关于理想

查看数据库,发现新建的网站两天就被暴力破解攻击?

我与9月5日注册了一个域名,9月6日下午就正式上线发布了网站,9月7日就被攻击

写文章的机器是win7,使用的ssh工具是xshell,后面两张图是phpmyadmin。

刚才看了一下日志,妈耶。从9月7日下午的18:39:59到9月7日下午的18:53:30,持续了13分钟31秒,总共1518条登陆失败的记录,有两次是我自己手残输错。平均每秒被暴力破解攻击1.87次。

我们通过ssh登陆【phpmyadmin不够装逼】,ssh命令正好也普及一下

1.     首先我们用cd的命令去数据库文件夹里面看是不行的,尽管在linux里面,任何的数据都是以文件的方式存储,但是能打开frm文件吗,肯定是不行的,不信用vim试试【/滑稽】。

2.     我使用的是,mysql -h localhost -u root -p这条命令。

数据库登陆成功.png

·         解读一下这个语法,mysql命令,以mysql开头,如果你登陆成功之后就默认有mysql>了,不必再输入mysql开头了。

·         mysql -h 就是登陆,不多解释。登陆需要什么呢,不能是任何人都可以登陆吧,首先要验证你的身份。那就需要三样,地址、用户名、密码。我用的是ssh,当然可以直接用localhost的本地地址。

·         -u 的u就是user(s)的意思,-p 的p就是password的意思。就是用户名和密码。我没改默认的root用户,就直接用mysql -h localhost -u root -p,然后回车就好。

·         出现了一个【Enter password:】的提示,我们输入密码。输入密码的过程中,ssh面板是不会显示的,就像我们登陆时输入密码是*****的,在form里面写input,<input type=”hidden” id=”mima” name=”password”>这样一样,他是什么都不显示的。

·         输入成功的话我们就能看到Welcome to the MySQL monitor. Commands end with ; or \g.字样的首行提示【仅mysql】。

·         输入失败的话就是ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES),这就是说,我们在localhost上的root账户的密码输入错误,报错1045,随后我会详细讲解如何使用易记并且相对安全的密码,还有mysql密码的恢复。下图就是输入密码错误的提示。

数据库登陆失败.png

2.     接着,我们使用show databases;这条命令,我们就可以看到所有的数据库了,毕竟root用户嘛。

查看所有数据库.png

3.     再然后,输入use dataName;  dataName就是进入你想进行增删查改的数据库。只要这个表是存在的,我们就可以看到Database changed的提示,就是你进入成功了。这条提示在创建成功的时候也会有。我们这里是选择。

进入要管理数据库.png

4.     进入了之后我们使用show tables;查看这个数据库的所有表单,最上面是Tables_in_dataName的提示,就是说你现在在ssh窗口里看到的是,你刚才进入的表格里面的所有内容。

查看表单.png

5.     这里就有我的登陆失败记录数据表,使用show create table 表单名; 我就可以看到,我的这个表里面记录的简要信息了。我看到AUTO_INCREMENT后面是1520,我记得我是因为手残输错过两次密码,那么其他的1518就是别人干的了。AUTO_INCREMENT就是自增,每失败一次就加一个数。

攻击者攻击记录.jpg

6.     我们切换到phpmyadmin看一下,蓝色的一大片,是因为太过于密集,下面我们可以看到一个箭头一样的黑条。

查看数据库图表.png

7.     其实那是时间线了,从2018-09-07 18:39:59开始,到2018-09-07 18:53:30结束,只不过也是因为过于密集的原因,看起来像是一个箭头一样。我们把需要查询的数值改一下就可以看得清晰了,比如改成10。

合理查看数据库图表.png

8.     对了,我们这里还可以看到她的ip地址是37.139.20.99,来自荷兰。。诶。真的是荷兰么

攻击者IP.png

9.     总结一下吧,不能水文章。

·         网络安全至关重要,试想一下如果他成功的登陆了我的后台,会干什么,不可描述,哦不,是不敢想象。

·         其实被人攻击是好事,至少说明你网站有价值,但是不能证明你网站有价值,要有骄傲的感觉,但是也要心理有点B数。

1.     请不要使用弱口令作为密码,弱口令就是【admin888,123456,qwer1234这些不多举例了】,最好是大写字母A-Z,小写字母a-z,数字0-9,加上各种字符【系统允许的字符,除了/*\$等,这些字符和空格为什么不能是密码,我们随后详细的讲】

2.     更改后台登陆地址对网站进行保护,再给默认后台的目录写一个静态页,给攻击者留个言吧。

3.     关闭mysql的外部链接对mysql进行保护,【update user set host = “localhost” where user = “root” and host= “%”;】,前提是,你要是root用户。

4.     使用密钥对对ssh进行保护,这个在《对比虚拟空间和Windowsserver2008r2,在centos上建立相对安全高效的网站和运行环境》里面有讲。

5.     经常备份文件和数据库或者用shell命令去自动化。

6.     当然防御的其他方法也有很多很多,但是进攻就是为了攻破防御的,该来的始终会来。

·         数据库的命令语法的学习是非常简单的,分类为增改查删,简称CURD。对应的英文是增(create),改(update)查(read)删(delete)牢记:每条命令后面要加一个分号,半角的分号(;)

·         为防止新手踩坑(我也是新手),如果要在windows平台允许ssh工具进行操作mysql,如果你不会用命令,要复制的话,在windows上可以用ctrl+c,但是在ssh里面要用shift+insert进行粘贴【还要更改参数信息】,就是windows上的控制键+光标选择键。其实window上也是可以用ctrl+insert和shift+insert进行复制和粘贴的操作。请慎用linux和ssh工具,比如你可能按到了ctrl+s,就卡住了。其实用ctrl+q是可以解锁的。但是其他的还有很多,千万别乱按windows上你熟悉的快捷键,不会就百度去查。

·         虽然很不原意承认,但是确实存在的是,没有攻破不了的系统。我们平时还是得有良好的习惯,比如数据库就要过一段时间换一次密码,然后把网站的配置文件进行修改。这样也能提高应急处理的能力,让我们对这个系统有更多的认知和熟悉。

·         如果有条件的话,就购买一些插件,也是可以达到有效抵御的目的。总之他们的水平都是有限的,每多一个防御手段,就能挡住不可估量的攻击

·         我并没有给他设访问的限制,反正服务器阿里云的,不怕他消耗我资源,他真想耗我资源,设请求限制也没用。就随他暴力破解吧,我也相信我的密码不会写在他的字典里面,如果有的话,我简单算了一下,粗略的算,他如果从0开始算到我这个密码,要试61亿次左右,如果按照他当前的速度,每秒1.87次,要用3262032085.5秒,除以86000秒/天,需要37755天,再除以365天,他需要104.87年,才能试出来我这个密码。哈哈哈哈。就算是让他每秒1870次,给他提升1000倍,那也要38天。但是我的所有密码都是一星期换一次,一点都不慌。

·         看不懂的问题咨询别人的时候,如果需要截图,记得厚码机密信息

 

 

49 thoughts on “查看数据库,发现新建的网站两天就被暴力破解攻击?

  1. I’m not sure why but this blog is loading very slow for
    me. Is anyone else having this issue or is it a problem on my end?
    I’ll check back later on and see if the problem still exists.

  2. I’m extremely impressed with your writing skills and also with the layout on your weblog.

    Is this a paid theme or did you customize it yourself?
    Either way keep up the excellent quality writing,
    it is rare to see a nice blog like this one today.

  3. My coder is trying to persuade me to move to .net from PHP.

    I have always disliked the idea because of the costs.
    But he’s tryiong none the less. I’ve been using WordPress on a number of websites
    for about a year and am concerned about switching to another platform.
    I have heard great things about blogengine.net.
    Is there a way I can transfer all my wordpress posts
    into it? Any help would be greatly appreciated!

  4. Hello fantastic blog! Does running a blog such as this require a large amount of work?

    I have virtually no expertise in computer programming but I was hoping to start my own blog in the
    near future. Anyways, should you have any ideas or
    tips for new blog owners please share. I know this is off subject nevertheless I simply
    needed to ask. Thanks a lot!

  5. Yesterday, while I was at work, my cousin stole my iPad
    and tested to see if it can survive a 30 foot drop, just so she can be
    a youtube sensation. My apple ipad is now destroyed and she has 83 views.

    I know this is entirely off topic but I had to share it with someone!

  6. What i do not realize is in truth how you’re no longer actually much more smartly-appreciated than you may be now.
    You’re so intelligent. You recognize therefore significantly in terms of this subject, produced me individually believe
    it from numerous varied angles. Its like men and women aren’t fascinated except it’s
    one thing to accomplish with Girl gaga! Your individual stuffs outstanding.

    Always maintain it up!

  7. 数据库被黑,一般都是服务器或者网站存在漏洞,被黑客利用并提权攻击了数据库,包括sql注入都可以攻击数据库,导致网站被篡改,会员数据被篡改,数据库被删,网站被跳转,被挂马等攻击行为。解决办法:如果程序不是很大,可以自己比对以前程序代码的备份文件,然后就是修复,对数据库端口进行安全部署与加固,不对外开放,开启数据库的安全日志,追踪检查攻击者,也可以通过网站安全公司来解决,防止数据库被攻击,国内也就Sinesafe和绿盟等安全公司比较专业.

  8. Do you mind if I quote a few of your posts as long
    as I provide credit and sources back to your webpage? My blog site is in the
    very same area of interest as yours and my visitors would
    definitely benefit from some of the information you present here.
    Please let me know if this okay with you. Thank you!

  9. When I initially commented I clicked the “Notify me when new comments are added” checkbox
    and now each time a comment is added I get several e-mails with the
    same comment. Is there any way you can remove me from that service?
    Cheers!

  10. Fantastic beat ! I would like to apprentice while you amend your website, how could i subscribe for a blog site?

    The account helped me a acceptable deal. I had been a little bit
    acquainted of this your broadcast provided bright clear idea

  11. I’m extremely pleased to find this great site. I wanted to thank
    you for ones time due to this fantastic read!!
    I definitely liked every bit of it and I have you bookmarked to see new stuff in your site.

  12. Excellent post. Keep writing such kind of information on your page.
    Im really impressed by your blog.
    Hey there, You have done a great job. I will definitely digg it and in my view
    recommend to my friends. I am confident they will be benefited from this website.

  13. I think what you typed made a great deal of sense. But, what about
    this? suppose you composed a catchier title? I mean, I don’t wish to tell you how to run your blog,
    but what if you added a title that grabbed people’s attention? I mean 查看数据库,发现新建的网站两天就被暴力破解攻击? – 时间爱人-卢航网-卢航 is kinda
    plain. You could peek at Yahoo’s home page and note how they create post headlines to get viewers interested.
    You might try adding a video or a picture or two to get people interested about everything’ve written. Just my opinion, it might make your posts a little livelier.

  14. Excellent blog! Do you have any hints for aspiring writers?
    I’m planning to start my own blog soon but I’m a little lost on everything.
    Would you advise starting with a free platform like WordPress or go for a paid
    option? There are so many options out there that I’m completely
    confused .. Any tips? Thank you!

  15. fantastic points altogether, you simply gained a emblem new reader.
    What could you recommend about your publish that you simply
    made a few days ago? Any sure?

  16. Magnificent beat ! I would like to apprentice even as you amend your website, how could i subscribe for a blog website?
    The account helped me a acceptable deal. I had been a little bit familiar of this your broadcast offered shiny transparent idea

  17. Do you have a spam problem on this website; I also am a blogger, and I was wondering your situation; many of us have created
    some nice practices and we are looking to trade methods with
    others, please shoot me an email if interested.

  18. Hey! Would you mind if I share your blog with my facebook group?
    There’s a lot of people that I think would really enjoy your content.

    Please let me know. Cheers

  19. Greetings I am so thrilled I found your website, I really found you by
    mistake, while I was browsing on Yahoo for something else,
    Regardless I am here now and would just like to say
    thanks for a tremendous post and a all round interesting blog (I also love the theme/design), I don’t have time
    to read it all at the minute but I have book-marked it and also included your RSS feeds, so when I have time I will be
    back to read more, Please do keep up the excellent
    jo.

发表评论

电子邮件地址不会被公开。 必填项已用*标注

答案 : *
4 + 28 =


返回顶部