我有一台带有 apache 的服务器,我最近安装了 mod_security2,因为我受到了很多攻击:
我的 apache 版本是 apache v2.2.3,我使用 mod_security2.c
这是错误日志中的条目:
[Wed Mar 24 02:35:41 2010] [error]
[client 88.191.109.38] client sent HTTP/1.1 request without hostname
(see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Mar 24 02:47:31 2010] [error]
[client 202.75.211.90] client sent HTTP/1.1 request without hostname
(see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Mar 24 02:47:49 2010] [error]
[client 95.228.153.177] client sent HTTP/1.1 request without hostname
(see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Wed Mar 24 02:48:03 2010] [error]
[client 88.191.109.38] client sent HTTP/1.1 request …我正在运行LAMP堆栈,但没有安装phpMyAdmin(是)。在浏览我的 Apache 服务器日志时,我注意到以下内容:
66.184.178.58 - - [16/Mar/2010:13:27:59 +0800] "GET / HTTP/1.1" 200 1170 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
200.78.247.148 - - [16/Mar/2010:15:26:05 +0800] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 506 "-" "-"
206.47.160.224 - - [16/Mar/2010:17:27:57 +0800] "GET / HTTP/1.1" 200 1170 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
190.220.14.195 - - [17/Mar/2010:01:28:02 +0800] "GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 480 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
190.220.14.195 - - [17/Mar/2010:01:28:03 +0800] "GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 476 …