从外部到达服务器的对 127.0.0.1:3000 的调用

从外部到达服务器的对 127.0.0.1:3000 的调用

日志报告显示尝试进入服务器

https://127.0.0.1:3000

如果我没记错的话,这通常用于访问本地主机。

现在这显然是一些不良行为者的尝试,因为这种情况在几秒钟内从不同的 IP 地址多次发生,来自非常老旧的网站的 IP(因此可能被黑客入侵)等。

a) 这些流量首先是如何到达服务器的?
b) 他们试图探测服务器的弱点,但有人知道为什么吗?c) 如何使用 nginx 缓解这种情况?

------------------------------
Request:
-------------------------------

  * URL        : https://127.0.0.1:3000/
  * HTTP Method: GET
  * IP address : 208.100.26.231
  * Parameters : {"controller"=>"home", "action"=>"index"}
  * Timestamp  : 2019-01-17 13:12:55 +0100
  * Server : www
  * Rails root : /home/deploy/v4/releases/20181214163358
  * Process: 7685

-------------------------------
Session:
-------------------------------

  * session id: [FILTERED]
  * data: {}

-------------------------------
Environment:
-------------------------------

  * HTTPS                                          : on
  * HTTP_VERSION                                   : HTTP/1.1
  * ORIGINAL_FULLPATH                              : /
  * ORIGINAL_SCRIPT_NAME                           : 
  * PASSENGER_CONNECT_PASSWORD                     : [FILTERED]
  * PATH_INFO                                      : /
  * QUERY_STRING                                   : 
  * REMOTE_ADDR                                    : 208.100.26.231
  * REMOTE_PORT                                    : 34080
  * REQUEST_METHOD                                 : GET
  * REQUEST_URI                                    : /
  * ROUTES_47310805116200_SCRIPT_NAME              : 
  * SCRIPT_NAME                                    : 
  * SERVER_NAME                                    : 127.0.0.1
  * SERVER_PORT                                    : 3000
  * SERVER_PROTOCOL                                : HTTP/1.1
  * SERVER_SOFTWARE                                : nginx/1.14.0 Phusion_Passenger/5.3.4
  * action_controller.instance                     : #<HomeController:0x00560ed5f77170>
  * action_dispatch.backtrace_cleaner              : #<Rails::BacktraceCleaner:0x00560ecb4f87f8>
  * action_dispatch.cookies                        : #<ActionDispatch::Cookies::CookieJar:0x00560ed5daa6a8>
  * action_dispatch.cookies_digest                 : 
  * action_dispatch.cookies_serializer             : json
  * action_dispatch.encrypted_cookie_salt          : encrypted cookie
  * action_dispatch.encrypted_signed_cookie_salt   : signed encrypted cookie
  * action_dispatch.http_auth_salt                 : http authentication
  * action_dispatch.key_generator                  : #<ActiveSupport::LegacyKeyGenerator:0x00560ed8213670>
  * action_dispatch.logger                         : #<ActiveSupport::Logger:0x00560ecf735d00>
  * action_dispatch.parameter_filter               : [:password]
  * action_dispatch.redirect_filter                : []
  * action_dispatch.remote_ip                      : 208.100.26.231
  * action_dispatch.request.content_type           : 
  * action_dispatch.request.formats                : [#<Mime::Type:0x00560eca749f30 @synonyms=["application/xhtml+xml"], @symbol=:html, @string="text/html", @hash=3518762773694847120>]
  * action_dispatch.request.parameters             : {"controller"=>"home", "action"=>"index"}
  * action_dispatch.request.path_parameters        : {:controller=>"home", :action=>"index"}
  * action_dispatch.request.query_parameters       : {}
  * action_dispatch.request.request_parameters     : {}
  * action_dispatch.request.unsigned_session_cookie: {}
  * action_dispatch.request_id                     : 13b86fc9-8500-4d0f-b87a-6801cdfb79b6
  * action_dispatch.routes                         : #<ActionDispatch::Routing::RouteSet:0x00560ecf774a50>
  * action_dispatch.secret_key_base                : 
  * action_dispatch.show_detailed_exceptions       : false
  * action_dispatch.show_exceptions                : true
  * action_dispatch.signed_cookie_salt             : signed cookie
  * rack.errors                                    : #<IO:0x00560ec9b0db18>
  * rack.hijack                                    : #<Proc:0x00560ed5f66960@/usr/lib/ruby/vendor_ruby/phusion_passenger/rack/thread_handler_extension.rb:84 (lambda)>
  * rack.hijack?                                   : true
  * rack.input                                     : #<PhusionPassenger::Utils::TeeInput:0x00560ed5f66ca8>
  * rack.multiprocess                              : true
  * rack.multithread                               : false
  * rack.request.cookie_hash                       : {}
  * rack.request.query_hash                        : {}
  * rack.request.query_string                      : 
  * rack.run_once                                  : false
  * rack.session                                   : #<ActionDispatch::Request::Session:0x00560ed5f65218>
  * rack.session.options                           : #<ActionDispatch::Request::Session::Options:0x00560ed5f65088>
  * rack.url_scheme                                : https
  * rack.version                                   : [1, 2]
  * warden                                         : Warden::Proxy:47310859610080 @config={:default_scope=>:user, :scope_defaults=>{}, :default_strategies=>{:user=>[:rememberable, :database_authenticatable]}, :intercept_401=>false, :failure_app=>#<Devise::Delegator:0x00560ed5c75a80>}

访问日志

208.100.26.231 - - [17/Jan/2019:13:11:27 +0100] "GET / HTTP/1.0" 500 1477 "-" "-"
208.100.26.231 - - [17/Jan/2019:13:12:50 +0100] "GET /nmaplowercheck1547727169 HTTP/1.1" 404 571 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
208.100.26.231 - - [17/Jan/2019:13:12:51 +0100] "GET /HNAP1 HTTP/1.1" 404 571 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
208.100.26.231 - - [17/Jan/2019:13:12:55 +0100] "GET / HTTP/1.0" 500 1477 "-" "-"
208.100.26.231 - - [17/Jan/2019:13:12:55 +0100] "POST /sdk HTTP/1.1" 404 571 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
208.100.26.231 - - [17/Jan/2019:13:12:55 +0100] "GET / HTTP/1.1" 200 5303 "-" "-"
208.100.26.231 - - [17/Jan/2019:13:12:55 +0100] "HEAD / HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like

错误日志

2019/01/17 13:12:50 [error] 6768#6768: *6400 open() "/home/deploy/default/nmaplowercheck1547727169" failed (2: No such file or directory), client: 208.100.26.231, server: [correct ip of host], request: "GET /nmaplowercheck1547727169 HTTP/1.1", host: "[correct ip of host]"
2019/01/17 13:12:51 [error] 6767#6767: *6401 open() "/home/deploy/default/HNAP1" failed (2: No such file or directory), client: 208.100.26.231, server: [correct ip of host], request: "GET /HNAP1 HTTP/1.1", host: "[correct ip of host]"

相关内容