M
M
Mikhail Serenkov2018-02-25 13:50:18
System administration
Mikhail Serenkov, 2018-02-25 13:50:18

Suspicious requests to the server?

Hello! Help me figure it out, from the very moment the vps server is registered, requests are sent to the server to search for vulnerabilities, requests come from different ip addresses, the hoster's technical support says that these are not their problems, at the moment it is not possible to change the hoster. Tell me how to deal with this?
Requests like:

  • /catalog/?arrFilter_23_2322626082=Y%26amp%3Bset_filter%3DY%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23
  • /phpma/index.php
  • /db/index.php
  • /pmamy2/index.php
  • /scripts/setup.php
  • /sql/scripts/setup.php
  • /webdb/
  • /agSearch/SQLite/main.php
  • /SQLite/main.php
  • /bitrix/cache/js/s1/romza_shinmarket_1.4.0/kernel_main/kernel_main.js?1483711787412009
  • /zabbix/jsrpc.php

Answer the question

In order to leave comments, you need to log in

5 answer(s)
V
vreitech, 2018-02-25
@miserenkov

find out if your software is susceptible to the vulnerabilities that they are trying to find. if it is susceptible - fix it. if not susceptible - wait one week and return to the beginning of the cycle.

D
Dimonchik, 2018-02-25
@dimonchik2013

fail2ban would help, but it looks like you don't have vps
to do anything - change / hide the script

R
res2001, 2018-02-25
@res2001

Everything that you do not put on the Internet will be immediately interrogated / attacked / scanned. And that's okay, it always has been and always will be.
In fact, what you gave as an example is only the high-level part of the attacks on your server - the one that reaches the web server. And if you turn on the firewall logs, you can learn a lot of interesting things about the Internet.
In short - your server is regularly scanned for open ports, attacks are purposefully made on open ports. Surely, in addition to port 80/443, you have another 22 (ssh) open - they regularly break into it with authorization attempts, etc. etc. And all this requires some kind of processing and reaction.

P
Puma Thailand, 2018-02-25
@opium

this is the Internet, hackers scan all hosts for vulnerabilities, this is not your hoster's problem, what should he do then? Take blocking urls and what if you have this software or something else?

C
CityCat4, 2018-02-25
@CityCat4

Score.
These kackers are trying to scan for known holes on your site.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question