web剛開站 就發現很多針對phpmyadmin的連線,但是這台根本沒安裝過
雖然web不限ip被這樣測算很正常
這一類想暴力破解的,有需要做些防禦去阻擋此類行為嗎?
2018/02/05 08:57:47 [error] 21333#0: *15491 open() "/usr/share/nginx/html/phpMyAdmin/scripts/setup.php" failed (2: No such file or directory), client: 66.118.142.165, server: _, request: "HEAD /phpMyAdmin/scripts/setup.php HTTP/1.0"
2018/02/05 14:24:59 [error] 21333#0: *16798 open() "/usr/share/nginx/html/admindb/scripts/setup.php" failed (2: No such file or directory), client: 195.54.47.52, server: _, request: "GET /admindb/scripts/setup.php HTTP/1.1",
2018/02/05 14:25:00 [error] 21333#0: *16799 open() "/usr/share/nginx/html/admin/phpmyadmin/scripts/setup.php" failed (2: No such file or directory), client: 195.54.47.52, server: _, request: "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1",
2018/02/05 14:25:01 [error] 21333#0: *16800 open() "/usr/share/nginx/html/admin/phpMyAdmin/scripts/setup.php" failed (2: No such file or directory), client: 195.54.47.52, server: _, request: "GET /admin/phpMyAdmin/scripts/setup.php HTTP/1.1",
這些掃描不會停 只要該做的修補有做 ,可以不理會。
如果你真的在意,可以導入 fail2ban
https://serverfault.com/questions/435016/custom-fail2ban-filter-for-phpmyadmin-bruteforce-attempts