linux - 请问这种请求是什么意思？

Question

Nginx的日志当中有很多这样的请求：

183.57.53.196 - - [04/Jan/2017:07:54:46 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
101.226.33.224 - - [04/Jan/2017:07:54:56 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 403 189 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
114.239.120.109 - - [04/Jan/2017:07:55:08 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 404 56 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
101.226.64.174 - - [04/Jan/2017:08:03:36 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
61.151.218.118 - - [04/Jan/2017:08:03:45 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
120.83.121.129 - - [04/Jan/2017:08:04:01 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1

如果是非法请求,我应该如何防范.谢谢。

Answer 1

拿其中一条反复unescape,得到如下代码

/phpMyAdmin/sql.php?server=1&db=sb_fuck&table=typecho_comments&pos=0&token=57d0cefa5b6edd1f5edc38e29831b305&ajax_request=true&ajax_page_request=true&menuHashes=8d3a48ca&_nocache=14834314376021934 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/11

应该是有人在测试能不能通过phpMyAdmin操纵你的数据库，如果你真的有phpAdmin，配置一下Nginx

location /(admin|phpadmin|status) { deny all; }

如果没有的话，加固一下你的Nginx

Nginx 安全加固心得