在大多数服务器攻击中,都是找web程序中的bug或者是不良的习惯,达到攻击目的。比如程序的注入漏洞,软件的本身漏洞,如phpmyadmin,不良习惯比如说把网站的备份放到网站根目录。都很容易才出来。
先来截取下我服务器中的部分错误日志:
[Thu Jun 09 17:30:31 2011] [error] [client 114.228.105.189] File does not exist: /var/www/nq/wp/fckeditor
FCKeditor 是一个十分强大的网页文本编辑器,它支持多种脚本编程语言,据我所知这玩意儿是有漏洞滴
[Thu Jun 09 21:15:57 2011] [error] [client 125.90.64.243] File does not exist: /var/www/nq/wp/wyeymirserver.rar
[Thu Jun 09 21:16:06 2011] [error] [client 125.90.64.243] File does not exist: /var/www/nq/wp/mirserver.rar
[Thu Jun 09 21:16:07 2011] [error] [client 125.90.64.243] File does not exist: /var/www/nq/wp/mirserver.rar
[Thu Jun 09 21:16:07 2011] [error] [client 125.90.64.243] File does not exist: /var/www/nq/wp/buptCmirserver.rar
[Thu Jun 09 21:16:07 2011] [error] [client 125.90.64.243] File does not exist: /var/www/nq/wp/Cmirserver.rar
[Thu Jun 09 21:16:07 2011] [error] [client 125.90.64.243] File does not exist: /var/www/nq/wp/Cmirserver.rar
[Thu Jun 09 21:16:07 2011] [error] [client 125.90.64.243] File does not exist: /var/www/nq/wp/algawolserver.rar
[Thu Jun 09 21:16:07 2011] [error] [client 125.90.64.243] File does not exist: /var/www/nq/wp/wolserver.rar
[Thu Jun 09 21:16:10 2011] [error] [client 125.90.64.243] File does not exist: /var/www/nq/wp/wolserver.rar
这就是由于不良习惯的备份,放到网站根目录,黑客就会猜测你的备份名称,下载下来直接找漏洞,并且mysql数据库密码明显的暴露出来。给提权打开了大门。
[Thu Sep 01 00:07:38 2011] [error] [client 176.9.9.156] File does not exist: /var/www/nq/wp/robots.txt
[Thu Sep 01 00:18:20 2011] [error] [client 206.113.193.50] File does not exist: /var/www/nq/wp/robots.txt
[Thu Sep 01 00:24:25 2011] [error] [client 123.125.71.95] File does not exist: /var/www/nq/wp/apacheguide
[Thu Sep 01 00:25:36 2011] [error] [client 123.126.50.71] File does not exist: /var/www/nq/wp/apacheguide
[Thu Sep 01 02:08:13 2011] [error] [client 66.249.71.12] File does not exist: /var/www/nq/wp/robots.txt
[Thu Sep 01 02:17:45 2011] [error] [client 65.52.108.12] File does not exist: /var/www/nq/wp/robots.txt
[Thu Sep 01 02:25:06 2011] [error] [client 122.224.49.106] File does not exist: /var/www/nq/wp/hbcxmirserver.rar
[Thu Sep 01 02:25:06 2011] [error] [client 122.224.49.106] File does not exist: /var/www/nq/wp/mirserver.rar
[Thu Sep 01 02:25:07 2011] [error] [client 122.224.49.106] File does not exist: /var/www/nq/wp/mirserver.rar
[Thu Sep 01 02:58:45 2011] [error] [client 209.249.53.32] File does not exist: /var/www/nq/wp/robots.txt
[Thu Sep 01 03:28:18 2011] [error] [client 202.160.189.232] File does not exist: /var/www/nq/wp/robots.txt
[Thu Sep 01 03:44:57 2011] [error] [client 157.55.116.45] File does not exist: /var/www/nq/wp/robots.txt
其次说一下robots.txt这个文件,它是用于对于搜索引擎而出现的一个标准,表明了哪些搜索引擎可以爬行本网站,而且可以定义可以爬行哪些url路径,这个文件位于网站的根目录下,一般来说我们是不希望搜索引擎会收录我们的后台登陆地址,那么就会在此添加禁止搜索引擎收录某个url,同时,如果说黑客把robots.txt直接在url中键入,那么规则就显示出来了,后台地址就暴露了。又是双刃剑···
再比如说常见的,黑客会去猜测phpmyadmin的路径,进一步攻击。
所以常看日志(apache日志、secure日志、maillog 等),还是能学到很多的。
原创文章,转载请注明。本文链接地址: https://www.rootop.org/pages/976.html