nginx 日志中出现这样的请求,这个是什么攻击,如何构造的请求啊?

2014-12-12 17:26:55 +08:00
 leyle
218.59.238.93 - - [12/Dec/2014:17:10:49 +0800] "GET http://www.proxyjudge.biz/az.php HTTP/1.0" 404 570 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" "-"
218.59.238.93 - - [12/Dec/2014:17:11:13 +0800] "GET http://yazoodle.net/azenv.php HTTP/1.0" 404 570 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" "-"
218.59.238.93 - - [12/Dec/2014:17:11:24 +0800] "GET http://www.mesregies.com/azz.php HTTP/1.0" 404 570 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" "-"
218.59.238.93 - - [12/Dec/2014:17:11:48 +0800] "GET http://www.anonymousproxylist.net/azenv2.php HTTP/1.0" 404 570 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" "-"
218.59.238.93 - - [12/Dec/2014:17:24:34 +0800] "GET http://www.proxyjudge.biz/az.php HTTP/1.0" 404 570 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" "-"
4222 次点击
所在节点    程序员
10 条回复
oott123
2014-12-12 18:48:49 +08:00
应该是扫描 HTTP 代理的。
icedx
2014-12-12 19:09:54 +08:00
看样子是被设置成代理了
建议楼主贴配置
la0wei
2014-12-30 00:34:25 +08:00
@oott123 @icedx 同问,我用的amh4.2的面板,不知道这些请求怎么会在访问日志里的
icedx
2014-12-30 01:07:18 +08:00
@la0wei 贴配置啊
la0wei
2014-12-30 10:54:50 +08:00
@icedx nginx nginx/conf/vhost 中的xxxxxx.com 文件
server
{
listen 80;
server_name xxxxxx.com www.xxxxxx.com; #server_name end
index index.html index.htm index.php; #index end

set $subdomain '';
root /home/wwwroot/xxxxxx.com/web$subdomain;
include rewrite/wordpress.conf; #rewrite end

#error_page
error_page 400 /ErrorPages/400.html;
error_page 403 /ErrorPages/403.html;
error_page 404 /ErrorPages/404.html;
error_page 502 /ErrorPages/502.html;
location ~ /ErrorPages/(400|401|403|404|405|502|503)\.html$
{
root /home/wwwroot/xxxxxx.com/web;
}


location ~ .*\.php$
{
fastcgi_pass unix:/tmp/php-cgi-xxxxxx.com.sock;
fastcgi_index index.php;
include fcgi-host.conf;
fastcgi_param DOCUMENT_ROOT /web$subdomain;
fastcgi_param SCRIPT_FILENAME /web$subdomain$fastcgi_script_name;
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp3|wma)$
{
expires 30d;
}

location ~ .*\.(js|css)$
{
expires 12h;
}

access_log off; #access_log end
error_log /home/wwwroot/xxxxxx.com/log/error.log crit; #error_log end
}



另一个文件
nginx/conf/nginx.conf
user www www;
worker_processes auto;
error_log /home/wwwroot/index/log/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{
use epoll;
worker_connections 51200;
}

http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 4k;
large_client_header_buffers 4 4k;
client_max_body_size 50m;

sendfile on;
tcp_nopush on;

keepalive_timeout 60 60;

fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 16k;
fastcgi_buffers 16 16k;
fastcgi_busy_buffers_size 16k;
fastcgi_temp_file_write_size 16k;
fastcgi_intercept_errors on;
proxy_cache_valid 200 304 12h;
proxy_cache_key $scheme://$host$request_uri;
proxy_temp_path /home/amproxy_cache_tmp;
proxy_cache_path /home/amproxy_cache levels=1:2 keys_zone=amproxy:20m inactive=10d max_size=2g;

tcp_nodelay on;
server_tokens off;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/rss+xml application/xhtml+xml application/atom_xml;
gzip_disable "MSIE [1-6].(?!.*SV1)";
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';

include vhost/*.conf;
include proxy/*.conf;
server
{
listen 8888;
server_name 106.185.43.**;
index index.html index.htm index.php;
root /home/wwwroot/index/web;
fastcgi_buffer_size 4k;
fastcgi_buffers 8 4k;
fastcgi_busy_buffers_size 4k;
gzip off;

location ~ .*\.php$
{
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fcgi.conf;
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}

location ~ .*\.(js|css)?$
{
expires 12h;
}

access_log /home/wwwroot/index/log/access.log combined;
error_log /home/wwwroot/index/log/error.log crit;
}

server
{
listen 80 default;
return 400;
}
}
icedx
2014-12-30 11:50:51 +08:00
@la0wei 好长 回去看
la0wei
2014-12-30 12:28:54 +08:00
@icedx 谢谢,静候佳音
la0wei
2014-12-31 13:13:04 +08:00
@icedx 有眉目没有?
Lullaby
2015-01-02 02:26:23 +08:00
今天查日志也有类似的情况,以为是用了ss代理,试了一下,代不代理都不会出现.php的请求...
暂时也没弄清楚这日志是怎么来的。。。
Starduster
2015-01-03 09:20:54 +08:00
遇到和楼主一样的问题,请问楼主现在有没有什么头绪

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/153474

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX