linux - 请问这种请求是什么意思?
高洛峰
高洛峰 2017-04-17 16:30:43
0
1
453

Nginx的日志当中有很多这样的请求:

183.57.53.196 - - [04/Jan/2017:07:54:46 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
101.226.33.224 - - [04/Jan/2017:07:54:56 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 403 189 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
114.239.120.109 - - [04/Jan/2017:07:55:08 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 404 56 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
101.226.64.174 - - [04/Jan/2017:08:03:36 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
61.151.218.118 - - [04/Jan/2017:08:03:45 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
120.83.121.129 - - [04/Jan/2017:08:04:01 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1

如果是非法请求,我应该如何防范.谢谢。

高洛峰
高洛峰

拥有18年软件开发和IT教学经验。曾任多家上市公司技术总监、架构师、项目经理、高级软件工程师等职务。 网络人气名人讲师,...

全員に返信(1)
洪涛

そのうちの 1 つを選択し、unescape を繰り返して次のコードを取得します

/phpMyAdmin/sql.php?server=1&db=sb_fuck&table=typecho_comments&pos=0&token=57d0cefa5b6edd1f5edc38e29831b305&ajax_request=true&ajax_page_request=true&menuHashes=8d3a48ca&_nocache=1483 4314376021934 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU) Mac OSのようなiPhone OS 9_3_4

実際に phpAdmin を使用している場合は、phpMyAdmin を通じてデータベースを操作できるかどうかをテストする必要があります。

location /(admin|phpadmin|status) { すべて拒否 }

そうでない場合は、Nginx を強化してください

Nginx のセキュリティ強化エクスペリエンス

いいねを押す +0
人気のチュートリアル
詳細>
最新のダウンロード
詳細>
ウェブエフェクト
公式サイト
サイト素材
フロントエンドテンプレート