Home > Backend Development > PHP Tutorial > Apache经常挂掉,日志中有奇怪的请求,欢迎探讨

Apache经常挂掉,日志中有奇怪的请求,欢迎探讨

WBOY
Release: 2016-06-06 20:29:52
Original
1480 people have browsed it

最近频繁有Apache服务挂掉的问题,分析日志有大量奇怪的访问请求,请问是什么原因?

<code>localhost 115.239.248.246 - - [10/Aug/2015:00:07:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8839821094708698 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:00:40:48 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4025078830133967 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.40.114 - - [10/Aug/2015:01:02:54 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.159.2.233 - - [10/Aug/2015:01:03:07 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 115.239.248.246 - - [10/Aug/2015:01:13:49 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3043665172696199 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.51.130 - - [10/Aug/2015:01:17:51 +0800] "GET http://115.159.2.233/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_85"
localhost 115.239.248.246 - - [10/Aug/2015:01:46:50 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4615361246842085 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:02:19:45 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2990789348253239 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:02:52:44 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6869198661483608 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:03:25:46 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2991618600130071 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.159.2.233 - - [10/Aug/2015:03:26:25 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 192.184.40.114 - - [10/Aug/2015:03:26:55 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.239.248.246 - - [10/Aug/2015:03:58:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.1211653377116418 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:04:31:39 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.0352315087349496 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:05:04:36 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6878875883743808 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.40.114 - - [10/Aug/2015:05:17:39 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.159.2.233 - - [10/Aug/2015:05:18:18 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 115.239.248.246 - - [10/Aug/2015:05:37:29 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.7106912058271124 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:06:10:24 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3061906553984412 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:06:43:20 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6265654122561397 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:07:16:21 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6289064254784770 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:07:49:23 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8639985854100296 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 211.142.200.2 - - [10/Aug/2015:08:10:54 +0800] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
</code>
Copy after login
Copy after login

回复内容:

最近频繁有Apache服务挂掉的问题,分析日志有大量奇怪的访问请求,请问是什么原因?

<code>localhost 115.239.248.246 - - [10/Aug/2015:00:07:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8839821094708698 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:00:40:48 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4025078830133967 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.40.114 - - [10/Aug/2015:01:02:54 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.159.2.233 - - [10/Aug/2015:01:03:07 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 115.239.248.246 - - [10/Aug/2015:01:13:49 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3043665172696199 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.51.130 - - [10/Aug/2015:01:17:51 +0800] "GET http://115.159.2.233/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_85"
localhost 115.239.248.246 - - [10/Aug/2015:01:46:50 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4615361246842085 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:02:19:45 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2990789348253239 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:02:52:44 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6869198661483608 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:03:25:46 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2991618600130071 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.159.2.233 - - [10/Aug/2015:03:26:25 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 192.184.40.114 - - [10/Aug/2015:03:26:55 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.239.248.246 - - [10/Aug/2015:03:58:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.1211653377116418 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:04:31:39 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.0352315087349496 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:05:04:36 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6878875883743808 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.40.114 - - [10/Aug/2015:05:17:39 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.159.2.233 - - [10/Aug/2015:05:18:18 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 115.239.248.246 - - [10/Aug/2015:05:37:29 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.7106912058271124 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:06:10:24 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3061906553984412 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:06:43:20 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6265654122561397 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:07:16:21 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6289064254784770 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:07:49:23 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8639985854100296 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 211.142.200.2 - - [10/Aug/2015:08:10:54 +0800] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
</code>
Copy after login
Copy after login

http://zc.qq.com/cgi-bin/common/ 这个你程序中有请求这个地址么?

感觉是不是页面代码里面有一些qq统计的代码但是链接拼错了?

GET里带域名这是HTTP正向代理的格式吧……
看起来有人把你当成HTTP代理,或者有人在测试有没有支持正向代理出去的服务器(里面一堆test_proxy之类的东西)

<code>::ffff:192.184.40.114 - - [14/Aug/2015:06:55:01 +0000] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 200 594 "-" "Java/1.7.0_71"</code>
Copy after login

我的也是,楼主有什么解决方案吗?是因为没有设置反向代理吗?

我自己写了个http服务器,获取到了些信息,其实就是一个IP地址为115.239.228.14 伪造http请求,如果我这台服务器是个转发http请求的服务的话就能把他的这个请求转发并且返回结果。

<code>[2016-03-11 15:37:57--734000] [22496] CNetConnectHandle::handle_input(holder=Acceptor,sid=) => connect-handle 00000000000001D4 | IP(115.239.228.14:30584) 
[2016-03-11 15:37:57--740000] [22496] CReactorExplorer::ParseCmdLine() => Parse http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3376436716251803 .
[2016-03-11 15:37:57--741000] [22496] CResourceExplorer::OpenReactor() => sid is NULL in http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3376436716251803.
[2016-03-11 15:37:57--743000] [22496] CHttpFilter::InputProcess(sid=) => Fail to CResourceExplorer::OpenReactor(http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3376436716251803)</code>
Copy after login
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template