Kipperlenny
Erfahrenes Mitglied
Einer meiner Server wird gerade wie blöd angegriffen - falls es jemanden interessiert, dachte ich, ich poste mal logwatch Auszüge.
Der Server ist geschützt durch:
- keine standard ssh port
- kein root login
- mod-evasive
- fail2ban
- mod-security
- alle pakete aktuell (Debian Squeeze mit LAMP)
Es ist sehr schön zu erkennen was die Bots versuchen zu kriegen - zum Beispiel mysqldumper Dateien die in einem öffentlich zugänglichen Verzeichnis liegen, oder SQL Injections über ?95or etc.
Das ganze also nur zur Information - oder falls mir jemand Tipps geben möchte.
php Konfiguration ist so sicher wie die Anwendung des Kunden es möglich macht z.B. safe_mode = Off
Der Server ist geschützt durch:
- keine standard ssh port
- kein root login
- mod-evasive
- fail2ban
- mod-security
- alle pakete aktuell (Debian Squeeze mit LAMP)
Code:
pam_unix
sshd:
Authentication Failures:
root (27.251.97.25): 3 Time(s)
unknown (122.70.187.42): 3 Time(s)
nobody (116.125.126.12): 2 Time(s)
unknown (116.125.126.12): 2 Time(s)
Invalid Users:
Unknown Account: 5 Time(s)
su:
Sessions Opened:
root -> root: 3 Time(s)
fail2ban-messages
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 3:3 ]
httpd
Requests with error response codes
400 Bad Request
/: 1 Time(s)
/w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
403 Forbidden
/: 1 Time(s)
/?100: 1 Time(s)
/?16: 1 Time(s)
/?17: 1 Time(s)
/?19: 1 Time(s)
/?20: 1 Time(s)
/?21: 1 Time(s)
/?22: 1 Time(s)
/?23: 1 Time(s)
/?28: 1 Time(s)
/?29: 1 Time(s)
/?34: 1 Time(s)
/?35: 1 Time(s)
/?37: 1 Time(s)
/?38: 1 Time(s)
/?39: 1 Time(s)
/?40: 1 Time(s)
/?41: 1 Time(s)
/?42: 1 Time(s)
/?43: 1 Time(s)
/?44: 1 Time(s)
/?45: 1 Time(s)
/?46: 1 Time(s)
/?47: 1 Time(s)
/?48: 1 Time(s)
/?49: 1 Time(s)
/?50: 1 Time(s)
/?51: 1 Time(s)
/?52: 1 Time(s)
/?53: 1 Time(s)
/?54: 1 Time(s)
/?55: 1 Time(s)
/?56: 1 Time(s)
/?57: 1 Time(s)
/?58: 1 Time(s)
/?59: 1 Time(s)
/?60: 1 Time(s)
/?61: 1 Time(s)
/?62: 1 Time(s)
/?63: 1 Time(s)
/?64: 1 Time(s)
/?65: 1 Time(s)
/?66: 1 Time(s)
/?67: 1 Time(s)
/?68: 1 Time(s)
/?69: 1 Time(s)
/?70: 1 Time(s)
/?71: 1 Time(s)
/?72: 1 Time(s)
/?73: 1 Time(s)
/?74: 1 Time(s)
/?75: 1 Time(s)
/?76: 1 Time(s)
/?77: 1 Time(s)
/?78: 1 Time(s)
/?79: 1 Time(s)
/?80: 1 Time(s)
/?81: 1 Time(s)
/?82: 1 Time(s)
/?83: 1 Time(s)
/?84: 1 Time(s)
/?85: 1 Time(s)
/?86: 1 Time(s)
/?87: 1 Time(s)
/?88: 1 Time(s)
/?89: 1 Time(s)
/?90: 1 Time(s)
/?91: 1 Time(s)
/?92: 1 Time(s)
/?93: 1 Time(s)
/?94: 1 Time(s)
/?95: 1 Time(s)
/?96: 1 Time(s)
/?97: 1 Time(s)
/?98: 1 Time(s)
/?99: 1 Time(s)
404 Not Found
/SQLiteManager-1.2.1/main.php: 1 Time(s)
/SQLiteManager-1.2.3/main.php: 1 Time(s)
/SQliteManager-1.2.1/SQLiteManager-1.2.2/main.php: 1 Time(s)
/SQliteManager-1.2.4/SQLiteManager-1.2.4/main.php: 1 Time(s)
/appConf.htm: 1 Time(s)
/backup/dumper/main.php: 1 Time(s)
/backup/main.php: 1 Time(s)
/backup/msd0.1/main.php: 1 Time(s)
/backup/msd1.21/main.php: 1 Time(s)
/backup/msd1.21b6/main.php: 1 Time(s)
/backup/msd1.22/main.php: 1 Time(s)
/backup/msd1.23/main.php: 1 Time(s)
/backup/msd1.24.2/main.php: 1 Time(s)
/backup/msd1.24.3/main.php: 1 Time(s)
/backup/msd1.24stable/main.php: 1 Time(s)
/backup/msd1.25/main.php: 1 Time(s)
/backup/mysqldumper/main.php: 1 Time(s)
/backuptool/main.php: 1 Time(s)
/bk/main.php: 1 Time(s)
/data_dump/main.php: 1 Time(s)
/db/main.php: 1 Time(s)
/dbsich/main.php: 1 Time(s)
/dmpr/main.php: 1 Time(s)
/dumper/main.php: 1 Time(s)
/msd/main.php: 1 Time(s)
/msd1.23/main.php: 1 Time(s)
/msd1.23/msd/main.php: 1 Time(s)
/msd1.24.1/main.php: 1 Time(s)
/msd1.24.1/msd/main.php: 1 Time(s)
/msd1.24.2/msd/main.php: 1 Time(s)
/msd1.24.3/msd/main.php: 1 Time(s)
/msd1.24.4/msd/main.php: 1 Time(s)
/msd1.24/msd/main.php: 1 Time(s)
/msd1.24RC1.5/main.php: 1 Time(s)
/msd1.24RC1.6/main.php: 1 Time(s)
/msd1.24RC1.7/main.php: 1 Time(s)
/msd1.24RC1.8/main.php: 1 Time(s)
/msd1.24stable/main.php: 1 Time(s)
/msd1.24stable/msd/main.php: 1 Time(s)
/my-sql/main.php: 1 Time(s)
/my/main.php: 1 Time(s)
/mysqld/main.php: 1 Time(s)
/mysqldump/main.php: 1 Time(s)
/mysqldumper/main.php: 1 Time(s)
/mysqldumper/msd1.23/main.php: 1 Time(s)
/mysqldumper/msd1.24.1/main.php: 1 Time(s)
/mysqldumper/msd1.24.1/msd/main.php: 1 Time(s)
/mysqldumper/msd1.24.2/msd/main.php: 1 Time(s)
/mysqldumper/msd1.24.3/main.php: 1 Time(s)
/mysqldumper/msd1.24.3/msd/main.php: 1 Time(s)
/mysqldumper/msd1.24.4/msd/main.php: 1 Time(s)
/mysqldumper/msd1.24/msd/main.php: 1 Time(s)
/mysqldumper/msd1.24stable/msd/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.1/msd/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.1/msd1.24.1/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.2/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.2/msd/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.2/msd1.24.2/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.2/msd1.24.2/msd/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.3/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.3/msd/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.3/msd1.24.3/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.4/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.4/msd/main.php: 1 Time(s)
/mysqldumper/mysqldumper1.24.4/msd1.24.4/msd/main.php: 1 Time(s)
/mysqldumper1.24.1/main.php: 1 Time(s)
/mysqldumper1.24.1/msd/main.php: 1 Time(s)
/mysqldumper1.24.1/msd1.24.1/main.php: 1 Time(s)
/mysqldumper1.24.1/msd1.24.1/msd/main.php: 1 Time(s)
/mysqldumper1.24.2/main.php: 1 Time(s)
/mysqldumper1.24.2/msd/main.php: 1 Time(s)
/mysqldumper1.24.2/msd1.24.2/msd/main.php: 1 Time(s)
/mysqldumper1.24.3/main.php: 1 Time(s)
/mysqldumper1.24.3/msd/main.php: 1 Time(s)
/mysqldumper1.24.4/main.php: 1 Time(s)
/mysqldumper1.24.4/msd/main.php: 1 Time(s)
/mysqldumper1.24.4/msd1.24.4/main.php: 1 Time(s)
/robots.txt: 3 Time(s)
/sqlite/main.php: 1 Time(s)
Es ist sehr schön zu erkennen was die Bots versuchen zu kriegen - zum Beispiel mysqldumper Dateien die in einem öffentlich zugänglichen Verzeichnis liegen, oder SQL Injections über ?95or etc.
Das ganze also nur zur Information - oder falls mir jemand Tipps geben möchte.
php Konfiguration ist so sicher wie die Anwendung des Kunden es möglich macht z.B. safe_mode = Off
Zuletzt bearbeitet von einem Moderator: