Hace poco inspeccioné mi php-fpm.log y encontré muchas actividades sospechosas que parecen intentos maliciosos de obtener acceso a mi host. Aquí están algunos de los registros:
[07-Oct-2018 22:01:31] WARNING: [pool www] child 4190 said into stderr: "ERROR: Unable to open primary script: /data/wwwroot/default/1.php (No such file or directory)"
[07-Oct-2018 22:01:31] WARNING: [pool www] child 2955 said into stderr: "ERROR: Unable to open primary script: /data/wwwroot/default/a.php (No such file or directory)"
[07-Oct-2018 22:01:31] WARNING: [pool www] child 3003 said into stderr: "ERROR: Unable to open primary script: /data/wwwroot/default/m.php (No such file or directory)"
[07-Oct-2018 22:01:32] WARNING: [pool www] child 4677 said into stderr: "ERROR: Unable to open primary script: /data/wwwroot/default/conf.php (No such file or directory)"
[07-Oct-2018 22:01:32] WARNING: [pool www] child 4667 said into stderr: "ERROR: Unable to open primary script: /data/wwwroot/default/123.php (No such file or directory)"
Está intentando abrir varios nombres aleatorios en mi carpeta web, y me pregunto cómo puedo averiguar la fuente de la actividad y cómo detenerla.