我们每天都会在 apache 错误日志中获得大量此类信息。
[Wed Oct 17 03:27:37 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/phpmyadmin
[Wed Oct 17 03:27:37 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/phpMyAdmin
[Wed Oct 17 03:27:37 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/pmd
[Wed Oct 17 03:27:37 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/pma
[Wed Oct 17 03:27:37 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/PMA
[Wed Oct 17 03:27:38 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/PMA2
[Wed Oct 17 03:27:38 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/pmamy
[Wed Oct 17 03:27:38 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/pmamy2
[Wed Oct 17 03:27:38 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/mysql
[Wed Oct 17 03:27:38 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/admin
有没有办法:
- 阻止这些被记录?
- 阻止执行此操作的 IP 地址?建立他们的名单来阻止?
这个特定的 IP 有 54 个不同的“戳”。它们来自不同的 IP 地址,所以我不知道该怎么做。
这似乎不是一个好主意:摆脱日志永远不会提高安全性:)
这正是fail2ban 的设计目的。默认情况下,它会暂时阻止此 IP。
也许您正在寻找的解决方案是fail2ban。
来源:https ://www.fail2ban.org/wiki/index.php/Main_Page