我这是被攻击的节奏吗？

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

推荐书目

› 高性能网站建设进阶指南

› High Performance Web Sites

› Google Hacks: Tips & Tools for Finding and Using the World's Information

关于 Google SEO 最好的一本书

这是一个创建于 3833 天前的主题，其中的信息可能已经有所发展或是发生改变。

220.181.51.37 - - [14/May/2014:11:53:19 +0800] bbs.quxizang.com "GET /my.php?item=buddylist&newbuddyid=50006&buddysubmit=yes HTTP/1.0" 200 402 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.37 - - [14/May/2014:11:53:19 +0800] bbs.quxizang.com "GET /viewthread.php?tid=43857&page=3&authorid=50006 HTTP/1.0" 200 410 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.37 - - [14/May/2014:11:53:19 +0800] bbs.quxizang.com "GET /pm.php?action=send&uid=165235 HTTP/1.0" 200 402 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.37 - - [14/May/2014:11:53:19 +0800] bbs.quxizang.com "GET /my.php?item=buddylist&newbuddyid=50006&buddysubmit=yes HTTP/1.0" 200 402 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.37 - - [14/May/2014:11:53:19 +0800] bbs.quxizang.com "GET /pm.php?action=send&uid=165235 HTTP/1.0" 200 402 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.52 - - [14/May/2014:11:53:19 +0800] bbs.quxizang.com "GET /my.php?item=buddylist&newbuddyid=50006&buddysubmit=yes HTTP/1.0" 503 4441 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.36 - - [14/May/2014:11:53:20 +0800] bbs.quxizang.com "GET /pm.php?action=send&uid=165235 HTTP/1.0" 200 402 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.54 - - [14/May/2014:11:53:20 +0800] bbs.quxizang.com "GET /digest.php?authorid=50006 HTTP/1.0" 200 406 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.53 - - [14/May/2014:11:53:20 +0800] bbs.quxizang.com "GET /my.php?item=buddylist&newbuddyid=165235&buddysubmit=yes HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.38 - - [14/May/2014:11:53:20 +0800] bbs.quxizang.com "GET /redirect.php?goto=findpost&pid=577611 HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.54 - - [14/May/2014:11:53:21 +0800] bbs.quxizang.com "GET /digest.php?authorid=50006 HTTP/1.0" 200 15655 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.37 - - [14/May/2014:11:53:21 +0800] bbs.quxizang.com "GET /pm.php?action=send&uid=96836 HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.51 - - [14/May/2014:11:53:21 +0800] bbs.quxizang.com "GET /my.php?item=buddylist&newbuddyid=96836&buddysubmit=yes HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.37 - - [14/May/2014:11:53:22 +0800] bbs.quxizang.com "GET /digest.php?authorid=96836 HTTP/1.0" 200 7783 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.39 - - [14/May/2014:11:53:22 +0800] bbs.quxizang.com "GET /pm.php?action=send&uid=84287 HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.36 - - [14/May/2014:11:53:23 +0800] bbs.quxizang.com "GET /my.php?item=buddylist&newbuddyid=84287&buddysubmit=yes HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.52 - - [14/May/2014:11:53:23 +0800] bbs.quxizang.com "GET /attachment.php?aid=50640¬humb=yes HTTP/1.0" 503 4441 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.35 - - [14/May/2014:11:53:23 +0800] bbs.quxizang.com "GET /digest.php?authorid=84287 HTTP/1.0" 200 7783 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.35 - - [14/May/2014:11:53:24 +0800] bbs.quxizang.com "GET /pm.php?action=send&uid=145485 HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.35 - - [14/May/2014:11:53:24 +0800] bbs.quxizang.com "GET /my.php?item=buddylist&newbuddyid=145485&buddysubmit=yes HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.52 - - [14/May/2014:11:53:24 +0800] bbs.quxizang.com "GET /topic/128598/p2.html HTTP/1.0" 499 0 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.54 - - [14/May/2014:11:53:24 +0800] bbs.quxizang.com "GET /pm.php?action=send&uid=8252 HTTP/1.0" 200 402 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.53 - - [14/May/2014:11:53:25 +0800] bbs.quxizang.com "GET /digest.php?authorid=145485 HTTP/1.0" 200 7783 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.39 - - [14/May/2014:11:53:25 +0800] bbs.quxizang.com "GET /pm.php?action=send&uid=8252 HTTP/1.0" 200 402 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.54 - - [14/May/2014:11:53:25 +0800] bbs.quxizang.com "GET /my.php?item=buddylist&newbuddyid=8252&buddysubmit=yes HTTP/1.0" 200 402 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.36 - - [14/May/2014:11:53:25 +0800] bbs.quxizang.com "GET /pm.php?action=send&uid=8252 HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.56 - - [14/May/2014:11:53:25 +0800] bbs.quxizang.com "GET /my.php?item=buddylist&newbuddyid=8252&buddysubmit=yes HTTP/1.0" 200 402 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.35 - - [14/May/2014:11:53:25 +0800] bbs.quxizang.com "GET /topic/150249.html HTTP/1.0" 499 0 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.37 - - [14/May/2014:11:53:25 +0800] bbs.quxizang.com "GET /digest.php?authorid=8252 HTTP/1.0" 200 406 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.38 - - [14/May/2014:11:53:25 +0800] bbs.quxizang.com "GET /digest.php?authorid=136425 HTTP/1.0" 200 406 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.37 - - [14/May/2014:11:53:25 +0800] bbs.quxizang.com "GET /my.php?item=buddylist&newbuddyid=8252&buddysubmit=yes HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.61 - - [14/May/2014:11:53:25 +0800] bbs.quxizang.com "GET /redirect.php?fid=33&tid=150249&goto=nextoldset HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.37 - - [14/May/2014:11:53:26 +0800] bbs.quxizang.com "GET /digest.php?authorid=8252 HTTP/1.0" 200 7783 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.35 - - [14/May/2014:11:53:26 +0800] bbs.quxizang.com "GET /digest.php?authorid=136425 HTTP/1.0" 200 7783 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.53 - - [14/May/2014:11:53:26 +0800] bbs.quxizang.com "GET /topic/102036/p11.html HTTP/1.0" 499 0 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.56 - - [14/May/2014:11:53:26 +0800] bbs.quxizang.com "GET /redirect.php?fid=33&tid=150249&goto=nextnewset HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.37 - - [14/May/2014:11:53:26 +0800] bbs.quxizang.com "GET /post.php?action=reply&fid=33&tid=150249&extra=page%3D1 HTTP/1.0" 200 9642 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.54 - - [14/May/2014:11:53:26 +0800] bbs.quxizang.com "GET /topic/43857.html HTTP/1.0" 503 4441 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.52 - - [14/May/2014:11:53:26 +0800] bbs.quxizang.com "GET /pm.php?action=send&uid=148447 HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.51 - - [14/May/2014:11:53:26 +0800] bbs.quxizang.com "GET /album/150249.html HTTP/1.0" 200 11399 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.37 - - [14/May/2014:11:53:26 +0800] bbs.quxizang.com "GET /my.php?item=buddylist&newbuddyid=148447&buddysubmit=yes HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.45 - - [14/May/2014:11:53:27 +0800] bbs.quxizang.com "GET /pm.php?action=send&uid=105637 HTTP/1.0" 200 9592 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
220.181.51.54 - - [14/May/2014:11:53:27 +0800] bbs.quxizang.com "GET /topic/175177/p2.html HTTP/1.0" 499 0 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"

6.0

quxizang

17 条回复 • 2014-05-14 15:41:40 +08:00

xiaop

2014-05-14 11:57:23 +08:00

IP地址竟然是百度的：

1 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
2 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
3 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
4 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
5 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
6 220.181.51.52 - 北京市北京百度网讯科技有限公司电信节点
7 220.181.51.36 - 北京市北京百度网讯科技有限公司电信节点
8 220.181.51.54 - 北京市北京百度网讯科技有限公司电信节点
9 220.181.51.53 - 北京市北京百度网讯科技有限公司电信节点
10 220.181.51.38 - 北京市北京百度网讯科技有限公司电信节点
11 220.181.51.54 - 北京市北京百度网讯科技有限公司电信节点
12 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
13 220.181.51.51 - 北京市北京百度网讯科技有限公司电信节点
14 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
15 220.181.51.39 - 北京市北京百度网讯科技有限公司电信节点
16 220.181.51.36 - 北京市北京百度网讯科技有限公司电信节点
17 220.181.51.52 - 北京市北京百度网讯科技有限公司电信节点
18 220.181.51.35 - 北京市北京百度网讯科技有限公司电信节点
19 220.181.51.35 - 北京市北京百度网讯科技有限公司电信节点
20 220.181.51.35 - 北京市北京百度网讯科技有限公司电信节点
21 220.181.51.52 - 北京市北京百度网讯科技有限公司电信节点
22 220.181.51.54 - 北京市北京百度网讯科技有限公司电信节点
23 220.181.51.53 - 北京市北京百度网讯科技有限公司电信节点
24 220.181.51.39 - 北京市北京百度网讯科技有限公司电信节点
25 220.181.51.54 - 北京市北京百度网讯科技有限公司电信节点
26 220.181.51.36 - 北京市北京百度网讯科技有限公司电信节点
27 220.181.51.56 - 北京市北京百度网讯科技有限公司电信节点
28 220.181.51.35 - 北京市北京百度网讯科技有限公司电信节点
29 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
30 220.181.51.38 - 北京市北京百度网讯科技有限公司电信节点
31 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
32 220.181.51.61 - 北京市北京百度网讯科技有限公司电信节点
33 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
34 220.181.51.35 - 北京市北京百度网讯科技有限公司电信节点
35 220.181.51.53 - 北京市北京百度网讯科技有限公司电信节点
36 220.181.51.56 - 北京市北京百度网讯科技有限公司电信节点
37 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
38 220.181.51.54 - 北京市北京百度网讯科技有限公司电信节点
39 220.181.51.52 - 北京市北京百度网讯科技有限公司电信节点
40 220.181.51.51 - 北京市北京百度网讯科技有限公司电信节点
41 220.181.51.37 - 北京市北京百度网讯科技有限公司电信节点
42 220.181.51.45 - 北京市北京百度网讯科技有限公司电信节点
43 220.181.51.54 - 北京市北京百度网讯科技有限公司电信节点

yautou

2014-05-14 12:24:17 +08:00

@xiaop 放在bae上的吧

anheiyouxia

2014-05-14 12:24:47 +08:00

如果是百度的IP，那应该是蜘蛛吧，不然怎么会没事攻击你？

qq286735628

2014-05-14 12:28:44 +08:00

没有404，全是真实地址，爬虫吧

xiaop

2014-05-14 12:41:39 +08:00

这个 "Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
应该是伪造的IP吧？

dong3580

2014-05-14 13:09:07 +08:00

@qq286735628
你有没有看到后缀，这是在想脱裤的节奏。
应该是批量试验各种后缀组合，总有一个可以注入的。

xiaop

2014-05-14 13:09:10 +08:00

阿里云的云盾提示：

攻击类型：

四层攻击： SYN洪水攻击 TCP连接攻击

七层攻击： HTTP Flood(CC攻击)
攻击IP：

220.181.51.46 58.117.125.166 220.181.51.62 62.210.215.117 220.181.51.52 220.181.51.36 68.180.225.105 37.57.231.115 36.7.150.157 123.125.71.89 123.120.45.150 58.116.8.206 220.181.108.93 37.58.100.83 37.58.100.167 220.181.108.105 220.181.51.38 220.181.108.121 116.114.17.139 220.181.108.169

shiny

2014-05-14 13:10:13 +08:00

百度的蜘蛛是有 reverse dns 解析的，这几段 ip 没有。有的机房或者百度云都可能查出来是百度网讯的。

xiaop

2014-05-14 13:16:39 +08:00

@dong3580 你说的我没看懂。。。

dong3580

2014-05-14 13:23:01 +08:00

以前遇到的一个例子是有人用程序不断试验提交的action后面的组合，如果有些语句没有检测的话就可以达到注入数据库的目的。
先封一段时间吧，具体不知道。
等楼下大牛来回复。

xiaop

2014-05-14 13:27:30 +08:00

@dong3580 确实也有这个可能。

xiaop

2014-05-14 13:28:04 +08:00

@shiny 多谢提醒。我想很有可能是伪造的IP

davidyin

2014-05-14 14:19:28 +08:00

第一次吧，人生新模式开启了。

davidyin

2014-05-14 14:20:17 +08:00

封掉IP一段时间。或者301这些ip到一个不存在的，被墙的网址。

xiaop

2014-05-14 14:26:14 +08:00

@davidyin 网站曾近被攻击过好多次，主要是这次IP地址来源都是百度的所以觉得很好奇。@shiny 让我觉得应该是伪造IP。
您的SEO博客我经常看。非常感谢您的分享！

shiny

2014-05-14 15:28:27 +08:00

不能说是伪造百度蜘蛛——因为 user agent 没声明是蜘蛛。

Showfom

2014-05-14 15:41:40 +08:00

http://bgp.he.net/ip/220.181.51.37#_whois

谁说这个 IP 是百度的