OpenSSH 漏洞 [重复]

Question

orokusaki

Asked: 2013-05-23 06:51:47 +0800 CST2013-05-23 06:51:47 +0800 CST 2013-05-23 06:51:47 +0800 CST

我应该担心在我的日志中看到这个吗？

772

我的 Nginx 访问日志中的以下请求（这大约是其中的一半）都是在几分钟内从注册到越南 ISP 的 IP 发出的（我可以提供 IP，但我不确定如果那允许她）。我昨天刚设置好服务器。注意libwww-perl/5.805用户代理和路径（寻找通用配置文件等）。

我应该担心这一点，还是有那么多机器人扫描 IP，以至于每天都不可避免地要进行这样的扫描？

<some IP in Vietnam> - - [22/May/2013:11:15:44 +0000] "GET /db_config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:45 +0000] "GET /db_conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:45 +0000] "GET /data.inc HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:46 +0000] "GET /dados.inc HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:46 +0000] "GET /conecta.inc HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:47 +0000] "GET /database.inc HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:47 +0000] "GET /banco.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:48 +0000] "GET /mysql.inc HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:48 +0000] "GET /dbsql.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:49 +0000] "GET /sqldb.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:49 +0000] "GET /backup.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:50 +0000] "GET /DB.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:50 +0000] "GET /include/config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:51 +0000] "GET /include/dbconfig.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:51 +0000] "GET /include/conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:52 +0000] "GET /include/connect.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:52 +0000] "GET /include/db.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:53 +0000] "GET /include/conexao.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:53 +0000] "GET /include/configuration.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:54 +0000] "GET /include/application.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:54 +0000] "GET /inc/config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:55 +0000] "GET /inc/dbconfig.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:55 +0000] "GET /inc/conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:56 +0000] "GET /inc/connect.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:56 +0000] "GET /inc/db.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:57 +0000] "GET /inc/conexao.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:57 +0000] "GET /inc/configuration.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:58 +0000] "GET /inc/application.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:58 +0000] "GET /includes/config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:59 +0000] "GET /includes/dbconfig.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:15:59 +0000] "GET /includes/conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:00 +0000] "GET /includes/connect.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:00 +0000] "GET /includes/db.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:01 +0000] "GET /includes/conexao.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:01 +0000] "GET /includes/configuration.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:02 +0000] "GET /includes/application.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:02 +0000] "GET /application/configs/application.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:03 +0000] "GET /application/configs/config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:03 +0000] "GET /application/configs/dbconfig.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:04 +0000] "GET /application/configs/db.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:04 +0000] "GET /application/configs/connect.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:05 +0000] "GET /application/configs/conexao.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:05 +0000] "GET /application/configs/conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:06 +0000] "GET /application/configs/configuration.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:06 +0000] "GET /application/configs/data.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:07 +0000] "GET /application/configs/banco.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:07 +0000] "GET /application/configs/dbconf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:08 +0000] "GET /configs/application.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:09 +0000] "GET /configs/config.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:09 +0000] "GET /configs/dbconfig.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:10 +0000] "GET /configs/db.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:10 +0000] "GET /configs/connect.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:11 +0000] "GET /configs/conexao.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:11 +0000] "GET /configs/conf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:12 +0000] "GET /configs/configuration.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:12 +0000] "GET /configs/data.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:13 +0000] "GET /configs/banco.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"
<some IP in Vietnam> - - [22/May/2013:11:16:13 +0000] "GET /configs/dbconf.ini HTTP/1.1" 502 166 "-" "libwww-perl/5.805"

2 个回答

Voted

ceejayoz · Answer 1 · 2013-05-23T06:55:38+08:00

Best Answer

ceejayoz

2013-05-23T06:55:38+08:002013-05-23T06:55:38+08:00

对于暴露在互联网上的任何 IP，您都会得到这样的扫描。这是您应该看到的正常背景噪音的一部分。

可以使用多种工具来限制或禁止 IP 执行此类扫描 - mod_security、iptables、fail2ban 等 - 但通常没有必要。

3

Flup · Answer 2 · 2013-05-23T06:57:45+08:00

Flup

2013-05-23T06:57:45+08:002013-05-23T06:57:45+08:00

您的假设是正确的：花费时间（以及所有者的带宽分配）探测漏洞的受感染主机的数量可能达到数百万。从时间戳中可以看出，攻击是自动进行的。

阅读这些攻击可能很有启发性，因为它让您了解正在探测哪些漏洞，但通常它们只是提醒您保持系统补丁和安全。

1

我应该担心在我的日志中看到这个吗？

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

我应该担心在我的日志中看到这个吗？

2 个回答

相关问题