Am doua VPS-uri . Ambele ruleaza docker si container nginx , aditional React respectiv Python.
Doar ce am băgat de seamă că nici unul dintre servere nu mai răspunde. Mă uit în log-urile pentru ngnix și găsesc asta
123.207.210.64 - - [30/Jan/2020:11:36:58 +0000] "GET /muieblackcat HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:36:59 +0000] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:00 +0000] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:06 +0000] "GET //myadmin/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:08 +0000] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:09 +0000] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:10 +0000] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:11 +0000] "GET //mysql/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:13 +0000] "GET //dbadmin/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:15 +0000] "GET //pma/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:16 +0000] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:17 +0000] "GET //mysql HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:18 +0000] "GET //mysql/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:20 +0000] "GET //\xC2\xAC/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:21 +0000] "GET //admin HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:22 +0000] "GET //dbadmin/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:22 +0000] "GET //phpMyAdmin1/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:24 +0000] "GET //pma/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:25 +0000] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:28 +0000] "GET //phpadmin/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:29 +0000] "GET //phpmy/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:30 +0000] "GET //db/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:37:31 +0000] "GET //scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
nu am atașat tot log-ul , dar el continuă
123.207.210.64 - - [30/Jan/2020:11:40:17 +0000] "GET //admin/scripts/setup.sh HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:40:18 +0000] "GET //sql/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
123.207.210.64 - - [30/Jan/2020:11:40:25 +0000] "GET //SQL/scripts/setup.php HTTP/1.1" 301 162 "-" "-" "-"
81.214.130.65 - - [30/Jan/2020:11:42:54 +0000] "{D79E94C5-70F0-46BD-965B-E17497CCB598}" 400 150 "-" "-" "-"
170.233.71.169 - - [30/Jan/2020:12:01:16 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" "-"
93.43.219.6 - - [30/Jan/2020:12:06:02 +0000] "{D79E94C5-70F0-46BD-965B-E17497CCB598}" 400 150 "-" "-" "-"
64.225.2.124 - - [30/Jan/2020:12:20:10 +0000] "GET / HTTP/1.0" 301 162 "-" "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; +info@netcraft.com)" "-"
64.225.2.124 - - [30/Jan/2020:12:20:14 +0000] "GET / HTTP/1.0" 200 2400 "-" "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; +info@netcraft.com)" "-"
80.211.6.136 - - [30/Jan/2020:12:21:11 +0000] "GET / HTTP/1.0" 301 162 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" "-"
45.83.67.154 - - [30/Jan/2020:12:27:00 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0" "-"
74.63.227.26 - - [30/Jan/2020:12:37:35 +0000] "HEAD /robots.txt HTTP/1.0" 301 0 "-" "-" "-"
128.14.209.154 - - [30/Jan/2020:12:41:44 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" "-"
Este prima dată când trăiesc experiența unui atac :D. Este posibil să nu fiu singurul client cloudify afectat ?
Momentat mă documentez, am zis să scriu ceva repede și aici. Aveți experiență cu acest atac?