ȨÆäÀÌÁö ÇØÅ· ½Ãµµ

   Á¶È¸ 5266   Ãßõ 0    

안녕하세요.
오랜만에 nginx/access.log 를 봤더니 한 IP에서 저희 서버의 취약점을 찾으려고한 흔적을 발견했습니다.
매일 이런 시도가 있긴 한데 보통 주소 몇번 넣어보고 지나가는데 어떤 놈이 툴까지 써서 싹 훑고 갔더라구요
로그내역은 아래와 같습니다.

344 211.63.182.26 - - [07/Oct/2016:15:44:39 +0900] "GET /sql/phpMyAdmin-2.6.0-pl2/main.php HTTP/1.0" 404 162 "-" "-" "-"
345 211.63.182.26 - - [07/Oct/2016:15:44:39 +0900] "GET /sql/phpMyAdmin-2.6.0-pl3/main.php HTTP/1.0" 404 162 "-" "-" "-"
346 211.63.182.26 - - [07/Oct/2016:15:44:39 +0900] "GET /sql/phpMyAdmin-2.6.1-rc1/main.php HTTP/1.0" 404 162 "-" "-" "-"
347 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.1-rc2/main.php HTTP/1.0" 404 162 "-" "-" "-"
348 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.1/main.php HTTP/1.0" 404 162 "-" "-" "-"
349 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.1-pl1/main.php HTTP/1.0" 404 162 "-" "-" "-"
350 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.1-pl2/main.php HTTP/1.0" 404 162 "-" "-" "-"
351 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.1-pl3/main.php HTTP/1.0" 404 162 "-" "-" "-"
352 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.2-rc1/main.php HTTP/1.0" 404 162 "-" "-" "-"
353 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.2-beta1/main.php HTTP/1.0" 404 162 "-" "-" "-"
354 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.2-rc1/main.php HTTP/1.0" 404 162 "-" "-" "-"
355 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.2/main.php HTTP/1.0" 404 162 "-" "-" "-"
356 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.2-pl1/main.php HTTP/1.0" 404 162 "-" "-" "-"
357 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.3/main.php HTTP/1.0" 404 162 "-" "-" "-"
358 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.3-rc1/main.php HTTP/1.0" 404 162 "-" "-" "-"
359 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.3/main.php HTTP/1.0" 404 162 "-" "-" "-"
360 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.3-pl1/main.php HTTP/1.0" 404 162 "-" "-" "-"
361 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.4-rc1/main.php HTTP/1.0" 404 162 "-" "-" "-"
362 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.4-pl1/main.php HTTP/1.0" 404 162 "-" "-" "-"
363 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.4-pl2/main.php HTTP/1.0" 404 162 "-" "-" "-"
364 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.4-pl3/main.php HTTP/1.0" 404 162 "-" "-" "-"
365 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.4-pl4/main.php HTTP/1.0" 404 162 "-" "-" "-"
366 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.6.4/main.php HTTP/1.0" 404 162 "-" "-" "-"
367 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.7.0-beta1/main.php HTTP/1.0" 404 162 "-" "-" "-"
368 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.7.0-rc1/main.php HTTP/1.0" 404 162 "-" "-" "-"
369 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.7.0-pl1/main.php HTTP/1.0" 404 162 "-" "-" "-"
370 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.7.0-pl2/main.php HTTP/1.0" 404 162 "-" "-" "-"
371 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.7.0/main.php HTTP/1.0" 404 162 "-" "-" "-"
372 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.8.0-beta1/main.php HTTP/1.0" 404 162 "-" "-" "-"
373 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.8.0-rc1/main.php HTTP/1.0" 404 162 "-" "-" "-"
374 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.8.0-rc2/main.php HTTP/1.0" 404 162 "-" "-" "-"
375 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.8.0/main.php HTTP/1.0" 404 162 "-" "-" "-"
376 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.8.0.1/main.php HTTP/1.0" 404 162 "-" "-" "-"
377 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.8.0.2/main.php HTTP/1.0" 404 162 "-" "-" "-"
378 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.8.0.3/main.php HTTP/1.0" 404 162 "-" "-" "-"
379 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.8.0.4/main.php HTTP/1.0" 404 162 "-" "-" "-"
380 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.8.1-rc1/main.php HTTP/1.0" 404 162 "-" "-" "-"
381 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.8.1/main.php HTTP/1.0" 404 162 "-" "-" "-"
382 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /sql/phpMyAdmin-2.8.2/main.php HTTP/1.0" 404 162 "-" "-" "-"
383 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/phpmyadmin/main.php HTTP/1.0" 404 162 "-" "-" "-"
384 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/phpMyAdmin/main.php HTTP/1.0" 404 162 "-" "-" "-"
385 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/database/main.php HTTP/1.0" 404 162 "-" "-" "-"
386 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/web/main.php HTTP/1.0" 404 162 "-" "-" "-"
387 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/pMA/main.php HTTP/1.0" 404 162 "-" "-" "-"
388 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/admin/main.php HTTP/1.0" 404 162 "-" "-" "-"
389 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/main.php HTTP/1.0" 404 162 "-" "-" "-"
390 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/databaseadmin/main.php HTTP/1.0" 404 162 "-" "-" "-"
391 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/pMA2006/main.php HTTP/1.0" 404 162 "-" "-" "-"
392 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/pma2006/main.php HTTP/1.0" 404 162 "-" "-" "-"
393 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/databasemanager/main.php HTTP/1.0" 404 162 "-" "-" "-"
394 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/databasemanager/main.php HTTP/1.0" 404 162 "-" "-" "-"
395 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/p/m/a/main.php HTTP/1.0" 404 162 "-" "-" "-"
396 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/pMA2005/main.php HTTP/1.0" 404 162 "-" "-" "-"
397 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/pma2005/main.php HTTP/1.0" 404 162 "-" "-" "-"
398 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/phpmanager/main.php HTTP/1.0" 404 162 "-" "-" "-"
399 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/php-myadmin/main.php HTTP/1.0" 404 162 "-" "-" "-"
400 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/phpmy-admin/main.php HTTP/1.0" 404 162 "-" "-" "-"
401 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/database/main.php HTTP/1.0" 404 162 "-" "-" "-"
402 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/myadmin/main.php HTTP/1.0" 404 162 "-" "-" "-"
403 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/webadmin/main.php HTTP/1.0" 404 162 "-" "-" "-"
404 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/databaseweb/main.php HTTP/1.0" 404 162 "-" "-" "-"
405 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/websql/main.php HTTP/1.0" 404 162 "-" "-" "-"
406 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/webdb/main.php HTTP/1.0" 404 162 "-" "-" "-"
407 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/databaseadmin/main.php HTTP/1.0" 404 162 "-" "-" "-"
408 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/database-admin/main.php HTTP/1.0" 404 162 "-" "-" "-"
409 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/phpmyadmin2/main.php HTTP/1.0" 404 162 "-" "-" "-"
410 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/phpMyAdmin2/main.php HTTP/1.0" 404 162 "-" "-" "-"
411 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/phpMyAdmin-2/main.php HTTP/1.0" 404 162 "-" "-" "-"
412 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/php-my-admin/main.php HTTP/1.0" 404 162 "-" "-" "-"
413 211.63.182.26 - - [07/Oct/2016:15:44:40 +0900] "GET /database/phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 162 "-" "-" "-"

이런식으로 phpmyadmin 페이지를 찾으려고 한 흔적이 있습니다.
로그를 보며 의아했던점은, 초당 수십번의 체크를 하고 갔다는 겁니다.
7초만에 650개의 주소를 훑고 갔습니다.
IDC에서 기본적으로 제공하는 IDS도 있고 따로 신청한 IPS도 있고 서버에선 firewalld도 켜져있는데
초당 수십회의 액세스를 시도하는 IP에 대해 어떠한 차단조치가 이루어지지 않은것이 충격적이었습니다.
제가 보안쪽엔 지식이 미천한 관계로 위와 같은 비정상적인 접근(초당 수회 액세스등)을 차단하기 위해선 어떠한 조치를 취할 수 있는지 조언좀 부탁드리겠습니다.

phpmyadmin의 설치경로는 절대 유추할 수 없도록 디렉토리 이름을 변경해두었기 때문에 털리지 않을 수 있었습니다만 등골이 오싹하네요.

ªÀº±Û Àϼö·Ï ½ÅÁßÇÏ°Ô.
µµ¿ì¸® 2016-10
¾ÆÂü ±×¸®°í IPÁ¶È¸Çغ¸´Ï Çѱ¹ IP¿´½À´Ï´Ù... KT IP´øµ¥ ´Ü¼øÈ÷ Àú·± ½Ãµµ¸¸À¸·Ð ¾î¶² ½Å°íµµ ÇÒ ¼ö ¾ø°ÚÁÒ? ÀâÀ¸¸é ºÐ¸í ³ª»Û³ðÀÏÅÙµ¥ ¸»ÀÔ´Ï´Ù..
     
¾Æ¸¶ ÇìÅ·´çÇÑ ÄÄÀ̳ª ½á¹öÀÏ È®·üÀÌ Å®´Ï´Ù... °Å±â¿¡´Ù°¡ ÅøÀ» ½É¾î³õ°í ¾²´Â°ÅÁÒ...

¾Æ·¡ ¿¡ºê¸®ÇÏ·ç´Ô ¸»¾¸Ã³·³ ¾È¶Õ¸®¸é ‹¯ÀÔ´Ï´Ù... ½Ãµµ¾ß ¹«Áö¸·ÁöÇÏ°Ô µé¾î¿ÀÁÒ... ÀڽŸ¸¾²´Â ¿ëµµ·Î ¿­¾î³õÀº°ÍÀ̶ó¸é ±âº»Æ÷Æ®¸¦ ¾È¾²°í ´Ù¸¥Æ÷Æ®¸¦ ¾²¸é ½Ãµµ°¡ °ÅÀÇ ¾ø¾îÁý´Ï´Ù... ÇÏÁö¸¸ ²À¿­¾î³õ¾Æ¾ßÇϴ°ÍÀ̶ó¸é ´Ù¸¥ ¿©·¯°¡Áö ÅøµéÀ» ½á¼­ Àß º¸¾ÈÇؾßÁÒ...

¼³¸¶ Àú·±ÁþÀ» ¼öµ¿À¸·Î ÇÒ¸®´Â ¾ø°í botÀ» ½É¾î³õÀ¸¸é ±×³É ÀÚµ¿À¸·Î ¿©±âÀú±â ip¸¦ Äf°íÁö³ª°¡´Âµ¥ °¡´Ù°¡ ¶Õ¸°°÷ÀÌ ÀÖÀ¸¸é Á÷½Î°Ô Âï¾îº¸´Â°ÅÁÒ... ±×·¡¼­ sshµµ root°èÁ¤À» ¿­¾î³õÀ¸¸é ¾ÈµÇ´Â°Å°í... admin, administrator µîµîÀÇ ¾ÆÀ̵𵵠¾²Áö ¾Ê´Â°Ô ÁÁÁö¿ä...
Everyharu 2016-10
¿ø·¡ ¾îµð´øÁö ¸¹ÀÌ µé¾î¿É´Ï´Ù Àú±â¿¡ ¾ÈÅи®´Â°Ô Áß¿äÇÑ°Ì´Ï´Ù
     
µµ¿ì¸® 2016-10
³× »ç½Ç ¾ÈÅи®±â¸¸ Çϸé À嶯ÀÌÁÒ ¤¾¤¾
±Ùµ¥ ÀϹÝÀûÀÎ °æ¿ì¶ó¸é Àú·¸°Ô ÃÊ´ç ¼ö½Êȸ µé¾î¿Ã ÀÏÀÌ ¾øÀ»°Å¶ó »ý°¢µÇ´Ï ÀÌ¿ÕÀ̸é Â÷´Ü±îÁö ÇØÁÖ´Â°Ô ´õ¿í ¾ÈÀüÇÒ °Í °°¾Æ¼­¿ä..
´Ù¸¥ ºÐµéÀº ´Ù ±×·± ¼³Á¤ ÇÏ½Ã°í ¾²½Ç°Í °°¾Æ¼­ Çѹø ¿©ÂåºÃ¾î¿ä^^;
izegtob 2016-10
±×³É apache ÀÚü¿¡¼­ Àú´Â phpmyadminÀÇ Á¢¼Ó °¡´ÉÇÑ ip¸¦ Á¦ÇÑÇص׽À´Ï´Ù

Á¦ ÄÄÅÍ , ³ëÆ®ºÏ, Æù ¸¸ Á¢¼Ó °¡´ÉÇÏ°Ô.... (¹°·Ð ³»ºÎ¿¡¼­¸¸)

ÀÌ¿Ü¿¡µµ ´Ù¸¥ º¸¾È ¾î¼±¸ µîµî ¸¹ÀÌ Çسù±äÇߴµ¥ ±â¾ïÀÌ ¾È³ª³×¿ä
¿©Æ° Àú´Â Çѹøµµ ÇØÅ· ½ÃµµÁ¶Â÷ ´çÇÑÀûÀÌ ¾ø½À´Ï´Ù....
     
µµ¿ì¸® 2016-10
³Ü Àúµµ ÀÏ´Ü IP whitelist´Â ±âº»ÀûÀ¸·Î °É¾î³ö¾ßÇÒ°Í °°½À´Ï´Ù ¤¾¤¾
µµ¿ì¸® 2016-10
±¸±Û¸µÇغÁµµ ¿ø·¡ ÀÎÅͳÝÀ̶õ ±×·±°Å´Ù 404ÆäÀÌÁö Æ®·¡ÇÈÀº ÀüÇô ºÎ´ãµÇÁö ¾Ê´Â´Ù ½Å°æ¾²Áö ¸¶¶õ ¸»ÀÌ ´ëºÎºÐÀε¥ Àç¹Ì³­ ¹æ¹ýÀÌ ¸î°³ º¸¿©¼­ °øÀ¯Â÷¿ø¿¡¼­ Àû¾îº¾´Ï´Ù.

1. 404 ¿¡·¯ÆäÀÌÁö ´ë½Å °£´ÜÇÑ ÆäÀÌÁö¸¦ º¸¿©Áà¶ó. - ÇØÄ¿°¡ »ç¿ëÇÏ´Â ½ºÄ³´× ÅøÀÌ Ã£Àº°ÍÀ¸·Î ¿ÀÀÎÇؼ­ ÇØÄ¿°¡ ÀÏÀÏÈ÷ È®ÀÎÇÒ¼ö ¹Û¿¡ ¾øµµ·Ï ¸¸µç´Ù.
2. 404 ¿¡·¯ÆäÀÌÁö ´ë½Å phpmyadmin°ú µ¿ÀÏÇÑ °¡Â¥ È­¸éÀ» º¸¿©Áà¶ó - °¡Â¥ÆäÀÌÁöÀ롃 ¸ð¸£°í ÇÑÂü »ðÁúÇÒ °ÍÀÌ´Ù.
3. fail2ban ÀÌ¿ë - ftp, ssh º¸È£¸¦ À§ÇØ fail2ban À» »ç¿ëÁßÀ̾ú´Âµ¥ ÀÌ°Ô À¥¼­¹öµµ ÀÛµ¿ÇϳªºÁ¿ä. ´ë½Å Á¤±Ô½ÄÀ» ½á¼­ Á¶°Ç¼³Á¤ÇؾßÇϴµí.
4. ÀÚ½ÅÀ» ¾×¼¼½ºÇÑ IP¸¦ Â÷´ÜÇÏ´Â ½ºÅ©¸³Æ® ÆÄÀÏÀ» phpmyadmin/index.php ¶Ç´Â main.php °°Àº À̸§À¸·Î ³öµÎ´Â°Í. ÀåÁ¡: ¸Å¹ø ·Î±×¸¦ »ìÆ캸´À¶ó ¸®¼Ò½º°¡ ³¶ºñµÇ´Â fail2ban¿Í ´Ù¸£°Ô ¸®¼Ò½º ³¶ºñ ¾øÀ½. ´ÜÁ¡: ÇØ´ç ÆÄÀÏ ÇÇÇØ°¥°æ¿ì µµ¿ò¾ÈµÊ. - Ç㳪 phpmyadmin µð·ºÅ丮´Â Á¦ÀÏ ±âº»ÀûÀ¸·Î µÚÁö´Â °÷À̶ó ¾È°É¸±¼ö´Â ¾øÀ»°Å¶ó...

1,2¹ø »ç¿ë½Ã ÇØÄ¿°¡ ¿­¹ÞÀ» ¼ö ÀÖ°í ¼öµ¿À¸·Î È®ÀÎÇϸ鼭 ´õ ÀÚ¼¼È÷ µé¿©´Ùº¸±â ¶§¹®¿¡ ¿ªÈ¿°ú°¡ ¹ß»ýÇÒ ¼ö ÀÖÀ¸´Ï 4¹øÀ¸·Î Àû¿ëÇÏ·ÁÇÕ´Ï´Ù.
     
2¹ø¿¡¼­ Å©°Ô ¿ô°í°©´Ï´Ù. ÇÏÇÏ


QnA
Á¦¸ñPage 3109/5682
2014-05   4953496   Á¤ÀºÁØ1
2015-12   1489972   ¹é¸Þ°¡
2008-02   5264   ¹æÈ¿¹®
2013-03   5264   shuni
2007-07   5265   ³²±ÃÀϳ²
2015-05   5265   »Ú»ß
2006-08   5265   ¹ÚÁ¾´ë
2014-01   5265   À©µµ¿ì10
2006-08   5265   Â÷Çõ±Ù
2017-05   5265   astral
2006-01   5265   ÃÖ¿µÃ¶
2006-08   5265   ±èµÎÈ«
2016-05   5265   Landa
2008-04   5265   ³²°æ¸²
2016-07   5265   blueGEE
2013-07   5265   ±èÁØÀ¯
2006-04   5265   ±èÁ¾ÅÂ
2015-06   5265   ½Öcpu
2005-10   5265   ±èÁøÀÏ
2012-02   5265   ÀÌÁöÆ÷Åä
2016-04   5265   °¡ºñ
2005-12   5265   ¹èÁ¤ÇÑ