Nginx的日志当中有很多这样的请求:
183.57.53.196 - - [04/Jan/2017:07:54:46 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
101.226.33.224 - - [04/Jan/2017:07:54:56 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 403 189 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
114.239.120.109 - - [04/Jan/2017:07:55:08 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 404 56 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
101.226.64.174 - - [04/Jan/2017:08:03:36 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
61.151.218.118 - - [04/Jan/2017:08:03:45 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
120.83.121.129 - - [04/Jan/2017:08:04:01 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1
如果是非法请求,我应该如何防范.谢谢。
拿其中一条反复unescape,得到如下代码
应该是有人在测试能不能通过phpMyAdmin操纵你的数据库,如果你真的有phpAdmin,配置一下Nginx
如果没有的话,加固一下你的Nginx
Nginx 安全加固心得