服務器日誌文件HEAD請求

Question

我在我的日誌文件中發現了一些我不明白的條目。 除了所有預期的GET請求之外，我發現相當多的HEAD請求，我知道我的應用程序沒有這樣做。

我沒有phpmyadmin，SQL或任何請求安裝在我的服務器上的其他資源（運行Mongo DB的純Node.js應用程序）。

這可能是自動化軟件掃描我的服務器的漏洞嗎？

[0mHEAD http://54.xxx.xxx.xxx:80/2phpmyadmin/ [36m301 [0m2.044 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/3phpmyadmin/ [36m301 [0m1.789 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/4phpmyadmin/ [36m301 [0m1.749 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/MyAdmin/ [36m301 [0m1.770 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA/ [36m301 [0m1.705 ms - 83[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA2011/ [36m301 [0m1.762 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA2012/ [36m301 [0m1.470 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA2013/ [36m301 [0m1.316 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA2014/ [36m301 [0m1.605 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/PMA2015/ [36m301 [0m1.282 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/ [36m301 [0m1.194 ms - 85[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/db/ [36m301 [0m1.307 ms - 88[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/pMA/ [36m301 [0m1.236 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/phpMyAdmin/ [36m301 [0m1.299 ms - 96[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/phpmyadmin/ [36m301 [0m1.534 ms - 96[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/sqladmin/ [36m301 [0m1.218 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/sysadmin/ [36m301 [0m1.523 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/admin/web/ [36m301 [0m1.612 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/PMA/ [36m301 [0m1.410 ms - 97[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/admin/ [36m301 [0m1.302 ms - 99[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/db/ [36m301 [0m1.466 ms - 96[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/phpMyAdmin/ [36m301 [0m1.625 ms - 104[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/phpmyadmin/ [36m301 [0m1.781 ms - 104[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/pma/ [36m301 [0m1.277 ms - 97[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/administrator/web/ [36m301 [0m1.392 ms - 97[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/database/ [36m301 [0m1.217 ms - 88[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/ [36m301 [0m1.250 ms - 82[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/db-admin/ [36m301 [0m1.349 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/dbadmin/ [36m301 [0m1.240 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/dbweb/ [36m301 [0m1.347 ms - 88[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/myadmin/ [36m301 [0m1.365 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/phpMyAdmin-3/ [36m301 [0m1.257 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/phpMyAdmin/ [36m301 [0m1.304 ms - 93[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/phpMyAdmin3/ [36m301 [0m1.337 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/phpmyadmin/ [36m301 [0m1.280 ms - 93[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/phpmyadmin3/ [36m301 [0m1.217 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/webadmin/ [36m301 [0m1.378 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/webdb/ [36m301 [0m1.600 ms - 88[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/db/websql/ [36m301 [0m1.321 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/dbadmin/ [36m301 [0m1.367 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/myadmin/ [36m301 [0m1.318 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/myadminphp/ [36m301 [0m1.318 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql-admin/ [36m301 [0m1.464 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/ [36m301 [0m1.254 ms - 85[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/admin/ [36m301 [0m1.270 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/db/ [36m301 [0m1.318 ms - 88[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/dbadmin/ [36m301 [0m1.344 ms - 93[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/mysqlmanager/ [36m301 [0m1.276 ms - 98[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/pMA/ [36m301 [0m1.405 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/pma/ [36m301 [0m1.236 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/sqlmanager/ [36m301 [0m1.212 ms - 96[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysql/web/ [36m301 [0m1.381 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysqladmin/ [36m301 [0m1.214 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/mysqlmanager/ [36m301 [0m1.218 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/php-my-admin/ [36m301 [0m1.287 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/php-myadmin/ [36m301 [0m1.315 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin-2/ [36m301 [0m1.199 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin-3/ [36m301 [0m1.183 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin-4/ [36m301 [0m1.218 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin/ [36m301 [0m1.155 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin2/ [36m301 [0m1.231 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin3/ [36m301 [0m1.337 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyAdmin4/ [36m301 [0m1.669 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpMyadmin/ [36m301 [0m1.290 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmanager/ [36m301 [0m1.241 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmy-admin/ [36m301 [0m1.279 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmy/ [36m301 [0m1.503 ms - 85[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyAdmin/ [36m301 [0m1.351 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyadmin/ [36m301 [0m1.400 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyadmin1/ [36m301 [0m1.346 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyadmin2/ [36m301 [0m1.320 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyadmin3/ [36m301 [0m1.317 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phpmyadmin4/ [36m301 [0m1.518 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/phppma/ [36m301 [0m1.286 ms - 86[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma/ [36m301 [0m2.188 ms - 83[0m 
[0mGET /brothel [32m200 [0m1198.006 ms - -[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma2011/ [36m301 [0m1.599 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma2012/ [36m301 [0m1.481 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma2013/ [36m301 [0m1.373 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma2014/ [36m301 [0m1.283 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/pma2015/ [36m301 [0m1.546 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/program/ [36m301 [0m1.324 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/shopdb/ [36m301 [0m1.276 ms - 86[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/myadmin/ [36m301 [0m1.348 ms - 91[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/php-myadmin/ [36m301 [0m1.309 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpMyAdmin/ [36m301 [0m1.907 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpMyAdmin2/ [36m301 [0m1.353 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpMyAdmin3/ [36m301 [0m1.350 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpMyAdmin4/ [36m301 [0m1.431 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpmanager/ [36m301 [0m1.327 ms - 94[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpmy-admin/ [36m301 [0m1.263 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpmyadmin2/ [36m301 [0m1.293 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpmyadmin3/ [36m301 [0m1.213 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/phpmyadmin4/ [36m301 [0m1.410 ms - 95[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/sql-admin/ [36m301 [0m1.337 ms - 93[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/sql/ [36m301 [0m1.225 ms - 87[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/sqladmin/ [36m301 [0m1.254 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/sqlweb/ [36m301 [0m1.196 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/webadmin/ [36m301 [0m1.336 ms - 92[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/webdb/ [36m301 [0m1.507 ms - 89[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sql/websql/ [36m301 [0m1.216 ms - 90[0m 
[0mHEAD http://54.xxx.xxx.xxx:80/sqlmanager/ [36m301 [0m1.521 ms - 90[0m 

Answer 1

這些記錄是最有可能從希望掃描您的服務器上管理員ControlPanel控制的黑客，雖然掃描來源的IP地址往往是受害者的機器被黑客控制。

您可能需要將fail2ban設置爲解決方案。如果您有空閒時間，您還可以使用whois服務查找濫用管理員的電子郵件地址，以查找掃描您的服務器的IP地址並向其發送投訴，以便他們對惡意IP地址採取適當的措施。