我刚刚在/var/log/apache2/error.log
[Thu May 07 17:12:35.433760 2015] [:error] [pid 3488] [client 190.79.132.215:51660] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:38.066293 2015] [:error] [pid 3471] [client 190.79.132.215:51679] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:43.523091 2015] [:error] [pid 3474] [client 190.204.156.103:59542] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:45.213665 2015] [:error] [pid 3451] [client 190.204.156.103:59568] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:50.660274 2015] [:error] [pid 3472] [client 190.204.156.103:59592] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:51.354739 2015] [:error] [pid 3473] [client 82.8.22.23:49205] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:51.512948 2015] [:error] [pid 3446] [client 82.8.22.23:49206] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:51.669047 2015] [:error] [pid 3488] [client 82.8.22.23:49207] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:51.838961 2015] [:error] [pid 3471] [client 82.8.22.23:49208] script '/var/www/html/r.php' not found or unable to stat
r.php不存在。
此服务器在 LAMP 设置中运行 Ubuntu 14.04。
我以前从未见过这种攻击,我应该为他们担心或以任何方式保护我的系统吗?
看起来有人正在不同端口上扫描您的网站并寻找可能是后门或类似文件的特定文件 ( r.php )。由于该文件不存在,它会引发错误(这很好)......我也会不时看到这种日志条目。
坚持这些关于如何保护 LAMP 的一般答案:保护 LAMP 服务器的提示