1

我看到一些看起来可疑的日志条目。下面列出的没有一个请求实际上是针对该应用程序的。有人可以建议我该怎么做吗?这是我在服务器上部署的第一个应用程序。

catalina.out 中的条目

Mar 16, 2013 7:46:11 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "admin"

localhost_access_log 中的条目

210.44.159.49 - - [16/Mar/2013:00:24:04 +0530] "GET HTTP/1.1 HTTP/1.1" 400 -
210.44.159.49 - - [16/Mar/2013:00:24:04 +0530] "GET /index.php HTTP/1.1" 404 969
210.44.159.49 - - [16/Mar/2013:00:24:05 +0530] "GET /admin/index.php HTTP/1.1" 404 981
210.44.159.49 - - [16/Mar/2013:00:24:06 +0530] "GET /admin/pma/index.php HTTP/1.1" 404 989
210.44.159.49 - - [16/Mar/2013:00:24:06 +0530] "GET /admin/phpmyadmin/index.php HTTP/1.1" 404 1003
210.44.159.49 - - [16/Mar/2013:00:24:07 +0530] "GET /db/index.php HTTP/1.1" 404 975
210.44.159.49 - - [16/Mar/2013:00:24:08 +0530] "GET /dbadmin/index.php HTTP/1.1" 404 985
210.44.159.49 - - [16/Mar/2013:00:24:08 +0530] "GET /myadmin/index.php HTTP/1.1" 404 985
210.44.159.49 - - [16/Mar/2013:00:24:10 +0530] "GET /mysql/index.php HTTP/1.1" 404 981
210.44.159.49 - - [16/Mar/2013:00:24:12 +0530] "GET /mysqladmin/index.php HTTP/1.1" 404 991
210.44.159.49 - - [16/Mar/2013:00:24:13 +0530] "GET /typo3/phpmyadmin/index.php HTTP/1.1" 404 1003
210.44.159.49 - - [16/Mar/2013:00:24:14 +0530] "GET /phpadmin/index.php HTTP/1.1" 404 987
210.44.159.49 - - [16/Mar/2013:00:24:15 +0530] "GET /phpMyAdmin/index.php HTTP/1.1" 404 991
210.44.159.49 - - [16/Mar/2013:00:24:15 +0530] "GET /phpmyadmin/index.php HTTP/1.1" 404 991
210.44.159.49 - - [16/Mar/2013:00:24:16 +0530] "GET /phpmyadmin1/index.php HTTP/1.1" 404 993
210.44.159.49 - - [16/Mar/2013:00:24:17 +0530] "GET /phpmyadmin2/index.php HTTP/1.1" 404 993
210.44.159.49 - - [16/Mar/2013:00:24:17 +0530] "GET /pma/index.php HTTP/1.1" 404 977
210.44.159.49 - - [16/Mar/2013:00:24:18 +0530] "GET /web/phpMyAdmin/index.php HTTP/1.1" 404 999
210.44.159.49 - - [16/Mar/2013:00:24:19 +0530] "GET /xampp/phpmyadmin/index.php HTTP/1.1" 404 1003
210.44.159.49 - - [16/Mar/2013:00:24:19 +0530] "GET /web/index.php HTTP/1.1" 404 977
210.44.159.49 - - [16/Mar/2013:00:24:20 +0530] "GET /php-my-admin/index.php HTTP/1.1" 404 995
210.44.159.49 - - [16/Mar/2013:00:24:20 +0530] "GET /websql/index.php HTTP/1.1" 404 983
210.44.159.49 - - [16/Mar/2013:00:24:21 +0530] "GET /phpmyadmin/index.php HTTP/1.1" 404 991
210.44.159.49 - - [16/Mar/2013:00:24:22 +0530] "GET /phpMyAdmin/index.php HTTP/1.1" 404 991
210.44.159.49 - - [16/Mar/2013:00:24:22 +0530] "GET /phpMyAdmin-2/index.php HTTP/1.1" 404 995
210.44.159.49 - - [16/Mar/2013:00:24:23 +0530] "GET /php-my-admin/index.php HTTP/1.1" 404 995
210.44.159.49 - - [16/Mar/2013:00:24:23 +0530] "GET /phpMyAdmin-2.2.3/index.php HTTP/1.1" 404 1003
210.44.159.49 - - [16/Mar/2013:00:24:24 +0530] "GET /phpMyAdmin-2.2.6/index.php HTTP/1.1" 404 1003
210.44.159.49 - - [16/Mar/2013:00:24:24 +0530] "GET /phpMyAdmin-2.5.1/index.php HTTP/1.1" 404 1003
210.44.159.49 - - [16/Mar/2013:00:24:25 +0530] "GET /phpMyAdmin-2.5.4/index.php HTTP/1.1" 404 1003
210.44.159.49 - - [16/Mar/2013:00:24:26 +0530] "GET /phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1" 404 1011
210.44.159.49 - - [16/Mar/2013:00:24:26 +0530] "GET /phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1" 404 1011
210.44.159.49 - - [16/Mar/2013:00:24:27 +0530] "GET /phpMyAdmin-2.5.5/index.php HTTP/1.1" 404 1003
210.44.159.49 - - [16/Mar/2013:00:24:27 +0530] "GET /phpMyAdmin-2.5.5-pl1/index.php HTTP/1.1" 404 1011
210.44.159.49 - - [16/Mar/2013:00:24:28 +0530] "GET /phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1" 404 1011
210.44.159.49 - - [16/Mar/2013:00:24:28 +0530] "GET /phpMyAdmin-2.5.6-rc2/index.php HTTP/1.1" 404 1011
210.44.159.49 - - [16/Mar/2013:00:24:29 +0530] "GET /phpMyAdmin-2.5.6/index.php HTTP/1.1" 404 1003
210.44.159.49 - - [16/Mar/2013:00:24:29 +0530] "GET /phpMyAdmin-2.5.7/index.php HTTP/1.1" 404 1003
210.44.159.49 - - [16/Mar/2013:00:24:30 +0530] "GET /phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1" 404 1011
210.44.159.49 - - [16/Mar/2013:00:24:31 +0530] "GET HTTP/1.1 " 400 -
69.175.54.106 - - [16/Mar/2013:00:44:54 +0530] "GET / HTTP/1.0" 200 7959
66.249.75.14 - - [16/Mar/2013:04:27:44 +0530] "GET /robots.txt HTTP/1.1" 404 971
2.122.109.242 - - [16/Mar/2013:16:50:17 +0530] "GET / HTTP/1.1" 200 7959
2.122.109.242 - - [16/Mar/2013:16:50:17 +0530] "GET /css/style_new.css HTTP/1.1" 304 -
2.122.109.242 - - [16/Mar/2013:16:50:17 +0530] "GET /favicon.ico HTTP/1.1" 404 973
2.122.109.242 - - [16/Mar/2013:16:50:26 +0530] "GET /OfferedOnRent.html HTTP/1.1" 200 17666
2.122.109.242 - - [16/Mar/2013:16:50:26 +0530] "GET /images/20130313094059_0_thumb.jpg HTTP/1.1" 200 4020
2.122.109.242 - - [16/Mar/2013:16:50:26 +0530] "GET /images/20130312105214_0_thumb.jpg HTTP/1.1" 200 2961
2.122.109.242 - - [16/Mar/2013:16:50:26 +0530] "GET /images/20130312051229_0_thumb.jpg HTTP/1.1" 200 3714
180.166.74.227 - - [16/Mar/2013:19:40:30 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:40:31 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:40:31 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:40:31 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:40:32 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:40:32 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:40:32 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:40:32 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:46:09 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:46:09 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:46:10 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:46:10 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:46:10 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:46:10 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:46:11 +0530] "HEAD /manager/status HTTP/1.1" 401 -
180.166.74.227 - - [16/Mar/2013:19:46:11 +0530] "HEAD /manager/status HTTP/1.1" 401 -
4

3 回答 3

1

这种情况一直在发生,而且可能 绝对不是一个有形的人。人们编写脚本来尝试从任何版本的 PHPMyAdmin 获得成功的结果,尝试对几乎所有可能的帐户名和密码进行 SSH 尝试,或者只是尝试任何可能存在潜在漏洞的东西。当您在公共开放 IP 地址上拥有服务器时,这些事情必然会发生。

当有人尝试访问网站时,GET会在 HTTP 服务器上执行请求。这显然是一个脚本(查看时间戳),它正在尝试GET通用名称,对于每个GET请求,都会在 Apache(或您的情况下为 Tomcat Apache)中创建一个日志条目,用于表示GET其结果。这些条目中的大多数是HTTP 404错误,大多数人都知道这意味着找不到资源。

有多种资源可帮助服务器管理员跟踪或阻止此类活动:

失败2禁令

拒绝主机

日志观察

最好的建议是一,经常打补丁,特别是如果你看到一个列为安全补丁,二,使用防火墙,只打开从服务器到开放世界的绝对最需要的端口。

于 2013-03-16T15:30:34.070 回答
1

您是否已确保安装安全?

在我看来,经理应用程序可以从外部访问。
180.166.74.227 - - [16/Mar/2013:19:46:09 +0530] “HEAD /manager/status HTTP/1.1”401 -

您应该采取措施保护经理。 https://www.owasp.org/index.php/Securing_tomcat#Securing_Manager_WebApp

于 2013-03-16T16:05:34.507 回答
0

在我看来,有人试图入侵您的服务器。

于 2013-03-16T15:15:45.487 回答