how to mitigate hackers trying to find an exploit?

Question

I have a Rails application running in a webserver inside my company, and now and then I see this messages on log:

I, [2014-09-04T06:15:33.057513 #37024]  INFO -- : Started GET "/pma/scripts/setup.php" for 203.114.105.46 at 2014-09-04 06:│00
I,│15:33 -0300                                                                                                                │
I,│F, [2014-09-04T06:15:33.059088 #37024] FATAL -- :                                                                          │
I,│ActionController::RoutingError (No route matches [GET] "/pma/scripts/setup.php"):                                          │30
0 │  actionpack (4.1.4) lib/action_dispatch/middleware/debug_exceptions.rb:21:in `call'                                       │
I,│  actionpack (4.1.4) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'                                        │
I,│  railties (4.1.4) lib/rails/rack/logger.rb:38:in `call_app'                                                               │
00│  railties (4.1.4) lib/rails/rack/logger.rb:20:in `block in call'                                                          │
20│  activesupport (4.1.4) lib/active_support/tagged_logging.rb:68:in `block in tagged'                                       │
20│  activesupport (4.1.4) lib/active_support/tagged_logging.rb:26:in `tagged'                                                │
20│  activesupport (4.1.4) lib/active_support/tagged_logging.rb:68:in `tagged'                                                │
20│  railties (4.1.4) lib/rails/rack/logger.rb:20:in `call'                                                                   │
20│  actionpack (4.1.4) lib/action_dispatch/middleware/request_id.rb:21:in `call'                                             │
20│  rack (1.5.2) lib/rack/methodoverride.rb:21:in `call'                                                                     │
20│  rack (1.5.2) lib/rack/runtime.rb:17:in `call'                                                                            │
20│  activesupport (4.1.4) lib/active_support/cache/strategy/local_cache_middleware.rb:26:in `call'                           │
20│  rack (1.5.2) lib/rack/sendfile.rb:112:in `call'                                                                          │
20│  railties (4.1.4) lib/rails/engine.rb:514:in `call'

seems like an arbitrary bot trying to find an open server...is there a way to stop these things? I'm using Ubuntu 14.04 with nginx/1.4.6

Sure is. The easiest way is to unplug the server. Without power, no bots or hackers will be able to probe your server for exploits. For maximum security, across all your company's servers, it may be more convenient and efficient to simply unplug your internet router. And make sure it's unplugged, not simply powered off, or someone may be able to exploit your server's IPMI system, assuming it has one. — HopelessN00b, Sep 04 '14 at 12:37

Pavling · Accepted Answer · 2014-09-04T18:02:51.217

4

You probably want to look at some firewalling and/or software like Fail2Ban which will watch log files for patterns, and ban IP addresses based on triggers.

edited Sep 04 '14 at 18:02

answered Sep 04 '14 at 13:44

Pavling

156
3

how to mitigate hackers trying to find an exploit?

1 Answers1