-1

Almost 4 years ago I was working on a project and noticed unknown commands being executed right in front of my eyes. More about that here

This time I launched a website and I can see in the webserver log the following errors:

Error: ENOENT: no such file or directory, stat 'C:\website\site\robots.txt'
Error: ENOENT: no such file or directory, stat 'C:\website\site\l.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\phpinfo.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\test.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\help.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\java.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\_query.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\test.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\db_cts.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\db_pma.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\logon.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\help-e.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\license.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\log.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\hell.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\pmd_online.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\x.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\shell.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\htdocs.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\b.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\sane.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\desktop.ini.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\z.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\lala.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\lala-dpr.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\wpc.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\wpo.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\t6nv.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\muhstik.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\text.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\wp-config.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\muhstik.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\muhstik2.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\muhstiks.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\muhstik-dpr.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\lol.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\uploader.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\cmd.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\cmv.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\cmdd.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\knal.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\cmd.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\shell.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\appserv.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\scripts\setup.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\phpmyadmin\scripts\setup.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\phpMyAdmin\scripts\setup.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\scripts\db___.init.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\phpmyadmin\scripts\db___.init.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\phpMyAdmin\scripts\db___.init.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\pma\scripts\setup.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\PMA\scripts\setup.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\myadmin\scripts\setup.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\MyAdmin\scripts\setup.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\pma\scripts\db___.init.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\PMA\scripts\db___.init.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\myadmin\scripts\db___.init.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\MyAdmin\scripts\db___.init.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\plugins\weathermap\editor.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\cacti\plugins\weathermap\editor.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\weathermap\editor.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\index.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\elrekt.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\index.php\module\action\param1\${@die(md5(HelloThinkPHP))}'
Error: ENOENT: no such file or directory, stat 'C:\website\site\index.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\d7.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\rxr.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\1x.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\home.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\undx.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\spider.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\payload.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\composers.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\izom.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\composer.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\hue2.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\Drupal.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\lang.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\izom.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\payload.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\new_license.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\images\!.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\images\vuln.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\hd.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\images\up.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\images\attari.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\images\jsspwneed.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\images\stories\cmd.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\images\stories\filemga.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\up.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\laravel.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\huoshan.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\yu.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\floaw.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\ftmabc.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\doudou.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\mjx.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\xiaoxia.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\yuyang.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\zz.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\coonig.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\ak.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\baidoubi.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\hhhhhh.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\meijianxue.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\no1.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\python.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\woshimengmei.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\indea.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\taisui.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\xiaxia.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\kk.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\xsser.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\zzz.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\99.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\dp.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\hs.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\1ts.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\haiyan.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\phpdm.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\root.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\5678.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\root11.php'
Error: ENOENT: no such file or directory, stat 'C:\website\site\xiu.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\secure\ContactAdministrators!default.jspa'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\weaver\bsh.servlet.BshServlet'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpmyadmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\pmd\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\pma\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\PMA\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\PMA2\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\pmamy\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\pmamy2\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\mysql\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\admin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\db\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\dbadmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\web\phpMyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\admin\pma\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\admin\PMA\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\admin\mysql\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\admin\mysql2\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\admin\phpmyadmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\admin\phpMyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\admin\phpmyadmin2\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\mysqladmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\mysql-admin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\mysql_admin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpadmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpmyadmin0\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpmyadmin1\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpmyadmin2\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin-4.4.0\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin4.8.0\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin4.8.1\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin4.8.2\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin4.8.3\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin4.8.4\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin4.8.5\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\myadmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\myadmin2\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\xampp\phpmyadmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyadmin_bak\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\www\phpMyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\tools\phpMyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpmyadmin-old\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdminold\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin.old\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\pma-old\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\claroline\phpMyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\typo3\phpmyadmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpma\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpmyadmin\phpmyadmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin\phpMyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAbmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin__\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin+++---\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\v\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpmyadm1n\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdm1n\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\shaAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyadmi\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmion\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\s\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\MyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin1\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin123\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\pwd\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmina\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMydmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmins\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin._\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin._2\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpmyadmin2222\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin333\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpmyadmin3333\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\php2MyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpiMyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpNyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\1\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\download\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin_111\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpmadmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\321\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\123131\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdminn\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdminhf\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\sbb\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\WWW\phpMyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmln\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpMyAdmin_ai\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\__phpMyAdmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\program\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\shopdb\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phppma\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\phpmy\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\mysql\admin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\mysql\dbadmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\mysql\sqlmanager\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\mysql\mysqlmanager\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\wp-content\plugins\portable-phpmyadmin\wp-pma-mod\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\sqladmin\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\sql\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\SQL\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\websql\index.php'
Error: ENOENT: no such file or directory, stat 'C:\splitter.ai\site\MySQLAdmin\index.php'

So what's going on here? And most importantly, how can I protect my site?

Server info: NodeJS, Express with Helmet No PHP No SSH Windows 10

vaid
  • 3,569

1 Answers1

3

They are trying every likely location of potentially vulnerable scripts and website admin interface.

If you don't want people to compromise your web server then you have several options.

  1. Don't run a publicly facing website. If you are not up to the task of administrating a website full-time and applying patches and updates and fixing breaches then you shouldn't be doing it.
    Setting up a website is easy, keeping it up and secure is hard.
  2. Always keep your software up to date. Use the latest versions of software and related website tools.
  3. Use blacklisting tools for your website software to block most common sources of intrusion. Search for blacklist <your web stack> in Google or your favourite search engine.
  4. Your web logs should include the IP address of any requests. Look through your server documentation to find out how to block IP addresses.
  5. Set up your firewall to blacklist or block IP addresses.

Numbers 3 & 4 are, at best, temporary and transient fixes. "Hackers" can easily change IP address by using proxies, VPNs and other methods. They can reduce the effect (I.e. your not waste server resources) of attacks by simply ignoring them. It does not mean that you won't get traffic still, just that your server won't handle it.

Number 5 is just a variant on 3 & 4 that will prevent the website software from seeing the request at all. You will still get traffic and could be DOS'ed off the internet by it.

Number 2 is one of the most important and under-appreciated ideas. Bugs are found in software all the time and get fixed most of the time, but people often refuse to update the software because it might break something or need them to do more work to repair some other dependencies.

If you are not going to update your software then you might as well just put out a welcome mat and post your bank details for everyone to use.

Take a backup. Perform the update. If something breaks then roll back the backup and try again.

Do not just leave insecure software running on a public machine because it's "easier".

You will always get these kinds of intrusion attempts and they are a fact of having public facing computers. The best you can do is defend against them.

If your computer doesn't need to be public, with servers that are accessible to other users, then don't make it public. Use intermediate services that connect you to your computer. Granted you just move the compromise point to that service, but it is another point that has to fail before yours does.

Mokubai
  • 95,412