日志报告显示尝试进入服务器
https://127.0.0.1:3000
如果我没记错的话,这通常用于访问本地主机。
现在这显然是一些不良行为者的尝试,因为这种情况在几秒钟内从不同的 IP 地址多次发生,来自非常老旧的网站的 IP(因此可能被黑客入侵)等。
a) 这些流量首先是如何到达服务器的?
b) 他们试图探测服务器的弱点,但有人知道为什么吗?c) 如何使用 nginx 缓解这种情况?
------------------------------
Request:
-------------------------------
* URL : https://127.0.0.1:3000/
* HTTP Method: GET
* IP address : 208.100.26.231
* Parameters : {"controller"=>"home", "action"=>"index"}
* Timestamp : 2019-01-17 13:12:55 +0100
* Server : www
* Rails root : /home/deploy/v4/releases/20181214163358
* Process: 7685
-------------------------------
Session:
-------------------------------
* session id: [FILTERED]
* data: {}
-------------------------------
Environment:
-------------------------------
* HTTPS : on
* HTTP_VERSION : HTTP/1.1
* ORIGINAL_FULLPATH : /
* ORIGINAL_SCRIPT_NAME :
* PASSENGER_CONNECT_PASSWORD : [FILTERED]
* PATH_INFO : /
* QUERY_STRING :
* REMOTE_ADDR : 208.100.26.231
* REMOTE_PORT : 34080
* REQUEST_METHOD : GET
* REQUEST_URI : /
* ROUTES_47310805116200_SCRIPT_NAME :
* SCRIPT_NAME :
* SERVER_NAME : 127.0.0.1
* SERVER_PORT : 3000
* SERVER_PROTOCOL : HTTP/1.1
* SERVER_SOFTWARE : nginx/1.14.0 Phusion_Passenger/5.3.4
* action_controller.instance : #<HomeController:0x00560ed5f77170>
* action_dispatch.backtrace_cleaner : #<Rails::BacktraceCleaner:0x00560ecb4f87f8>
* action_dispatch.cookies : #<ActionDispatch::Cookies::CookieJar:0x00560ed5daa6a8>
* action_dispatch.cookies_digest :
* action_dispatch.cookies_serializer : json
* action_dispatch.encrypted_cookie_salt : encrypted cookie
* action_dispatch.encrypted_signed_cookie_salt : signed encrypted cookie
* action_dispatch.http_auth_salt : http authentication
* action_dispatch.key_generator : #<ActiveSupport::LegacyKeyGenerator:0x00560ed8213670>
* action_dispatch.logger : #<ActiveSupport::Logger:0x00560ecf735d00>
* action_dispatch.parameter_filter : [:password]
* action_dispatch.redirect_filter : []
* action_dispatch.remote_ip : 208.100.26.231
* action_dispatch.request.content_type :
* action_dispatch.request.formats : [#<Mime::Type:0x00560eca749f30 @synonyms=["application/xhtml+xml"], @symbol=:html, @string="text/html", @hash=3518762773694847120>]
* action_dispatch.request.parameters : {"controller"=>"home", "action"=>"index"}
* action_dispatch.request.path_parameters : {:controller=>"home", :action=>"index"}
* action_dispatch.request.query_parameters : {}
* action_dispatch.request.request_parameters : {}
* action_dispatch.request.unsigned_session_cookie: {}
* action_dispatch.request_id : 13b86fc9-8500-4d0f-b87a-6801cdfb79b6
* action_dispatch.routes : #<ActionDispatch::Routing::RouteSet:0x00560ecf774a50>
* action_dispatch.secret_key_base :
* action_dispatch.show_detailed_exceptions : false
* action_dispatch.show_exceptions : true
* action_dispatch.signed_cookie_salt : signed cookie
* rack.errors : #<IO:0x00560ec9b0db18>
* rack.hijack : #<Proc:0x00560ed5f66960@/usr/lib/ruby/vendor_ruby/phusion_passenger/rack/thread_handler_extension.rb:84 (lambda)>
* rack.hijack? : true
* rack.input : #<PhusionPassenger::Utils::TeeInput:0x00560ed5f66ca8>
* rack.multiprocess : true
* rack.multithread : false
* rack.request.cookie_hash : {}
* rack.request.query_hash : {}
* rack.request.query_string :
* rack.run_once : false
* rack.session : #<ActionDispatch::Request::Session:0x00560ed5f65218>
* rack.session.options : #<ActionDispatch::Request::Session::Options:0x00560ed5f65088>
* rack.url_scheme : https
* rack.version : [1, 2]
* warden : Warden::Proxy:47310859610080 @config={:default_scope=>:user, :scope_defaults=>{}, :default_strategies=>{:user=>[:rememberable, :database_authenticatable]}, :intercept_401=>false, :failure_app=>#<Devise::Delegator:0x00560ed5c75a80>}
访问日志
208.100.26.231 - - [17/Jan/2019:13:11:27 +0100] "GET / HTTP/1.0" 500 1477 "-" "-"
208.100.26.231 - - [17/Jan/2019:13:12:50 +0100] "GET /nmaplowercheck1547727169 HTTP/1.1" 404 571 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
208.100.26.231 - - [17/Jan/2019:13:12:51 +0100] "GET /HNAP1 HTTP/1.1" 404 571 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
208.100.26.231 - - [17/Jan/2019:13:12:55 +0100] "GET / HTTP/1.0" 500 1477 "-" "-"
208.100.26.231 - - [17/Jan/2019:13:12:55 +0100] "POST /sdk HTTP/1.1" 404 571 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
208.100.26.231 - - [17/Jan/2019:13:12:55 +0100] "GET / HTTP/1.1" 200 5303 "-" "-"
208.100.26.231 - - [17/Jan/2019:13:12:55 +0100] "HEAD / HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like
错误日志
2019/01/17 13:12:50 [error] 6768#6768: *6400 open() "/home/deploy/default/nmaplowercheck1547727169" failed (2: No such file or directory), client: 208.100.26.231, server: [correct ip of host], request: "GET /nmaplowercheck1547727169 HTTP/1.1", host: "[correct ip of host]"
2019/01/17 13:12:51 [error] 6767#6767: *6401 open() "/home/deploy/default/HNAP1" failed (2: No such file or directory), client: 208.100.26.231, server: [correct ip of host], request: "GET /HNAP1 HTTP/1.1", host: "[correct ip of host]"