我为个人项目创建了一个 VPS。我为传入流量设置了一个 NGINX 代理。我打开了服务器以测试 SSL 和域名,并暂时将其置于基本身份验证之后。
我刚刚注意到很多 POST 请求来自http://117.48.205.227正在尝试访问
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:27 +0000] "GET /phpdm.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:28 +0000] "GET /root.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:28 +0000] "GET /5678.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:28 +0000] "GET /root11.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:28 +0000] "GET /xiu.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:28 +0000] "POST /wuwu11.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:29 +0000] "POST /xw.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:29 +0000] "POST /xw1.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:29 +0000] "POST /9678.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:30 +0000] "POST /wc.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:30 +0000] "POST /xx.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:30 +0000] "POST /xx.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:30 +0000] "POST /s.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:31 +0000] "POST /w.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:31 +0000] "POST /sheep.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1 | 117.48.205.227 - - [05/Aug/2019:07:45:31 +0000] "POST /qaq.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
这只是所有请求中的一小部分。有人试图寻找不受保护的路线吗?或者这是某种奇怪的网络爬虫吗?
无论如何,我该如何处理这个问题?我的网络服务器目前已关闭,无法访问互联网。
问候!
答案1
这些是来自(最有可能)被入侵的 VPS 场的标准黑客攻击。您可以忽略这些攻击,前提是您在将 Web 应用程序和 Web 服务器开放给互联网之前对其进行了强化。您的 SSH 服务器、FTP 服务器和 VPS 的所有其他入口点也是如此。如果您查看 SSH 日志(或任何其他日志,如 FTP),您将看到来自相同类型 IP 地址的相同类型的黑客攻击。请查找“VPS 强化”并按照说明进行操作。