关于理想

查看数据库,发现新建的网站两天就被暴力破解攻击?

我与9月5日注册了一个域名,9月6日下午就正式上线发布了网站,9月7日就被攻击

写文章的机器是win7,使用的ssh工具是xshell,后面两张图是phpmyadmin。

刚才看了一下日志,妈耶。从9月7日下午的18:39:59到9月7日下午的18:53:30,持续了13分钟31秒,总共1518条登陆失败的记录,有两次是我自己手残输错。平均每秒被暴力破解攻击1.87次。

我们通过ssh登陆【phpmyadmin不够装逼】,ssh命令正好也普及一下

1.     首先我们用cd的命令去数据库文件夹里面看是不行的,尽管在linux里面,任何的数据都是以文件的方式存储,但是能打开frm文件吗,肯定是不行的,不信用vim试试【/滑稽】。

2.     我使用的是,mysql -h localhost -u root -p这条命令。

数据库登陆成功.png

·         解读一下这个语法,mysql命令,以mysql开头,如果你登陆成功之后就默认有mysql>了,不必再输入mysql开头了。

·         mysql -h 就是登陆,不多解释。登陆需要什么呢,不能是任何人都可以登陆吧,首先要验证你的身份。那就需要三样,地址、用户名、密码。我用的是ssh,当然可以直接用localhost的本地地址。

·         -u 的u就是user(s)的意思,-p 的p就是password的意思。就是用户名和密码。我没改默认的root用户,就直接用mysql -h localhost -u root -p,然后回车就好。

·         出现了一个【Enter password:】的提示,我们输入密码。输入密码的过程中,ssh面板是不会显示的,就像我们登陆时输入密码是*****的,在form里面写input,<input type=”hidden” id=”mima” name=”password”>这样一样,他是什么都不显示的。

·         输入成功的话我们就能看到Welcome to the MySQL monitor. Commands end with ; or \g.字样的首行提示【仅mysql】。

·         输入失败的话就是ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES),这就是说,我们在localhost上的root账户的密码输入错误,报错1045,随后我会详细讲解如何使用易记并且相对安全的密码,还有mysql密码的恢复。下图就是输入密码错误的提示。

数据库登陆失败.png

2.     接着,我们使用show databases;这条命令,我们就可以看到所有的数据库了,毕竟root用户嘛。

查看所有数据库.png

3.     再然后,输入use dataName;  dataName就是进入你想进行增删查改的数据库。只要这个表是存在的,我们就可以看到Database changed的提示,就是你进入成功了。这条提示在创建成功的时候也会有。我们这里是选择。

进入要管理数据库.png

4.     进入了之后我们使用show tables;查看这个数据库的所有表单,最上面是Tables_in_dataName的提示,就是说你现在在ssh窗口里看到的是,你刚才进入的表格里面的所有内容。

查看表单.png

5.     这里就有我的登陆失败记录数据表,使用show create table 表单名; 我就可以看到,我的这个表里面记录的简要信息了。我看到AUTO_INCREMENT后面是1520,我记得我是因为手残输错过两次密码,那么其他的1518就是别人干的了。AUTO_INCREMENT就是自增,每失败一次就加一个数。

攻击者攻击记录.jpg

6.     我们切换到phpmyadmin看一下,蓝色的一大片,是因为太过于密集,下面我们可以看到一个箭头一样的黑条。

查看数据库图表.png

7.     其实那是时间线了,从2018-09-07 18:39:59开始,到2018-09-07 18:53:30结束,只不过也是因为过于密集的原因,看起来像是一个箭头一样。我们把需要查询的数值改一下就可以看得清晰了,比如改成10。

合理查看数据库图表.png

8.     对了,我们这里还可以看到她的ip地址是37.139.20.99,来自荷兰。。诶。真的是荷兰么

攻击者IP.png

9.     总结一下吧,不能水文章。

·         网络安全至关重要,试想一下如果他成功的登陆了我的后台,会干什么,不可描述,哦不,是不敢想象。

·         其实被人攻击是好事,至少说明你网站有价值,但是不能证明你网站有价值,要有骄傲的感觉,但是也要心理有点B数。

1.     请不要使用弱口令作为密码,弱口令就是【admin888,123456,qwer1234这些不多举例了】,最好是大写字母A-Z,小写字母a-z,数字0-9,加上各种字符【系统允许的字符,除了/*\$等,这些字符和空格为什么不能是密码,我们随后详细的讲】

2.     更改后台登陆地址对网站进行保护,再给默认后台的目录写一个静态页,给攻击者留个言吧。

3.     关闭mysql的外部链接对mysql进行保护,【update user set host = “localhost” where user = “root” and host= “%”;】,前提是,你要是root用户。

4.     使用密钥对对ssh进行保护,这个在《对比虚拟空间和Windowsserver2008r2,在centos上建立相对安全高效的网站和运行环境》里面有讲。

5.     经常备份文件和数据库或者用shell命令去自动化。

6.     当然防御的其他方法也有很多很多,但是进攻就是为了攻破防御的,该来的始终会来。

·         数据库的命令语法的学习是非常简单的,分类为增改查删,简称CURD。对应的英文是增(create),改(update)查(read)删(delete)牢记:每条命令后面要加一个分号,半角的分号(;)

·         为防止新手踩坑(我也是新手),如果要在windows平台允许ssh工具进行操作mysql,如果你不会用命令,要复制的话,在windows上可以用ctrl+c,但是在ssh里面要用shift+insert进行粘贴【还要更改参数信息】,就是windows上的控制键+光标选择键。其实window上也是可以用ctrl+insert和shift+insert进行复制和粘贴的操作。请慎用linux和ssh工具,比如你可能按到了ctrl+s,就卡住了。其实用ctrl+q是可以解锁的。但是其他的还有很多,千万别乱按windows上你熟悉的快捷键,不会就百度去查。

·         虽然很不原意承认,但是确实存在的是,没有攻破不了的系统。我们平时还是得有良好的习惯,比如数据库就要过一段时间换一次密码,然后把网站的配置文件进行修改。这样也能提高应急处理的能力,让我们对这个系统有更多的认知和熟悉。

·         如果有条件的话,就购买一些插件,也是可以达到有效抵御的目的。总之他们的水平都是有限的,每多一个防御手段,就能挡住不可估量的攻击

·         我并没有给他设访问的限制,反正服务器阿里云的,不怕他消耗我资源,他真想耗我资源,设请求限制也没用。就随他暴力破解吧,我也相信我的密码不会写在他的字典里面,如果有的话,我简单算了一下,粗略的算,他如果从0开始算到我这个密码,要试61亿次左右,如果按照他当前的速度,每秒1.87次,要用3262032085.5秒,除以86000秒/天,需要37755天,再除以365天,他需要104.87年,才能试出来我这个密码。哈哈哈哈。就算是让他每秒1870次,给他提升1000倍,那也要38天。但是我的所有密码都是一星期换一次,一点都不慌。

·         看不懂的问题咨询别人的时候,如果需要截图,记得厚码机密信息

 

 

837 thoughts on “查看数据库,发现新建的网站两天就被暴力破解攻击?

  1. Very nice post. I just stumbled upon your weblog and wanted to say
    that I have really enjoyed browsing your blog posts. After all I will be subscribing
    to your feed and I hope you write again very soon!

  2. magnificent issues altogether, you just received a brand new reader.
    What might you suggest about your publish that you simply made a few days in the past?

    Any sure?

  3. I’m really inspired along with your writing skills as smartly as with the
    layout for your weblog. Is that this a paid subject matter or did you
    modify it yourself? Anyway stay up the nice high quality writing, it
    is rare to peer a nice weblog like this one these days..

  4. You really make it appear really easy along with your presentation but I
    in finding this topic to be really something that I believe I’d by no means
    understand. It sort of feels too complex and very wide for me.
    I am looking forward to your next put up, I’ll attempt to get
    the grasp of it!

  5. My spouse and I stumbled over here coming from a different web page and
    thought I should check things out. I like what I see so now i’m following you.
    Look forward to looking over your web page for a second time.

  6. You actually make it seem really easy along with your
    presentation but I to find this topic to be actually one thing that I feel I’d by
    no means understand. It kind of feels too complicated and extremely large for me.
    I am having a look forward for your subsequent put
    up, I’ll try to get the hang of it!

  7. First of all I would like to ssay wonderful blog! I had a quick question in which I’d like to ask if you don’t mind.
    I was interested to find out how you center yourself and clear your mind before writing.
    I’ve had trouble clearing my mind iin getting my
    ideas outt there. I truly do take pleasure iin writing however it just seems like the first
    10 to 15 minutes are usually wasted simply just trying to figure out how to begin. Any ideas or hints?
    Appreciate it!

  8. Undeniably believe that which you said. Your favorite justification seemed to be on the web the simplest thing to be aware of.

    I say to you, I certainly get annoyed while people think about
    worries that they plainly don’t know about. You managed
    to hit the nail upon the top and also defined out
    the whole thing without having side-effects , people can take
    a signal. Will probably be back to get more.
    Thanks

  9. You’re so interesting! I don’t suppose I’ve truly read a single thing like that before.
    So good to find someone with a few original thoughts on this subject.
    Really.. thank you for starting this up. This website is one
    thing that is required on the web, someone with a little originality!

  10. Hmm is anyone else encountering problems with the
    images on this blog loading? I’m trying to figure out if its a problem
    on my end or if it’s the blog. Any feedback would be greatly appreciated.

  11. Good day! I know this is kinda off topic but I’d figured I’d ask.
    Would you be interested in exchanging links or maybe guest writing a
    blog article or vice-versa? My blog addresses a lot of
    the same subjects as yours and I feel we could greatly benefit from each other.
    If you are interested feel free to send me an email.
    I look forward to hearing from you! Great blog by the way!

  12. I was suggested this blog through my cousin. I’m not positive whether
    or not this post is written via him as no one else recognize
    such precise about my trouble. You are incredible!
    Thank you!

  13. You really make it appear so easy with your presentation however
    I find this topic to be really something that I believe I would never understand.

    It seems too complicated and very wide for me.

    I’m looking ahead on your subsequent submit, I will try to get
    the cling of it!

  14. Heya i am for the first time here. I came across this board and I in finding It truly useful & it helped me
    out a lot. I am hoping to offer one thing back and help others like you aided me.

  15. Please let me know if you’re looking for a writer for
    your blog. You have some really great articles and I feel I would be a good asset.

    If you ever want to take some of the load off, I’d really like to write some articles for your blog
    in exchange for a link back to mine. Please blast me an e-mail if interested.

    Regards!

  16. Thanks for your personal marvelous posting! I actually
    enjoyed reading it, you’re a great author.I will make sure
    to bookmark your blog and will eventually come back very soon. I want
    to encourage you continue your great writing, have a
    nice weekend!

  17. Its like you read my mind! You appear to know a
    lot about this, like you wrote the book in it or something.
    I think that you can do with some pics to drive the message home a little bit,
    but other than that, this is excellent blog. A great read.
    I will definitely be back.

  18. Contrary to popular belief, no gaming going as far back as the 1950s has been 100% clay.
    However, you should be sure that every one of the foibles are followed.
    And let you dreams realize the fact and allow the divine breeze of
    This Palace groom you to the pleasing and affectionate emotions and feelings.

  19. Hi! I know this is somewhat off-topic however I had to ask.

    Does running a well-established blog like yours take a lot of work?
    I am brand new to running a blog however I do write in my diary everyday.
    I’d like to start a blog so I can share my experience
    and feelings online. Please let me know if you have any kind
    of recommendations or tips for brand new aspiring bloggers.
    Appreciate it!

  20. Hiya! I know this is kinda off topic nevertheless I’d figured I’d
    ask. Would you be interested in trading links or maybe guest authoring a blog post or vice-versa?

    My blog goes over a lot of the same topics as yours and I feel we could greatly benefit from each other.
    If you happen to be interested feel free to shoot me an e-mail.
    I look forward to hearing from you! Superb blog
    by the way!

  21. Hi there, i read your blog from time to time and i own a similar one and i was just wondering if you get a lot of spam feedback?
    If so how do you reduce it, any plugin or anything you can suggest?
    I get so much lately it’s driving me insane so any help is very
    much appreciated.

  22. Thank you a lot for giving everyone a very memorable opportunity to read critical reviews from this blog.
    It is always so useful plus full of a great time for me personally and my office peers to visit
    your blog nearly 3 times in 7 days to see the latest tips
    you have. And definitely, I’m at all times astounded concerning the fabulous
    information you serve. Selected 2 points in this post
    are in fact the most impressive we have all ever had.

  23. Excellent beat ! I wish to apprentice while you amend your website, how
    can i subscribe for a blog site? The account aided me a acceptable deal.
    I had been a little bit acquainted of this your broadcast provided bright clear concept

  24. This design is incredible! You obviously know how to keep a reader
    amused. Between your wit and your videos, I was almost moved to start my own blog (well,
    almost…HaHa!) Wonderful job. I really loved what you had to say, and more than that,
    how you presented it. Too cool!

  25. I absolutely love your blog.. Very nice colors & theme.
    Did you make this amazing site yourself? Please reply back as I’m hoping to create my own site
    and would like to know where you got this from or what the theme
    is called. Cheers!

发表评论

电子邮件地址不会被公开。 必填项已用*标注

答案 : *
29 − 23 =


返回顶部