社区 学习 工具库 休闲
搜索
简体中文
linux - 请问这种请求是什么意思?
高洛峰
高洛峰 2017-04-17 16:30:43
0
1
455

Nginx的日志当中有很多这样的请求:

183.57.53.196 - - [04/Jan/2017:07:54:46 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
101.226.33.224 - - [04/Jan/2017:07:54:56 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 403 189 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
114.239.120.109 - - [04/Jan/2017:07:55:08 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 404 56 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
101.226.64.174 - - [04/Jan/2017:08:03:36 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
61.151.218.118 - - [04/Jan/2017:08:03:45 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
120.83.121.129 - - [04/Jan/2017:08:04:01 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1

如果是非法请求,我应该如何防范.谢谢。

高洛峰
高洛峰

拥有18年软件开发和IT教学经验。曾任多家上市公司技术总监、架构师、项目经理、高级软件工程师等职务。 网络人气名人讲师,...

全部回复(1)
洪涛
洪涛2017-04-17 16:32:43 1 楼

拿其中一条反复unescape,得到如下代码

/phpMyAdmin/sql.php?server=1&db=sb_fuck&table=typecho_comments&pos=0&token=57d0cefa5b6edd1f5edc38e29831b305&ajax_request=true&ajax_page_request=true&menuHashes=8d3a48ca&_nocache=14834314376021934 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/11

应该是有人在测试能不能通过phpMyAdmin操纵你的数据库,如果你真的有phpAdmin,配置一下Nginx

location /(admin|phpadmin|status) { deny all; }

如果没有的话,加固一下你的Nginx

Nginx 安全加固心得

点赞 +0
添加回复
热门专题
更多>
热门文章
热门教程
更多>
相关教程
热门推荐
最新课程
最新下载
更多>
网站特效
网站源码
网站素材
前端模板