Question

我们的服务器最近遭到攻击，日志中的内容类似于以下内容：

[Mon Feb 18 09:18:43 2019] [IP_ADDRESS] script '/var/www/ynm.php' not found or unable to stat
[Mon Feb 18 09:18:43 2019] [IP_ADDRESS] script '/var/www/71.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/wadre.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/vm.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/test.php' not found or unable to stat
[Mon Feb 18 09:18:44 2019] [IP_ADDRESS] script '/var/www/1q.php' not found or unable to stat
[Mon Feb 18 09:18:45 2019] [IP_ADDRESS] script '/var/www/1111.php' not found or unable to stat
[Mon Feb 18 09:18:45 2019] [IP_ADDRESS] script '/var/www/errors.php' not found or unable to stat
[Mon Feb 18 09:18:46 2019] [IP_ADDRESS] script '/var/www/q.php' not found or unable to stat

这些攻击有时持续数小时，并冻结服务器。

如何防止这种情况发生？（这仅供Amazon EC2实例参考）

谢谢！

Answer 1

这很常见，只需使用fail2ban并启用诸如badbot之类的监狱。只要您没有重大的安全漏洞，这些机器人就不会冒犯。通常，他们扫描/ admin或/ phpmyadmin或预安装的文件夹，这对于更改这些文件夹的名称是一件好事。

防范PHP文件攻击

1 个答案: