ruby-on-rails – 有人试图进入我的服务器吗?

前端之家收集整理的这篇文章主要介绍了ruby-on-rails – 有人试图进入我的服务器吗?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我上周主持了我的Rails应用程序.今天我正在浏览我们的日志文件并注意到很多这样的请求.

I,[2016-03-14T00:42:18.501703 #21223]  INFO -- : Started GET "/testproxy.PHP" for 185.49.14.190 at 2016-03-14 00:42:18 -0400
F,[2016-03-14T00:42:18.510616 #21223] FATAL -- : 
ActionController::RoutingError (No route matches [GET] "/testproxy.PHP"):

有人试图从不同的IP地址转到testproxy.PHP.有些ip来自波兰,有些来自香港.我被某人袭击了吗?我有什么保护自己的选择.

以下是日志文件中的其他输出

I,[2016-03-14T03:09:24.945467 #15399]  INFO -- : Started GET "/clientaccesspolicy.xml" for 107.22.223.242 at 2016-03-14 03:09:24 -0400
F,[2016-03-14T03:09:24.949328 #15399] FATAL -- : 
ActionController::RoutingError (No route matches [GET] "/clientaccesspolicy.xml"):

不同的IP地址:

I,[2016-03-14T16:03:47.793731 #15399]  INFO -- : Started GET "/testproxy.PHP" for 178.216.200.48 at 2016-03-14 16:03:47 -0400
F,[2016-03-14T16:03:47.818519 #15399] FATAL -- : 
ActionController::RoutingError (No route matches [GET] "/testproxy.PHP"):

search.PHP

I,[2016-03-14T19:41:14.261843 #15399]  INFO -- : Started GET "/forum/search.PHP" for 164.132.161.67 at 2016-03-14 19:41:14 -0400
F,[2016-03-14T19:41:14.266563 #15399] FATAL -- : 
ActionController::RoutingError (No route matches [GET] "/forum/search.PHP"):

论坛/ index.PHP文件

I,[2016-03-15T10:54:55.254785 #26469]  INFO -- : Started GET "/forum/index.PHP" for 164.132.161.56 at 2016-03-15 10:54:55 -0400
F,[2016-03-15T10:54:55.266456 #26469] FATAL -- : 
ActionController::RoutingError (No route matches [GET] "/forum/index.PHP"):

PHPmyadim /脚本/ setup.PHP

I,[2016-03-15T13:21:36.862918 #26469]  INFO -- : Started GET "/PHPMyAdmin/scripts/setup.PHP" for 103.25.73.234 at 2016-03-15 13:21:36 -0400
F,[2016-03-15T13:21:36.867050 #26469] FATAL -- : 
ActionController::RoutingError (No route matches [GET] "/PHPMyAdmin/scripts/setup.PHP"):

另一个setup.PHP

I,[2016-03-15T13:21:37.452097 #26469]  INFO -- : Started GET "/pma/scripts/setup.PHP" for 103.25.73.234 at 2016-03-15 13:21:37 -0400
F,[2016-03-15T13:21:37.453647 #26469] FATAL -- : 
ActionController::RoutingError (No route matches [GET] "/pma/scripts/setup.PHP"):

myadmin /脚本/ setup.PHP

I,[2016-03-15T13:21:38.034283 #26469]  INFO -- : Started GET "/myadmin/scripts/setup.PHP" for 103.25.73.234 at 2016-03-15 13:21:38 -0400
F,[2016-03-15T13:21:38.041563 #26469] FATAL -- : 
ActionController::RoutingError (No route matches [GET] "/myadmin/scripts/setup.PHP"):

还有很多其他的东西.请告诉我如何保护自己免受这些攻击.

最佳答案
当您运行公共服务器时,这很常见.这是我家庭服务器的auth.log的摘录:

Mar 14 19:22:36 hotdog sshd[65937]: Received disconnect from 181.214.92.11:  11: Bye Bye [preauth]
Mar 14 19:22:37 hotdog sshd[65939]: Invalid user ubnt from 181.214.92.11
Mar 14 19:22:37 hotdog sshd[65939]: input_userauth_request: invalid user ubnt [preauth]
Mar 14 19:22:37 hotdog sshd[65939]: Received disconnect from 181.214.92.11: 11: Bye Bye [preauth]
Mar 14 19:22:38 hotdog sshd[65941]: Invalid user support from 181.214.92.11
Mar 14 19:22:38 hotdog sshd[65941]: input_userauth_request: invalid user support [preauth]
Mar 14 19:22:38 hotdog sshd[65941]: Received disconnect from 181.214.92.11: 11: Bye Bye [preauth]
Mar 14 19:22:39 hotdog sshd[65943]: Invalid user oracle from 181.214.92.11
Mar 14 19:22:39 hotdog sshd[65943]: input_userauth_request: invalid user oracle [preauth]
Mar 14 19:22:39 hotdog sshd[65943]: Received disconnect from 181.214.92.11: 11: Bye Bye [preauth]
Mar 14 19:22:40 hotdog sshd[65945]: Received disconnect from 181.214.92.11: 11: Bye Bye [preauth]
Mar 14 19:24:04 hotdog sshd[65947]: fatal: Read from socket Failed: Operation timed out [preauth]
Mar 14 20:01:19 hotdog sshd[66032]: Received disconnect from 183.3.202.102: 11:  [preauth]
Mar 14 20:40:17 hotdog sshd[66092]: Invalid user cacti from 199.217.117.71
Mar 14 20:40:17 hotdog sshd[66092]: input_userauth_request: invalid user cacti [preauth]
Mar 14 20:40:17 hotdog sshd[66092]: Connection closed by 199.217.117.71 [preauth]
Mar 14 21:32:09 hotdog sshd[66188]: Received disconnect from 183.3.202.102: 11:  [preauth]
Mar 14 22:01:59 hotdog sshd[66256]: Invalid user user1 from 199.217.117.71
Mar 14 22:01:59 hotdog sshd[66256]: input_userauth_request: invalid user user1 [preauth]
Mar 14 22:02:00 hotdog sshd[66256]: Connection closed by 199.217.117.71 [preauth]
Mar 14 22:17:57 hotdog sshd[66280]: Did not receive identification string from 14.182.117.161

正如您所看到的那样,人们不断尝试通过猜测用户名来侵入我的服务器.由于服务器只接受publickey登录,而不是密码,我相信自己对这些特殊攻击相当安全.

这同样适用于您的PHP文件.他们正试图找到一个他们可以运行一些罐头漏洞的PHP端点.您可以使用fail2ban等工具来帮助限制速率.但实际上这些攻击总是存在于公共服务器上.唯一的方法是确保您的软件能够抵御攻击.

一些常识常识提示

>不要运行超出您需要的服务,因为任何一项服务都可能会打开您的服务器进行攻击.使用nmap检查已打开的端口.
>检查您的apache / Nginx配置是否允许执行超过必要的更多(PHP)文件.
>不断更新您的软件.这些攻击中的大多数是自动化的,因此依赖于常见包中的已发布漏洞.

猜你在找的Nginx相关文章