我的 Nginx 访问日志中的以下请求(这大约是其中的一半)都是在几分钟内从注册到越南 ISP 的 IP 发出的(我可以提供 IP,但我不确定如果那允许她)。我昨天刚设置好服务器。注意libwww-perl/5.805
用户代理和路径(寻找通用配置文件等)。
我应该担心这一点,还是有那么多机器人扫描 IP,以至于每天都不可避免地要进行这样的扫描?
<some IP in Vietnam> - - [22/May/2013:11:15:44 +0000] "GET /db_config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:45 +0000] "GET /db_conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:45 +0000] "GET /data.inc HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:46 +0000] "GET /dados.inc HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:46 +0000] "GET /conecta.inc HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:47 +0000] "GET /database.inc HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:47 +0000] "GET /banco.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:48 +0000] "GET /mysql.inc HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:48 +0000] "GET /dbsql.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:49 +0000] "GET /sqldb.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:49 +0000] "GET /backup.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:50 +0000] "GET /DB.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:50 +0000] "GET /include/config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:51 +0000] "GET /include/dbconfig.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:51 +0000] "GET /include/conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:52 +0000] "GET /include/connect.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:52 +0000] "GET /include/db.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:53 +0000] "GET /include/conexao.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:53 +0000] "GET /include/configuration.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:54 +0000] "GET /include/application.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:54 +0000] "GET /inc/config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:55 +0000] "GET /inc/dbconfig.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:55 +0000] "GET /inc/conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:56 +0000] "GET /inc/connect.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:56 +0000] "GET /inc/db.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:57 +0000] "GET /inc/conexao.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:57 +0000] "GET /inc/configuration.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:58 +0000] "GET /inc/application.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:58 +0000] "GET /includes/config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:59 +0000] "GET /includes/dbconfig.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:59 +0000] "GET /includes/conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:00 +0000] "GET /includes/connect.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:00 +0000] "GET /includes/db.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:01 +0000] "GET /includes/conexao.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:01 +0000] "GET /includes/configuration.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:02 +0000] "GET /includes/application.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:02 +0000] "GET /application/configs/application.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:03 +0000] "GET /application/configs/config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:03 +0000] "GET /application/configs/dbconfig.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:04 +0000] "GET /application/configs/db.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:04 +0000] "GET /application/configs/connect.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:05 +0000] "GET /application/configs/conexao.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:05 +0000] "GET /application/configs/conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:06 +0000] "GET /application/configs/configuration.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:06 +0000] "GET /application/configs/data.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:07 +0000] "GET /application/configs/banco.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:07 +0000] "GET /application/configs/dbconf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:08 +0000] "GET /configs/application.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:09 +0000] "GET /configs/config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:09 +0000] "GET /configs/dbconfig.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:10 +0000] "GET /configs/db.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:10 +0000] "GET /configs/connect.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:11 +0000] "GET /configs/conexao.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:11 +0000] "GET /configs/conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:12 +0000] "GET /configs/configuration.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:12 +0000] "GET /configs/data.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:13 +0000] "GET /configs/banco.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:13 +0000] "GET /configs/dbconf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
对于暴露在互联网上的任何 IP,您都会得到这样的扫描。这是您应该看到的正常背景噪音的一部分。
可以使用多种工具来限制或禁止 IP 执行此类扫描 - mod_security、iptables、fail2ban 等 - 但通常没有必要。
您的假设是正确的:花费时间(以及所有者的带宽分配)探测漏洞的受感染主机的数量可能达到数百万。从时间戳中可以看出,攻击是自动进行的。
阅读这些攻击可能很有启发性,因为它让您了解正在探测哪些漏洞,但通常它们只是提醒您保持系统补丁和安全。