Hur orolig bör man vara?

Tråden skapades och har fått 5 svar. Det senaste inlägget skrevs .
1

Kikade i loggen till en av webservrarna som jag administrerar. Servern kör OS X Leopard Server 10.5.3.
Uppenbarligen letas det flitigt efter installerade scriptspråk och vanliga sökvägar till admingränssnitt. Nu kör just denna server inget förutom den inbyggda webservern i OS X utan några tillägg eller extra installationer.
Bör man göra något, och i sådant fall vad?

[Thu May 29="29" 19:46:49 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMYadmin
[Thu May 29="29" 19:46:49 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpmyADMIN
[Thu May 29="29" 19:46:49 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/pmamy
[Thu May 29="29" 19:46:49 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/pma
[Thu May 29="29" 19:46:49 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/PMA
[Thu May 29="29" 19:46:49 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/myadmin
[Thu May 29="29" 19:46:49 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/MYADMIN
[Thu May 29="29" 19:46:49 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/MYadmin
[Thu May 29="29" 19:46:49 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/myADMIN
[Thu May 29="29" 19:46:49 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/MyAdmin
[Thu May 29="29" 19:46:50 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/PMA
[Thu May 29="29" 19:46:50 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpmyadmin
[Thu May 29="29" 19:46:50 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/mysql
[Thu May 29="29" 19:46:50 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/admin
[Thu May 29="29" 19:46:50 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/db
[Thu May 29="29" 19:46:50 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/dbadmin
[Thu May 29="29" 19:46:50 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/web
[Thu May 29="29" 19:46:50 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/admin
[Thu May 29="29" 19:46:50 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/admin
[Thu May 29="29" 19:46:50 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/admin
[Thu May 29="29" 19:46:50 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/mysql-admin
[Thu May 29="29" 19:46:51 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpmyadmin2
[Thu May 29="29" 19:46:51 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/mysqladmin
[Thu May 29="29" 19:46:51 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/mysql-admin
[Thu May 29="29" 19:46:51 2008="2008"] [error] [client 90.184.74.14] script '/Volumes/Server HD/personalweb/main.phpmain.php' not found or unable to stat
[Thu May 29="29" 19:46:51 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.5.6
[Thu May 29="29" 19:46:51 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.5.4
[Thu May 29="29" 19:46:51 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.5.1
[Thu May 29="29" 19:46:51 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.2.3
[Thu May 29="29" 19:46:51 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.9.1
[Thu May 29="29" 19:46:51 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.9.0
[Thu May 29="29" 19:46:51 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.9.0.2
[Thu May 29="29" 19:46:52 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.9.0.1
[Thu May 29="29" 19:46:52 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.8.2.4
[Thu May 29="29" 19:46:52 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.8.2.2
[Thu May 29="29" 19:46:52 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.8.2.1
[Thu May 29="29" 19:46:52 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.7.0-pl2
[Thu May 29="29" 19:46:52 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.7.0
[Thu May 29="29" 19:46:52 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.6.4-pl4
[Thu May 29="29" 19:46:52 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.6.4
[Thu May 29="29" 19:46:52 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.8.1
[Thu May 29="29" 19:46:52 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.2.6
[Thu May 29="29" 19:46:53 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.2.7
[Thu May 29="29" 19:46:53 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.2.7-pl1
[Thu May 29="29" 19:46:53 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpMyAdmin-2.2.0
[Thu May 29="29" 19:46:53 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/myadmin
[Thu May 29="29" 19:46:53 2008="2008"] [error] [client 90.184.74.14] File does not exist: /Volumes/Server HD/personalweb/phpmyadmin

Är nog rätt standard med sånt där. Så länge du inte kör programvara med massa kända hål så hittar dom ju inget dom kan använda..

Jag råkar ut för samma sak dagligen. Finns inga phpMyAdmin på våra burkar kan jag lova.

Rimligtvis lägger man väl phpMyAdmin bakom en http authentication om man ska installera det.

  • Medlem
  • Stockholm
  • 2008-05-30 18:18

Det finns många automatiserade "toolkits" som bara går igenom en rad med IP adresser, eller så tar man själv och knappar in en som vill attackera, och det är ju inte bara PHPMyAdmin som det söks efter..

Så ta Adrians råd, för saker som du nu vill gömma lite kan du köra med http authentication, även om det inte är så säkert i sig så stoppar det ju de flesta genom att du helt enkelt blir för mycket jobb

Senast som jag körde webbserver så låg den och snittade 400 "träffar" per sekund från olika personer som försökte allt från gammla Code Red attacker till "gissa mapp rättigheter".

Annars är det ju bara stänga av den från det publika internet om den nu inte måste vara tillgänglig, den servern kanske är för ett företag eller sådant?

Ursprungligen av ntity:

Så ta Adrians råd, för saker som du nu vill gömma lite kan du köra med http authentication, även om det inte är så säkert i sig så stoppar det ju de flesta genom att du helt enkelt blir för mycket jobb

Exakt! Det räcker långt som skydd mot de script som söker automatiskt. Det skyddar också mot att vanliga sökmotorer ska hitta din installation.

De som skriver skripten är ute efter enkla och ofta kända säkerhetshål, vanligtvis i gamla versioner av populära webbapplikationer som phpBB, WordPress, phpMyAdmin osv.

1
Bevaka tråden