Heroku postgres:潜在的暴力攻击
Heroku postgres:潜在的暴力攻击
提问于 2017-02-26 13:27:02
我有一个Django应用程序运行在Heroku上使用。
我在看最新的日志(一些我不经常做的事情),一些奇怪的东西引起了我的注意。所有这些致命的数据库错误如下所示:
2017-02-25T20:31:18+00:00 app[postgres.346]: [DATABASE] [5-1] LOG: could not accept SSL connection: EOF detected
2017-02-25T20:31:18+00:00 app[postgres.347]: [DATABASE] [5-1] FATAL: no pg_hba.conf entry for host "x.x.x.x", user "postgres", database "postgres", SSL off
2017-02-25T20:31:19+00:00 app[postgres.348]: [DATABASE] [5-1] LOG: could not receive data from client: Connection reset by peer
2017-02-25T20:31:20+00:00 app[postgres.349]: [DATABASE] [5-1] FATAL: no pg_hba.conf entry for host "x.x.x.x", user "postgres", database "postgres", SSL off
2017-02-25T20:31:20+00:00 app[postgres.350]: [DATABASE] [5-1] FATAL: password authentication failed for user "postgres"
2017-02-25T20:31:20+00:00 app[postgres.350]: [DATABASE] [5-2] DETAIL: Connection matched pg_hba.conf line 10: "hostssl all all 0.0.0.0/0 md5"
2017-02-25T20:31:21+00:00 app[postgres.351]: [DATABASE] [5-1] FATAL: no pg_hba.conf entry for host "x.x.x.x", user "postgres", database "postgres", SSL off
2017-02-25T20:31:22+00:00 app[postgres.352]: [DATABASE] [5-1] FATAL: password authentication failed for user "postgres"
2017-02-25T20:34:21+00:00 app[postgres.641]: [DATABASE] [5-1] FATAL: password authentication failed for user "root"
2017-02-25T20:34:21+00:00 app[postgres.641]: [DATABASE] [5-2] DETAIL: Connection matched pg_hba.conf line 10: "hostssl all all 0.0.0.0/0 md5"
2017-02-25T20:34:22+00:00 app[postgres.642]: [DATABASE] [5-1] FATAL: no pg_hba.conf entry for host "x.x.x.x", user "root", database "root", SSL off
2017-02-25T20:34:23+00:00 app[postgres.643]: [DATABASE] [5-1] FATAL: password authentication failed for user "root"
2017-02-25T20:37:38+00:00 app[postgres.957]: [DATABASE] [5-1] FATAL: no pg_hba.conf entry for host "x.x.x.x", user "test", database "test", SSL off
2017-02-25T20:37:39+00:00 app[postgres.958]: [DATABASE] [5-1] FATAL: password authentication failed for user "test"
2017-02-25T20:37:39+00:00 app[postgres.958]: [DATABASE] [5-2] DETAIL: Connection matched pg_hba.conf line 10: "hostssl all all 0.0.0.0/0 md5"
2017-02-25T20:37:40+00:00 app[postgres.959]: [DATABASE] [5-1] FATAL: no pg_hba.conf entry for host "x.x.x.x", user "test", database "test", SSL off
2017-02-25T20:37:41+00:00 app[postgres.960]: [DATABASE] [5-1] FATAL: password authentication failed for user "test"
2017-02-25T20:37:41+00:00 app[postgres.960]: [DATABASE] [5-2] DETAIL: Connection matched pg_hba.conf line 10: "hostssl all all 0.0.0.0/0 md5"
2017-02-25T20:37:42+00:00 app[postgres.961]: [DATABASE] [5-1] FATAL: no PostgreSQL user name specified in startup packet
2017-02-25T20:37:42+00:00 app[postgres.962]: [DATABASE] [5-1] FATAL: no PostgreSQL user name specified in startup packet这只是一个很小的样本,大约有800条这样的条目延伸了6分钟。
现在我不知道是什么导致了这一切。我想不出我身边有什么能造成这一切的原因,所以我最好的猜测是,这是一些野蛮的攻击,试图进入数据库?或者是什么导致了这一切?
这是什么值得关注的事情,我如何才能阻止这种情况再次发生?
回答 1
Security用户
回答已采纳
发布于 2017-02-27 04:33:22
几乎可以肯定不是。从网络扫描器中看到自动攻击是很常见的-- IPv4是一个相当小的地址空间,而且很容易枚举(至少,IPv6使它们能够稍微工作以找到目标!)
这是一个低成本,低成功,但潜在的高回报策略,如果他们偶然发现一个有趣的数据和一个可怕的(或默认)密码服务器。只要确保你有不平凡的密码,你就会没事的。
页面原文内容由Security提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://security.stackexchange.com/questions/152411
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号