1. casa
  2. Domanda e risposta
  3. File di registro server Richieste HEAD

File di registro server Richieste HEAD

2015-06-07 15 views
5

Ho trovato alcune voci nel mio file di registro che non capisco. Oltre a tutte le richieste GET attese, ho trovato un numero piuttosto elevato di richieste HEAD che so per certo che la mia applicazione non sta facendo.File di registro server Richieste HEAD

Non ho phpmyadmin, SQL o altre risorse richieste installate sul mio server (app Node.js pura che esegue Mongo DB).

Potrebbe essere automatizzato il software di scansione del server per le vulnerabilità?

[0mHEAD http://54.xxx.xxx.xxx:80/2phpmyadmin/ [36m301 [0m2.044 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/3phpmyadmin/ [36m301 [0m1.789 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/4phpmyadmin/ [36m301 [0m1.749 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/MyAdmin/ [36m301 [0m1.770 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA/ [36m301 [0m1.705 ms - 83[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA2011/ [36m301 [0m1.762 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA2012/ [36m301 [0m1.470 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA2013/ [36m301 [0m1.316 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA2014/ [36m301 [0m1.605 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA2015/ [36m301 [0m1.282 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/ [36m301 [0m1.194 ms - 85[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/db/ [36m301 [0m1.307 ms - 88[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/pMA/ [36m301 [0m1.236 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/phpMyAdmin/ [36m301 [0m1.299 ms - 96[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/phpmyadmin/ [36m301 [0m1.534 ms - 96[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/sqladmin/ [36m301 [0m1.218 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/sysadmin/ [36m301 [0m1.523 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/web/ [36m301 [0m1.612 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/PMA/ [36m301 [0m1.410 ms - 97[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/admin/ [36m301 [0m1.302 ms - 99[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/db/ [36m301 [0m1.466 ms - 96[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/phpMyAdmin/ [36m301 [0m1.625 ms - 104[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/phpmyadmin/ [36m301 [0m1.781 ms - 104[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/pma/ [36m301 [0m1.277 ms - 97[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/web/ [36m301 [0m1.392 ms - 97[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/database/ [36m301 [0m1.217 ms - 88[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/ [36m301 [0m1.250 ms - 82[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/db-admin/ [36m301 [0m1.349 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/dbadmin/ [36m301 [0m1.240 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/dbweb/ [36m301 [0m1.347 ms - 88[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/myadmin/ [36m301 [0m1.365 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/phpMyAdmin-3/ [36m301 [0m1.257 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/phpMyAdmin/ [36m301 [0m1.304 ms - 93[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/phpMyAdmin3/ [36m301 [0m1.337 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/phpmyadmin/ [36m301 [0m1.280 ms - 93[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/phpmyadmin3/ [36m301 [0m1.217 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/webadmin/ [36m301 [0m1.378 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/webdb/ [36m301 [0m1.600 ms - 88[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/websql/ [36m301 [0m1.321 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/dbadmin/ [36m301 [0m1.367 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/myadmin/ [36m301 [0m1.318 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/myadminphp/ [36m301 [0m1.318 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql-admin/ [36m301 [0m1.464 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/ [36m301 [0m1.254 ms - 85[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/admin/ [36m301 [0m1.270 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/db/ [36m301 [0m1.318 ms - 88[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/dbadmin/ [36m301 [0m1.344 ms - 93[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/mysqlmanager/ [36m301 [0m1.276 ms - 98[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/pMA/ [36m301 [0m1.405 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/pma/ [36m301 [0m1.236 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/sqlmanager/ [36m301 [0m1.212 ms - 96[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/web/ [36m301 [0m1.381 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysqladmin/ [36m301 [0m1.214 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysqlmanager/ [36m301 [0m1.218 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/php-my-admin/ [36m301 [0m1.287 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/php-myadmin/ [36m301 [0m1.315 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin-2/ [36m301 [0m1.199 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin-3/ [36m301 [0m1.183 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin-4/ [36m301 [0m1.218 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin/ [36m301 [0m1.155 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin2/ [36m301 [0m1.231 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin3/ [36m301 [0m1.337 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin4/ [36m301 [0m1.669 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyadmin/ [36m301 [0m1.290 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmanager/ [36m301 [0m1.241 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmy-admin/ [36m301 [0m1.279 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmy/ [36m301 [0m1.503 ms - 85[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyAdmin/ [36m301 [0m1.351 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyadmin/ [36m301 [0m1.400 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyadmin1/ [36m301 [0m1.346 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyadmin2/ [36m301 [0m1.320 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyadmin3/ [36m301 [0m1.317 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyadmin4/ [36m301 [0m1.518 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phppma/ [36m301 [0m1.286 ms - 86[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma/ [36m301 [0m2.188 ms - 83[0m 
[0mGET /brothel [32m200 [0m1198.006 ms - -[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma2011/ [36m301 [0m1.599 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma2012/ [36m301 [0m1.481 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma2013/ [36m301 [0m1.373 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma2014/ [36m301 [0m1.283 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma2015/ [36m301 [0m1.546 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/program/ [36m301 [0m1.324 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/shopdb/ [36m301 [0m1.276 ms - 86[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/myadmin/ [36m301 [0m1.348 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/php-myadmin/ [36m301 [0m1.309 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpMyAdmin/ [36m301 [0m1.907 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpMyAdmin2/ [36m301 [0m1.353 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpMyAdmin3/ [36m301 [0m1.350 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpMyAdmin4/ [36m301 [0m1.431 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpmanager/ [36m301 [0m1.327 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpmy-admin/ [36m301 [0m1.263 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpmyadmin2/ [36m301 [0m1.293 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpmyadmin3/ [36m301 [0m1.213 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpmyadmin4/ [36m301 [0m1.410 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/sql-admin/ [36m301 [0m1.337 ms - 93[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/sql/ [36m301 [0m1.225 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/sqladmin/ [36m301 [0m1.254 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/sqlweb/ [36m301 [0m1.196 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/webadmin/ [36m301 [0m1.336 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/webdb/ [36m301 [0m1.507 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/websql/ [36m301 [0m1.216 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sqlmanager/ [36m301 [0m1.521 ms - 90[0m

fonte

2015-06-07 ChrisRich

+0

Sì, stimerei che alcuni bot passassero solo un elenco di indirizzi IP e provassero cose diverse. Si consiglia di aggiungere una sorta di firewall automatico sulla parte superiore della propria app per eseguire l'autopub degli IP in caso di violazione o qualcosa del genere. –

+0

Ehi, ho trovato gli stessi record nel mio log TomCat. Sembra che questo sia sicuramente qualcuno che cerca di trovare qualcosa ... –

+0

ho anche ricevuto questo dai miei log di elmah – rajeemcariazo

risposta

2

Tali registrazioni sono più probabili da parte di hacker che vogliono eseguire la scansione di un controlpanel amministratore sul server, anche se tali indirizzi IP delle fonti di scansione sono spesso vittime macchina controllata da parte di hacker.

Si consiglia di impostare fail2ban come soluzione. Se hai del tempo libero, puoi anche utilizzare il servizio whois per cercare l'indirizzo email dell'amministratore dell'abuso per l'indirizzo IP che ha scannerizzato il tuo server e inviare un reclamo a loro in modo che possano intraprendere un'azione appropriata sull'indirizzo IP dannoso.

fonte

2017-08-06 16:09:28 weefwefwqg3

Problemi correlati

 Problemi correlati