nginx 的 log 里有几十行 404 是自己的 ip 发起的 request

2016-08-02 04:27:27 +08:00
 geeti
比如这些 404 ,是被人黑了还是怎么? 多谢

access.log:104.236.202.168 - - [01/Aug/2016:02:45:10 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log:104.236.202.168 - - [01/Aug/2016:02:45:10 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log:104.236.202.168 - - [01/Aug/2016:02:45:10 -0400] "GET /CHANGELOG.txt HTTP/1.0" 404 177 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log:104.236.202.168 - - [01/Aug/2016:02:45:10 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log:104.236.202.168 - - [01/Aug/2016:02:45:11 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log:104.236.202.168 - - [01/Aug/2016:02:45:11 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log:104.236.202.168 - - [01/Aug/2016:02:45:11 -0400] "GET /readme.html HTTP/1.0" 404 177 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log:104.236.202.168 - - [01/Aug/2016:04:31:16 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.1:104.236.202.168 - - [25/Jul/2016:06:47:11 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0"
access.log.1:104.236.202.168 - - [25/Jul/2016:06:47:11 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0"
access.log.1:104.236.202.168 - - [25/Jul/2016:09:49:48 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.1:104.236.202.168 - - [25/Jul/2016:19:46:03 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0"
access.log.1:104.236.202.168 - - [25/Jul/2016:19:46:03 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0"
access.log.1:104.236.202.168 - - [26/Jul/2016:00:19:54 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.1:104.236.202.168 - - [26/Jul/2016:12:21:35 -0400] "GET /robots.txt HTTP/1.0" 404 177 "-" "Mozilla/5.0 (Windows NT 6.1) (compatible; SMTBot/1.0; +http://www.similartech.com/smtbot)"
access.log.1:104.236.202.168 - - [26/Jul/2016:12:21:43 -0400] "GET /robots.txt HTTP/1.0" 404 177 "-" "Mozilla/5.0 (Windows NT 6.1) (compatible; SMTBot/1.0; +http://www.similartech.com/smtbot)"
access.log.1:104.236.202.168 - - [26/Jul/2016:13:04:25 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0"
access.log.1:104.236.202.168 - - [26/Jul/2016:13:04:25 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0"
access.log.1:104.236.202.168 - - [27/Jul/2016:04:38:51 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.1:104.236.202.168 - - [27/Jul/2016:11:39:50 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0"
access.log.1:104.236.202.168 - - [27/Jul/2016:11:39:50 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0"
access.log.1:104.236.202.168 - - [27/Jul/2016:14:57:53 -0400] "GET /robots.txt HTTP/1.0" 404 177 "-" "CSS Certificate Spider ( http://www.css-security.com/certificatespider/)"
access.log.1:104.236.202.168 - - [28/Jul/2016:07:03:25 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.1:104.236.202.168 - - [29/Jul/2016:05:38:13 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.1:104.236.202.168 - - [29/Jul/2016:22:53:11 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.1:104.236.202.168 - - [31/Jul/2016:00:22:54 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.2:104.236.202.168 - - [18/Jul/2016:04:51:22 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.2:104.236.202.168 - - [19/Jul/2016:08:36:49 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.2:104.236.202.168 - - [19/Jul/2016:21:20:27 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.2:104.236.202.168 - - [20/Jul/2016:14:29:00 -0400] "GET /robots.txt HTTP/1.0" 404 177 "-" "CSS Certificate Spider ( http://www.css-security.com/certificatespider/)"
access.log.2:104.236.202.168 - - [21/Jul/2016:03:21:34 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.2:104.236.202.168 - - [21/Jul/2016:04:24:28 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.2:104.236.202.168 - - [21/Jul/2016:04:24:29 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log.2:104.236.202.168 - - [21/Jul/2016:04:24:29 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log.2:104.236.202.168 - - [21/Jul/2016:04:24:29 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log.2:104.236.202.168 - - [21/Jul/2016:04:24:30 -0400] "GET / HTTP/1.0" 200 151 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log.2:104.236.202.168 - - [21/Jul/2016:04:24:31 -0400] "GET /readme.html HTTP/1.0" 404 177 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log.2:104.236.202.168 - - [21/Jul/2016:04:24:31 -0400] "GET /CHANGELOG.txt HTTP/1.0" 404 177 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0"
access.log.2:104.236.202.168 - - [21/Jul/2016:22:57:29 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.2:104.236.202.168 - - [22/Jul/2016:20:53:07 -0400] "GET / HTTP/1.0" 200 151 "-" "-"
access.log.2:104.236.202.168 - - [24/Jul/2016:01:53:33 -0400] "GET /admin/i18n/readme.txt HTTP/1.0" 404 177 "-" "python-requests/2.8.0"
4000 次点击
所在节点    程序员
20 条回复
eastpiger
2016-08-02 05:59:43 +08:00
你是不是用了反代?
geeti
2016-08-02 09:19:10 +08:00
@eastpiger 都不知道是什么。
nodejs 的监听端口是 3000 ,用 iptables 把 80 重定向到 3000.这算反向代理不?

即使是这样,那些奇怪的请求是怎么回事?
谢谢
yuankui
2016-08-02 09:28:23 +08:00
这些问题建议楼主多学点 http , web 的知识之后再来问~
jimzhong
2016-08-02 09:36:04 +08:00
@geeti iptables 重定向不算反代
geeti
2016-08-02 09:42:21 +08:00
@yuankui 我就是问问,您要是愿意指点自然感谢,不愿意也不需要高屋建瓴的给我指导人生方向。乌烟瘴气的环境就是你这种人太多
serial
2016-08-02 10:31:43 +08:00
你的静态文件都没有加相对主目录。

location ~ \.(html|txt)$ 中放上 root
ayaseangle
2016-08-02 10:33:41 +08:00
暴露给外网了吗?估计被扫描了。。
geeti
2016-08-02 10:59:33 +08:00
@ayaseangle 一个 vps 而已,前一阵子被一些地方推荐,导致每天几千流量。 DDOS 少不了,但是不懂的是为啥会有自己的 public ip 来进行 http request
lhbc
2016-08-02 11:38:13 +08:00
你没留意到所有的 client ip 都是你自己的服务器 IP 吗?
sobigfish
2016-08-02 12:03:02 +08:00
@geeti 他给你指了学习的方向,而不是回答问题 也没什么错吧。。。
geeti
2016-08-02 12:55:38 +08:00
@lhbc 所以我才发这个贴问原因啊。。。为啥?虚心请教
lhbc
2016-08-02 13:04:50 +08:00
@geeti 所以,根本不是 404 或者被黑的问题,你的问题应该是“为什么日志里所有的访问者 IP 都是服务器 IP ”
完全 get 不到你提问的点……

80 端口用 nginx 做反向代理,用 nginx 记录日志
iptables 不是干这个用的
yuankui
2016-08-02 13:46:33 +08:00
我如果直接告诉你 [不是] 结果又能怎样?你是什么水平还是什么水平,你的脑袋一样会很多很多问题,而这些问题你极有可能再开一贴,让大家给你答案。
与其这样,还是建议你自己多学点,这些基础问题小白问题,就不攻自破了。
geeti
2016-08-02 22:43:21 +08:00
@lhbc 谢谢。没说清楚。
为啥 ip 会显示 server 的 ip 呢?
我没做也没打算做反向代理,用 iptables 转到 3000 只是为了方便, nodejs 调试用的 3000 ,当时没改。但我觉得不应该是因为这个导致的。
lhbc
2016-08-02 22:59:43 +08:00
@geeti NAT 之后 IP 会改变
nginx 做反向代理不就是 10 行配置的事情吗
geeti
2016-08-03 02:43:18 +08:00
@lhbc 为什么这里会涉及到 NAT ?这里没有 NAT 啊, server 是 public vps
billwsy
2016-08-03 05:55:11 +08:00
@geeti 80 转 3000 是个 NAT
rogerchen
2016-08-03 09:46:51 +08:00
@billwsy +1 正解
libotony
2016-08-03 10:00:15 +08:00
好奇怪的实现方式,建议老老实实用 nginx 做反代
bigpigeon
2016-08-03 17:14:40 +08:00
我觉得应该把你的 nginx 配置也贴出来好些,只看日志很难排查

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/296473

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX