2 instance for reference) (这是供Amazon EC2实例参考)
Thanks! 谢谢!
1 个解决方案
解决方案1
0 2019-02-21 15:56:09
That's pretty common just use fail2ban and enable some jails like badbot. 这很常见,只需使用fail2ban并启用一些监狱,如badbot。 Those bots are inoffensive as long as you don't have big security breaches. 只要您没有重大的安全漏洞,这些机器人就不会冒犯。 Usually they scan for /admin or /phpmyadmin or pre-installed folders that's a good thing to change those folder's name. 通常,他们扫描/ admin或/ phpmyadmin或预安装的文件夹,这对于更改这些文件夹的名称是一件好事。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.