java - tomcat服务器莫名其妙打印出一些陌生IP请求，望各位大牛指导

Question

118.190.15.31 阿里云- - [26/Feb/2017:02:30:48 +0800] "GET / HTTP

117.185.27.114 上海移动- - [26/Feb/2017:02:47:54 +0800] "GET /v1

118.178.227.101 - - [26/Feb/2017:03:29:00 +0800] "GET /manager/h
118.178.227.101 - tomcat [26/Feb/2017:03:29:03 +0800] "GET /mana
118.178.227.101 - - [26/Feb/2017:03:31:27 +0800] "GET /manager/h
118.178.227.101 - tomcat [26/Feb/2017:03:31:27 +0800] "GET /mana
118.178.227.101 - - [26/Feb/2017:03:31:27 +0800] "GET /manager/i
118.178.227.101 - - [26/Feb/2017:03:31:27 +0800] "GET /manager/i
118.178.227.101 - - [26/Feb/2017:03:31:28 +0800] "GET /favicon.i

112.90.82.218 深圳联通- - [26/Feb/2017:04:30:42 +0800] "GET /v10

180.153.212.13 上海电信- - [26/Feb/2017:04:30:51 +0800] "GET /v1

36.34.10.89 安徽合肥- - [26/Feb/2017:04:50:46 +0800] "CONNECT ww
171.37.30.132 - - [26/Feb/2017:04:50:46 +0800] "GET / HTTP/1.1"

125.39.207.33 天津联通 - - [26/Feb/2017:08:46:03 +0800] "GET / H

101.226.64.174 上海电信 - - [26/Feb/2017:09:10:19 +0800] "GET /v

123.151.42.61 - - [26/Feb/2017:09:12:16 +0800] "GET / HTTP/1.1"

101.226.66.177 上海电信- - [26/Feb/2017:15:52:56 +0800] "GET /ma

107.179.126.18 - - [26/Feb/2017:16:38:16 +0800] "GET /manager/ht

139.162.81.62 美国- - [26/Feb/2017:17:45:20 +0800] "GET /echo.ph

101.226.64.174 - - [26/Feb/2017:17:15:19 +0800] "GET /manager/h

112.65.193.14 - - [26/Feb/2017:19:41:59 +0800] "GET /manager/ht

119.5.0.45 - - [26/Feb/2017:19:42:12 +0800] "GET /manager/html/

220.191.238.115 - - [26/Feb/2017:19:56:49 +0800] "GET /phpmyadm

42.51.194.10 河南洛阳BGP多线- - [26/Feb/2017:21:21:37 +0800] "GE
42.51.194.10 - tomcat [26/Feb/2017:21:21:38 +0800] "GET /manager

101.226.102.97 上海电信- - [26/Feb/2017:21:22:19 +0800] "GET /ma

112.28.129.115 - - [26/Feb/2017:21:35:17 +0800] "GET /manager/ht

112.28.129.115 - tomcat [26/Feb/2017:21:35:18 +0800] "GET /manag
112.28.129.115 - - [26/Feb/2017:21:35:18 +0800] "GET /manager/im
112.28.129.115 - - [26/Feb/2017:21:35:18 +0800] "GET /manager/im
112.28.129.115 - - [26/Feb/2017:21:35:18 +0800] "GET /favicon.ic

101.226.33.202 - - [26/Feb/2017:23:54:20 +0800] "GET /manager/ht

应用放在腾讯云上，但是日志莫名其妙有一些陌生的IP，查了一下地址标注在了后面，求大牛指导是什么原因

Answer 1

When an application is published online, in addition to normal access, there are generally three situations:

1. Crawler access
   In this case, when tomcat prints the access log, print out the user-agent and you can see that there will be search engine names, such as baidu, sogou, etc., and the general search engine IP can be reversely checked. IP query (http://www.ip138.com) and check back

2. Secure site scanning
   If you use 360 ​​or other webmaster security scanning tools, there will also be a large number of IPs coming to visit

3. Malicious Tool Scan
   Similar to the second item, the security scan will gradually scan through the previously set scanning points, which will also cause a large number of IP visits

When troubleshooting, we mainly focus on whether the scanned IP is scanned by search engines or safe sites, and the directory points scanned to make a comprehensive judgment. If it is judged to be a malicious IP, it can be blocked in conjunction with firewall rules.

Answer 2

Um, crawled by a reptile...

Please type out the User-Agent too, it will be an eye-opener :-)

Answer 3

The following is probably not a crawler, but a scanning program

220.191.238.115 - - [26/Feb/2017:19:56:49 +0800] "GET /phpmyadm