api 安全

295 天前
 wpzz

隔着想刷我 CDN 呢

是不是有什么服务商的接口写死了上传和访问?搁这批量攻击

3 点 17 分上传一次

[2024-04-09T15:17:02.215] [ERROR] error - 👷‍♂️ ERR URL: /res-content/uploads/2018/11/81936297501704dd985e8ce84cb4a844.png

[2024-04-09T15:17:02.215] [ERROR] error - 👷‍♂️ ERR METHOD: GET

[2024-04-09T15:17:02.215] [ERROR] error - 👷‍♂️ ERR HEAD: {"host":"手动马赛克","cdn-loop":"cloudflare","cf-ipcountry":"CN","accept-encoding":"gzip, br","x-forwarded-for":"111.224.6.128,172.70.85.97","cf-ray":"871b76300e4576f9-LHR","x-forwarded-proto":"https","cf-visitor":"{"scheme":"https"}","user-agent":"Mozilla/5.096783921 Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8","accept-language":"zh-CN,zh;q=0.9","cf-connecting-ip":"111.224.6.128","x-envoy-external-address":"172.70.85.97","x-request-id":"bb273a56-87c4-42e5-a8e2-34297204e4a8"}

3 点 21 分请求一次

[2024-04-09T15:21:13.608] [ERROR] error - 👷‍♂️ LOG ID: 1712676073608

[2024-04-09T15:21:13.608] [ERROR] error - 👷‍♂️ ERR URL: /static/picture/2021-05-1812.png

[2024-04-09T15:21:13.608] [ERROR] error - 👷‍♂️ ERR METHOD: GET

[2024-04-09T15:21:13.608] [ERROR] error - 👷‍♂️ ERR HEAD: {"host":"手动马赛克","cdn-loop":"cloudflare","cf-ipcountry":"CN","accept-encoding":"gzip, br","x-forwarded-for":"112.193.7.61,162.158.166.118","cf-ray":"871b7c53ad6322ba-SJC","x-forwarded-proto":"https","cf-visitor":"{"scheme":"https"}","user-agent":"Mozilla/4.054101423 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8","accept-language":"zh-CN,zh;q=0.9","cf-connecting-ip":"112.193.7.61","x-envoy-external-address":"162.158.166.118","x-request-id":"7b9f6971-d4d7-4c35-a1d7-3aac84012976"}

两次 php

[2024-04-07T16:12:25.280] [ERROR] error - 👷‍♂️ ERR URL: /wp-login.php [2024-04-09T23:49:31.956] [ERROR] error - 👷‍♂️ ERR URL: /wp-login.php

[2024-04-09T23:49:31.957] [ERROR] error - 👷‍♂️ ERR HEAD: {"host":"手动马赛克","cdn-loop":"cloudflare","cf-ipcountry":"CN","accept-encoding":"gzip, br","x-forwarded-for":"47.106.201.134,172.70.162.170","cf-ray":"871e64e9dacd9601-LHR","x-forwarded-proto":"https","cf-visitor":"{"scheme":"https"}","user-agent":"Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.0","referer":"http://手动马赛克/wp-login.php","cf-connecting-ip":"47.106.201.134","x-envoy-external-address":"172.70.162.170","x-request-id":"88d05041-f34c-40b3-bdb8-a35702730b8b"}

1490 次点击
所在节点    信息安全
6 条回复
daimaosix
295 天前
上雷池,长亭雷池
ShuA1
295 天前
@daimaosix 没用,cdn 在前,waf 在后,另外社区版雷池难用,集成性太差, 完全是个引流的产品
asdfg17718
295 天前
刷接口不是很正常,CC 攻击费用挺低的,重要的是阿里会当成正常用户放进来。。。没法解决的话,可以交流下 vx 790881552 ,专业做安全的。
daimaosix
295 天前
@asdfg17718 @Livid
asdfg17718
295 天前
@daimaosix 我在跟 op 交流,加不加看他意愿,请问打扰到你了吗?
wpzz
294 天前
我用的 baas 服务,我只负责代码和配置,服务器由厂商维护,不用我关心 hhh

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/1031235

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX