挺黑的,nginx抓出来的日志。扫描各种php软件、数据库软件的 setup脚本,一旦被执行到将可能被拖库。
抓取log的方法:
/var/log/nginx#
//查看全部404, 基本都是瞎蒙的
grep '404' *
//特定的zmeu,比较少
grep 'ZmEu' *
1.各种setup.install都要留在/var/www之外才好;或者用完删除
2./var/www子目录必须拒绝直接访问。
50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 97 1.702 "-" "ZmEu" -
50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 97 0.186 "-" "ZmEu" -
50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 97 2.167 "-" "ZmEu" -
50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 97 1.315 "-" "ZmEu" -
50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /pma/scripts/setup.php HTTP/1.1" 404 97 0.927 "-" "ZmEu" -
50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 97 0.553 "-" "ZmEu" -