I’m very nervous.
I’ve a bit of internet server internet hosting a PhpMyAdmin web page (during which they’re some essential databases). Yesterday, I posted a full new webpage on my server (however a quite simple HTML and stylesheet web page no one thing that the world simply doesn’t care about). I informed this to no physique. I simply went to my website with my mom’s pc to point out her the look of the positioning. And, since yesterday there are very very unusual IP that accessed my webserver (I see them on apache2 entry logs).
Some tried to entry directories that even doesn’t exist :
Right here is the log
What are these directories /house, /login/, /vpn ??? As you’ll be able to see, clearly, they returned 404 to the shopper however why did he attempt to entry this ?
And, really this isn’t crucial as another IP tried like 40 instances to entry PhpMyAdmin.
Right here is it
And that is solely like 50% of the IP of this man.
As you’ll be able to see I attempted all passwords doable. Happily, I’m not dumb (lol) and I put a robust password (12 characters with numbers, captions..) however what if sooner or later this hacker sooner or later ? As a result of I exploit the identical password on all my accounts on web site (besides emails Happily).
I attempted to see the place does this man come from. So i searched on iplocation.com
Listed here are the outcomes :
I’ve fail2ban put in on my server nevertheless it solely works on ssh and apache. I additionally appeared for placing a .htpasswd file however I believe that is just for apache pages.
I’m actually confused due to my server may be very very small (quad core 1.5GHz and 4Gb RAM) and naturally it can not deal with any DDoS or no matter else.
Whan can I do ? Is setting a fail2ban / second password safety layer a good suggestion ?
I additionally use this server as VPN and I ssh usually. Do you suppose the hacker might be monitoring my exercise and catch passwords I fill to entry VPN or SSH ?
This publish i very lengthy and my english is horrible so thanks if took your time to think about my downside
Any assistance is welcome