可能的黑客攻击。如何判断我的数据库是不是已被入侵

Posted

技术标签:

【中文标题】可能的黑客攻击。如何判断我的数据库是不是已被入侵【英文标题】:Possible hacking attempt. How to tell if my db has been compromised可能的黑客攻击。如何判断我的数据库是否已被入侵 【发布时间】:2011-11-25 07:20:48 【问题描述】:

我的日志文件中有以下内容,相隔几秒钟。我假设有些东西试图找到我的数据库或管理页面或其他东西,但我不确定。

我应该为此担心吗?如何判断我的数据库是否已被入侵?

ERROR - 2011-09-23 20:51:42 --> 404 Page Not Found --> muieblackcat
ERROR - 2011-09-23 20:51:46 --> 404 Page Not Found --> PMA
ERROR - 2011-09-23 20:51:46 --> 404 Page Not Found --> admin
ERROR - 2011-09-23 20:51:47 --> 404 Page Not Found --> dbadmin
ERROR - 2011-09-23 20:51:48 --> 404 Page Not Found --> mysql
ERROR - 2011-09-23 20:51:48 --> 404 Page Not Found --> myadmin
ERROR - 2011-09-23 20:51:48 --> 404 Page Not Found --> phpmyadmin2
ERROR - 2011-09-23 20:51:49 --> 404 Page Not Found --> phpMyAdmin2
ERROR - 2011-09-23 20:51:49 --> 404 Page Not Found --> phpMyAdmin-2
ERROR - 2011-09-23 20:51:50 --> 404 Page Not Found --> php-my-admin
ERROR - 2011-09-23 20:51:50 --> 404 Page Not Found --> phpMyAdmin-2.2.3
ERROR - 2011-09-23 20:51:51 --> 404 Page Not Found --> phpMyAdmin-2.2.6
ERROR - 2011-09-23 20:51:52 --> 404 Page Not Found --> phpMyAdmin-2.5.1
ERROR - 2011-09-23 20:51:52 --> 404 Page Not Found --> phpMyAdmin-2.5.4
ERROR - 2011-09-23 20:51:53 --> 404 Page Not Found --> phpMyAdmin-2.5.5-rc1
ERROR - 2011-09-23 20:51:53 --> 404 Page Not Found --> phpMyAdmin-2.5.5-rc2
ERROR - 2011-09-23 20:51:54 --> 404 Page Not Found --> phpMyAdmin-2.5.5
ERROR - 2011-09-23 20:51:54 --> 404 Page Not Found --> phpMyAdmin-2.5.5-pl1
ERROR - 2011-09-23 20:51:55 --> 404 Page Not Found --> phpMyAdmin-2.5.6-rc1
ERROR - 2011-09-23 20:51:58 --> 404 Page Not Found --> phpMyAdmin-2.5.6
ERROR - 2011-09-23 20:51:59 --> 404 Page Not Found --> phpMyAdmin-2.5.7
ERROR - 2011-09-23 20:51:59 --> 404 Page Not Found --> phpMyAdmin-2.5.7-pl1
ERROR - 2011-09-23 20:52:00 --> 404 Page Not Found --> phpMyAdmin-2.6.0-alpha
ERROR - 2011-09-23 20:52:00 --> 404 Page Not Found --> phpMyAdmin-2.6.0-alpha2
ERROR - 2011-09-23 20:52:04 --> 404 Page Not Found --> phpMyAdmin-2.6.0-beta2
ERROR - 2011-09-23 20:52:04 --> 404 Page Not Found --> phpMyAdmin-2.6.0-rc1
ERROR - 2011-09-23 20:52:05 --> 404 Page Not Found --> phpMyAdmin-2.6.0-rc2
ERROR - 2011-09-23 20:52:05 --> 404 Page Not Found --> phpMyAdmin-2.6.0-rc3
ERROR - 2011-09-23 20:52:09 --> 404 Page Not Found --> phpMyAdmin-2.6.0-pl1
ERROR - 2011-09-23 20:52:09 --> 404 Page Not Found --> phpMyAdmin-2.6.0-pl2
ERROR - 2011-09-23 20:52:10 --> 404 Page Not Found --> phpMyAdmin-2.6.0-pl3
ERROR - 2011-09-23 20:52:10 --> 404 Page Not Found --> phpMyAdmin-2.6.1-rc1
ERROR - 2011-09-23 20:52:11 --> 404 Page Not Found --> phpMyAdmin-2.6.1-rc2
ERROR - 2011-09-23 20:52:11 --> 404 Page Not Found --> phpMyAdmin-2.6.1
ERROR - 2011-09-23 20:52:15 --> 404 Page Not Found --> phpMyAdmin-2.6.1-pl2
ERROR - 2011-09-23 20:52:15 --> 404 Page Not Found --> phpMyAdmin-2.6.1-pl3
ERROR - 2011-09-23 20:52:16 --> 404 Page Not Found --> phpMyAdmin-2.6.2-rc1
ERROR - 2011-09-23 20:52:16 --> 404 Page Not Found --> phpMyAdmin-2.6.2-beta1
ERROR - 2011-09-23 20:52:17 --> 404 Page Not Found --> phpMyAdmin-2.6.2-rc1
ERROR - 2011-09-23 20:52:17 --> 404 Page Not Found --> phpMyAdmin-2.6.2
ERROR - 2011-09-23 20:52:18 --> 404 Page Not Found --> phpMyAdmin-2.6.2-pl1
ERROR - 2011-09-23 20:52:18 --> 404 Page Not Found --> phpMyAdmin-2.6.3
ERROR - 2011-09-23 20:52:19 --> 404 Page Not Found --> phpMyAdmin-2.6.3-rc1
ERROR - 2011-09-23 20:52:19 --> 404 Page Not Found --> phpMyAdmin-2.6.3
ERROR - 2011-09-23 20:52:20 --> 404 Page Not Found --> phpMyAdmin-2.6.3-pl1
ERROR - 2011-09-23 20:52:20 --> 404 Page Not Found --> phpMyAdmin-2.6.4-rc1
ERROR - 2011-09-23 20:52:21 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl1
ERROR - 2011-09-23 20:52:21 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl2
ERROR - 2011-09-23 20:52:22 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl3
ERROR - 2011-09-23 20:52:22 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl4
ERROR - 2011-09-23 20:52:23 --> 404 Page Not Found --> phpMyAdmin-2.6.4
ERROR - 2011-09-23 20:52:23 --> 404 Page Not Found --> phpMyAdmin-2.7.0-beta1
ERROR - 2011-09-23 20:52:24 --> 404 Page Not Found --> phpMyAdmin-2.7.0-rc1
ERROR - 2011-09-23 20:52:24 --> 404 Page Not Found --> phpMyAdmin-2.7.0-pl1
ERROR - 2011-09-23 20:52:25 --> 404 Page Not Found --> phpMyAdmin-2.7.0-pl2
ERROR - 2011-09-23 20:52:25 --> 404 Page Not Found --> phpMyAdmin-2.7.0
ERROR - 2011-09-23 20:52:26 --> 404 Page Not Found --> phpMyAdmin-2.8.0-beta1
ERROR - 2011-09-23 20:52:26 --> 404 Page Not Found --> phpMyAdmin-2.8.0-rc1
ERROR - 2011-09-23 20:52:27 --> 404 Page Not Found --> phpMyAdmin-2.8.0-rc2
ERROR - 2011-09-23 20:52:27 --> 404 Page Not Found --> phpMyAdmin-2.8.0
ERROR - 2011-09-23 20:52:28 --> 404 Page Not Found --> phpMyAdmin-2.8.0.1
ERROR - 2011-09-23 20:52:34 --> 404 Page Not Found --> phpMyAdmin-2.8.0.4
ERROR - 2011-09-23 20:52:35 --> 404 Page Not Found --> phpMyAdmin-2.8.1-rc1
ERROR - 2011-09-23 20:52:35 --> 404 Page Not Found --> phpMyAdmin-2.8.1
ERROR - 2011-09-23 20:52:36 --> 404 Page Not Found --> phpMyAdmin-2.8.2
ERROR - 2011-09-23 20:52:36 --> 404 Page Not Found --> sqlmanager
ERROR - 2011-09-23 20:52:38 --> 404 Page Not Found --> mysqlmanager
ERROR - 2011-09-23 20:52:38 --> 404 Page Not Found --> p
ERROR - 2011-09-23 20:52:39 --> 404 Page Not Found --> PMA2005
ERROR - 2011-09-23 20:52:39 --> 404 Page Not Found --> pma2005
ERROR - 2011-09-23 20:52:40 --> 404 Page Not Found --> phpmanager
ERROR - 2011-09-23 20:52:40 --> 404 Page Not Found --> php-myadmin
ERROR - 2011-09-23 20:52:41 --> 404 Page Not Found --> phpmy-admin
ERROR - 2011-09-23 20:52:41 --> 404 Page Not Found --> webadmin
ERROR - 2011-09-23 20:52:42 --> 404 Page Not Found --> sqlweb
ERROR - 2011-09-23 20:52:42 --> 404 Page Not Found --> websql
ERROR - 2011-09-23 20:52:42 --> 404 Page Not Found --> webdb
ERROR - 2011-09-23 20:52:43 --> 404 Page Not Found --> mysqladmin
ERROR - 2011-09-23 20:52:43 --> 404 Page Not Found --> mysql-admin
ERROR - 2011-09-23 20:52:50 --> 404 Page Not Found --> dbadmin
ERROR - 2011-09-23 20:52:50 --> 404 Page Not Found --> myadmin
ERROR - 2011-09-23 20:52:54 --> 404 Page Not Found --> mysqladmin
ERROR - 2011-09-23 20:52:54 --> 404 Page Not Found --> phpadmin
ERROR - 2011-09-23 20:52:55 --> 404 Page Not Found --> phpMyAdmin
ERROR - 2011-09-23 20:52:55 --> 404 Page Not Found --> phpmyadmin
ERROR - 2011-09-23 20:52:56 --> 404 Page Not Found --> phpmyadmin1
ERROR - 2011-09-23 20:52:56 --> 404 Page Not Found --> phpmyadmin2
ERROR - 2011-09-23 20:52:57 --> 404 Page Not Found --> pma
ERROR - 2011-09-23 20:52:57 --> 404 Page Not Found --> databaseadmin
ERROR - 2011-09-23 20:52:58 --> 404 Page Not Found --> admm
ERROR - 2011-09-23 20:52:58 --> 404 Page Not Found --> admn
ERROR - 2011-09-23 20:52:59 --> 404 Page Not Found --> _myadmin
ERROR - 2011-09-23 20:52:59 --> 404 Page Not Found --> phpMyA
ERROR - 2011-09-23 20:53:03 --> 404 Page Not Found --> admin
ERROR - 2011-09-23 20:53:04 --> 404 Page Not Found --> mysql2
ERROR - 2011-09-23 20:53:04 --> 404 Page Not Found --> phpmyadm
ERROR - 2011-09-23 20:53:05 --> 404 Page Not Found --> php1
ERROR - 2011-09-23 20:53:05 --> 404 Page Not Found --> php2
ERROR - 2011-09-23 20:53:09 --> 404 Page Not Found --> sqladm
ERROR - 2011-09-23 20:53:09 --> 404 Page Not Found --> myAdmin
ERROR - 2011-09-23 20:53:10 --> 404 Page Not Found --> pmabd
ERROR - 2011-09-23 20:53:10 --> 404 Page Not Found --> mydb
ERROR - 2011-09-23 20:53:11 --> 404 Page Not Found --> mysql_administrator
ERROR - 2011-09-23 20:53:11 --> 404 Page Not Found --> pma_mydb
ERROR - 2011-09-23 20:53:12 --> 404 Page Not Found --> webmail2
ERROR - 2011-09-23 20:53:12 --> 404 Page Not Found --> myphp
ERROR - 2011-09-23 20:53:16 --> 404 Page Not Found --> phpas
ERROR - 2011-09-23 20:53:16 --> 404 Page Not Found --> _pma
ERROR - 2011-09-23 20:53:17 --> 404 Page Not Found --> /scripts
ERROR - 2011-09-23 20:53:20 --> 404 Page Not Found --> _dbadmin
ERROR - 2011-09-23 20:53:24 --> 404 Page Not Found --> _admin
ERROR - 2011-09-23 20:53:27 --> 404 Page Not Found --> _phpMyAdmin
ERROR - 2011-09-23 20:53:34 --> 404 Page Not Found --> sql
ERROR - 2011-09-23 20:53:34 --> 404 Page Not Found --> _sql
ERROR - 2011-09-23 20:53:35 --> 404 Page Not Found --> my-php
ERROR - 2011-09-23 20:53:35 --> 404 Page Not Found --> My-php

【问题讨论】:

点击是否来自同一个ip?查看该 IP 在日志中是否有任何“200 OK”类型的命中。如果都是 404,他们什么也没找到。如果有 200 个,他们发现了一些东西。 我现在只记录 404 错误。如何在不记录我网站上的每一个 200 OK 点击的情况下记录 200 OK 点击?如果我记录了每一个 ok 的命中,那将是一个庞大的列表需要筛选。 您的网络服务器应该已经在自己的访问日志中记录了命中。 我的服务器的日志文件在哪里? 取决于您的网络服务器和平台。 unix 上的 Apache 往往有 /var/log/httpd 或 /var/log/apache2,但它可以被覆盖并出于多种原因移动到其他地方。您必须查看服务器的配置并自己找出答案。 【参考方案1】:

某些东西(可能是机器人)正在扫描您的网络服务器以查找这些页面,这些页面不存在,因为它们收到 404 错误。扫描很常见——通常是脚本在寻找漏洞。

我们无法判断您的数据库是否已被入侵。虽然您发布的日志内容并不表明您已被入侵,但只是被扫描了。

【讨论】:

不过,看看@Marc B 的关键评论【参考方案2】:

这是查找站点上是否安装了管理 Web 界面的常见尝试。任何网站不时收到此类尝试都是正常的。

如果这是一个流量日志,则此特定尝试根本不会成功,因为所有请求都会导致 HTTP 404。如果这只是错误消息的报告,您应该查看流量日志以查看是否有任何请求来自该 IP 导致了非 404 响应。

不过,仅仅因为这样的尝试会找到它正在寻找的 Web 界面并不意味着它已被黑客入侵。这仅意味着有人知道您正在使用的 Web 界面,并且可以尝试在其中找到安全漏洞。一般来说,如果系统得到适当的更新和修补,这种风险很小。

【讨论】:

以上是关于可能的黑客攻击。如何判断我的数据库是不是已被入侵的主要内容,如果未能解决你的问题,请参考以下文章

解决百度网址安全中心提醒您:该站点可能受到黑客攻击,部分页面已被非法篡改

电脑被黑客入侵

MongoDB 被攻击风波未平,如何避免黑客入侵?

如何通过对网络流量的统计分析,判断是不是有黑客攻击网络

MSsql2000 网站 数据库被黑客新建了几个表,表里面没有数据!

扫描网站数据库以寻找黑客入侵迹象的方法