网上有无数眼睛在黑暗中盯着你的数据,用phpmyadmin(mysql数据库)为例 给你展示现状和应对方法
系统环境:Debian 10,Apache2, MySQL(MariaDB),PHP
先看一下web服务器的日志 /var/log/apache2/access.log 中的一部分
80.99.255.243 - - [04/Feb/2022:09:23:35 +0800] "GET /admin/sqladmin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:36 +0800] "GET /mysql/sqlmanager/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:37 +0800] "GET /phpMyAdmin-4.9.7-english/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:39 +0800] "GET /sql/sqlweb/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:40 +0800] "GET /admin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:41 +0800] "GET /administrator/web/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:42 +0800] "GET /mysql/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:43 +0800] "GET /db/webadmin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:44 +0800] "GET /phpMyAdmin-4/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:45 +0800] "GET /db/phpMyAdmin3/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:46 +0800] "GET /db/dbweb/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:48 +0800] "GET /phpmyadmin2011/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:49 +0800] "GET /phpMyadmin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:50 +0800] "GET /admin/sysadmin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:51 +0800] "GET /pma2015/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:52 +0800] "GET /PMA2017/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:53 +0800] "GET /sql/phpmanager/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:54 +0800] "GET /phpMyAdmin-3/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:55 +0800] "GET /db/phpMyAdmin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:56 +0800] "GET /phpmyadmin_/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:57 +0800] "GET /sql/phpmyadmin4/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:58 +0800] "GET /sql/webdb/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:23:59 +0800] "GET /mysql/sqlmanager/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:01 +0800] "GET /mysql/dbadmin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:04 +0800] "GET /mysql/mysqlmanager/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:05 +0800] "GET /phpMyAdmin-4.9.7/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:06 +0800] "GET /sql/sql-admin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:07 +0800] "GET /phpmyadmin2018/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:08 +0800] "GET /phpmyadmin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:09 +0800] "GET /sqlmanager/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:10 +0800] "GET /phpmyadmin3/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:11 +0800] "GET /sql/sql-admin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:12 +0800] "GET /phpMyAdmin_/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:13 +0800] "GET /mysql/dbadmin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:15 +0800] "GET /php-myadmin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:16 +0800] "GET /myadmin/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:17 +0800] "GET /phpMyAdmin1/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:18 +0800] "GET /PMA2015/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
80.99.255.243 - - [04/Feb/2022:09:24:19 +0800] "GET /phpMyAdmin-5.1.1-english/index.php?lang=en HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
用百度查出 IP:80.99.255.243哪里来的!
可以看到 80.99.255.243 后面的人想进入你的数据库,在短短的44秒里做了39种猜测,希望可以撞对路径,在猜对路径后再会猜用户名和密码;管理MySQL数据库有个常用的web 工具是phpmyadmin,这工具也非常好用,会带来不少方便的工具,经常会被用到,但它的入口也是一个薄弱环节,如果你用默认设置就比较容易被窥视者利用。
下面就修改phpMyAdmin的默认访问路径:
phpmyadmin 默认的入口: http://your-domain-name/phpmyadmin
在目前的环境中(Debian 10,Apache2, MySQL(MariaDB),PHP)
修改 /etc/phpmyadmin/apache.conf 文件中的 Alias /phpmyadmin 部分
# phpMyAdmin default Apache configuration
Alias /phpmyadmin /usr/share/phpmyadmin
比如: Alias /admin-Proj1 /usr/share/phpmyadmin
重启Apache2就可以用 http://your-domain-name/admin-Proj1 访问你的phpmyadmin,这样就可以大的降低被攻击的风险,提高数据安全性。
不同的环境中设置的路径和文件会有所不同,更多环境详见链接