我的/var/log/apache2/error.log一个例子:
[Sun Apr 10 23:33:12 2011] [error] [client 173.242.122.8] Invalid URI in request GET /bin/scripts/../../../../winnt/system32/cmd.exe /c+dir?/c+dir%20c:\\ HTTP/1.0 [Sun Apr 10 23:33:13 2011] [error] [client 173.242.122.8] Invalid URI in request GET /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0 [Sun Apr 10 23:33:13 2011] [error] [client 173.242.122.8] Invalid URI in request GET /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0 [Sun Apr 10 23:33:13 2011] [error] [client 173.242.122.8] File does not exist: /var/www/bin [Sun Apr 10 23:52:20 2011] [error] [client 173.242.122.8] script not found or unable to stat: /usr/lib/cgi-bin/allmanage [Sun Apr 10 23:52:30 2011] [error] [client 173.242.122.8] script not found or unable to stat: /usr/lib/cgi-bin/allmanageup.pl [Sun Apr 10 23:53:02 2011] [error] [client 173.242.122.8] script not found or unable to stat: /usr/lib/cgi-bin/AnyBoard.cgi [Sun Apr 10 23:53:02 2011] [error] [client 173.242.122.8] script not found or unable to stat: /usr/lib/cgi-bin/anyboard.cgi [Sun Apr 10 23:53:03 2011] [error] [client 173.242.122.8] script not found or unable to stat: /usr/lib/cgi-bin/AnyForm [Sun Apr 10 23:53:03 2011] [error] [client 173.242.122.8] script not found or unable to stat: /usr/lib/cgi-bin/AnyForm.cgi [Sun Apr 10 23:53:05 2011] [error] [client 173.242.122.8] script not found or unable to stat: /usr/lib/cgi-bin/AnyForm2
名单不断,这是巨大的 。
我应该采取一些行动呢? 我应该担心吗? 我应该禁止IP吗?
这是一个扫描漏洞的程序。
如果您的网站没有使用易受攻击的框架/博客/ CMS,那么您可能不必过于担心; 如果他们没有find任何东西,那只是浪费资源。 如果尝试的任何URL与您的站点上的URL匹配,那么扫描器已经完成了它的工作 – 而在扫描发生时处于该IP的那个人现在拥有关于如何插入的信息。在扫描期间,检查您的访问日志中是否存在针对该IP的4xx响应。
有趣的是,IP可能在过去的3天内发生了变化……所以在这个时候禁用IP可能不会有太大的好处。 关于保持它们的唯一绝对方法是更新和/或禁用易受攻击的应用程序,和/或closures服务器。