对家庭服务器的奇怪请求和可能的安全漏洞

对家庭服务器的奇怪请求和可能的安全漏洞

我正在尝试在家庭服务器上托管一个 Django Web 应用程序。我总能收到来自世界各地未知 IP 的奇怪请求,例如以下请求:

Not Found: /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
162.243.145.13 - - [01/May/2023 04:55:57] "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 404 -
Not Found: /owa/auth/x.js
162.243.136.25 - - [01/May/2023 04:59:38] "GET /owa/auth/x.js HTTP/1.1" 404 -
Not Found: /owa/auth/logon.aspx
162.243.136.25 - - [01/May/2023 05:02:45] "GET /owa/auth/logon.aspx HTTP/1.1" 404 -

Not Found: /_ignition/execute-solution
190.220.22.11 - - [01/May/2023 05:22:03] "POST /_ignition/execute-solution HTTP/1.1" 404 -
190.220.22.11 - - [01/May/2023 05:22:05] "GET / HTTP/1.1" 200 -
Not Found: /script
190.220.22.11 - - [01/May/2023 05:22:06] "GET /script HTTP/1.1" 404 -
Not Found: /login
190.220.22.11 - - [01/May/2023 05:22:08] "GET /login HTTP/1.1" 404 -
Not Found: /jenkins/login
190.220.22.11 - - [01/May/2023 05:22:09] "GET /jenkins/login HTTP/1.1" 404 -
Not Found: /manager/html
190.220.22.11 - - [01/May/2023 05:22:11] "GET /manager/html HTTP/1.1" 404 -
190.220.22.11 - - [01/May/2023 05:22:13] "GET /?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=8io439h1 HTTP/1.1" 200 -

64.62.197.92 - - [29/Apr/2023 06:29:53] "GET / HTTP/1.1" 200 -
64.62.197.105 - - [29/Apr/2023 06:36:38] "GET /favicon.ico HTTP/1.1" 302 -
64.62.197.97 - - [29/Apr/2023 06:37:55] "GET / HTTP/1.1" 200 -
Not Found: /geoserver/web/
64.62.197.92 - - [29/Apr/2023 06:39:41] "GET /geoserver/web/ HTTP/1.1" 404 -

183.136.225.32 - - [29/Apr/2023 07:27:30] "GET / HTTP/1.1" 200 -
183.136.225.32 - - [29/Apr/2023 07:39:00] "GET /favicon.ico HTTP/1.1" 302 -
183.136.225.32 - - [29/Apr/2023 07:39:03] "GET /static/images/favicon.ico HTTP/1.1" 404 -
Not Found: /robots.txt
183.136.225.32 - - [29/Apr/2023 07:39:06] "GET /robots.txt HTTP/1.1" 404 -
183.136.225.32 - - [01/May/2023 12:14:06] "GET / HTTP/1.1" 200 -
183.136.225.32 - - [01/May/2023 12:23:03] "GET / HTTP/1.1" 200 -
183.136.225.32 - - [01/May/2023 12:23:29] "GET /favicon.ico HTTP/1.1" 302 -
183.136.225.32 - - [01/May/2023 12:23:31] "GET /static/images/favicon.ico HTTP/1.1" 404 -
Not Found: /robots.txt
183.136.225.32 - - [01/May/2023 12:23:34] "GET /robots.txt HTTP/1.1" 404 -

167.94.138.124 - - [01/May/2023 07:06:53] "GET / HTTP/1.1" 200 -
167.94.138.124 - - [01/May/2023 07:06:54] "GET / HTTP/1.1" 200 -
167.94.138.124 - - [01/May/2023 07:06:55] code 505, message Invalid HTTP version (2.0)
167.94.138.124 - - [01/May/2023 07:06:55] "PRI * HTTP/2.0" HTTPStatus.HTTP_VERSION_NOT_SUPPORTED -
167.94.138.124 - - [01/May/2023 07:06:56] "GET /static/images/favicon-32x32.png HTTP/1.1" 200 -
167.94.138.124 - - [01/May/2023 07:06:57] "GET /favicon.ico HTTP/1.1" 302 -
167.94.138.124 - - [01/May/2023 07:06:58] "GET /static/images/favicon.ico HTTP/1.1" 404 -

我托管的 Web 应用程序仍处于试运行状态,在具有最低安全配置的开发服务器上运行。

我在 Ubuntu 上设置了防火墙,ufw只允许传入某个端口的请求,我将从该端口托管 Web 应用程序。就这样。

只是想知道,通过查看上述请求实例,(1)这些 IP 背后的人或机器人正在尝试做什么,(2)是否存在我可能忽略的重大安全风险,如果是,(3)从开发切换到生产时我应该做些什么来降低风险,以便我可以放心我的服务器和数据是安全的?

相关内容