Today I was checking my server logs then I noticed some requests which I think is that someone is trying to get into my server. I am hosting PHP Laravel (6) based admin panel and API's on it. I have also checked my public routes and permissions of the files. Can someone figure out what else should I do to prevent something disastrous thing to happen? Thanks in advance.
Here are some other suspicious requests :
First thing to do after suspicion of a hacker attack is to setup an IDS (Intrusion Detection System) to detect anomalies in the network traffic. After an attack has taken place the compromised device may become an automated zombie at the hacker service.
If you suspect about malicious activity by a specific user you can check the bash history, log in as the user you want to investigate and run the command history as in the following example: Above you can see the commands history, this commands works by reading the file ~/.bash_history located in the users home:
If you find an unexpected successful login, then your account has been hacked and if you are still able to, change your account password immediately. Also, would recommend enabling 2 factor authentication if it isn't already
If you suspect you were hacked the first step is to make sure the intruder isn’t logged into your system, you can achieve it using commands “ w ” or “ who ”, the first one contains additional information: Note: commands “w” and “who” may not show users logged from pseudo terminals like Xfce terminal or MATE terminal.
These are among many bots that are constantly trying to break into servers or gain unauthorized access on your web app. You can read more about them here. This happens to all servers, regardless of which service provider you're using AWS / DigitalOcean / Linode or whatever other options.
Most commonly, they'll try generic login urls and bruteforce them with default or common username/passwords. They're always there, but you probably did not notice until you started checking the log files.
While we're on this topic, there are also SSH worms that are constantly trying to bruteforce SSH into your server. This is why it's important to use good passwords, or better yet, disable password entry into your server and only allow SSH. That will greatly improve security but still will not stop their efforts.
What you can do to protect your server:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With