V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
leyle
V2EX  ›  程序员

nginx 日志中出现这样的请求,这个是什么攻击,如何构造的请求啊?

  •  
  •   leyle · 2014-12-12 17:26:55 +08:00 · 4185 次点击
    这是一个创建于 3618 天前的主题,其中的信息可能已经有所发展或是发生改变。
    218.59.238.93 - - [12/Dec/2014:17:10:49 +0800] "GET http://www.proxyjudge.biz/az.php HTTP/1.0" 404 570 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" "-"
    218.59.238.93 - - [12/Dec/2014:17:11:13 +0800] "GET http://yazoodle.net/azenv.php HTTP/1.0" 404 570 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" "-"
    218.59.238.93 - - [12/Dec/2014:17:11:24 +0800] "GET http://www.mesregies.com/azz.php HTTP/1.0" 404 570 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" "-"
    218.59.238.93 - - [12/Dec/2014:17:11:48 +0800] "GET http://www.anonymousproxylist.net/azenv2.php HTTP/1.0" 404 570 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" "-"
    218.59.238.93 - - [12/Dec/2014:17:24:34 +0800] "GET http://www.proxyjudge.biz/az.php HTTP/1.0" 404 570 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" "-"
    10 条回复    2015-01-03 09:20:54 +08:00
    oott123
        1
    oott123  
       2014-12-12 18:48:49 +08:00
    应该是扫描 HTTP 代理的。
    icedx
        2
    icedx  
       2014-12-12 19:09:54 +08:00 via Android
    看样子是被设置成代理了
    建议楼主贴配置
    la0wei
        3
    la0wei  
       2014-12-30 00:34:25 +08:00
    @oott123 @icedx 同问,我用的amh4.2的面板,不知道这些请求怎么会在访问日志里的
    icedx
        4
    icedx  
       2014-12-30 01:07:18 +08:00 via Android
    @la0wei 贴配置啊
    la0wei
        5
    la0wei  
       2014-12-30 10:54:50 +08:00
    @icedx nginx nginx/conf/vhost 中的xxxxxx.com 文件
    server
    {
    listen 80;
    server_name xxxxxx.com www.xxxxxx.com; #server_name end
    index index.html index.htm index.php; #index end

    set $subdomain '';
    root /home/wwwroot/xxxxxx.com/web$subdomain;
    include rewrite/wordpress.conf; #rewrite end

    #error_page
    error_page 400 /ErrorPages/400.html;
    error_page 403 /ErrorPages/403.html;
    error_page 404 /ErrorPages/404.html;
    error_page 502 /ErrorPages/502.html;
    location ~ /ErrorPages/(400|401|403|404|405|502|503)\.html$
    {
    root /home/wwwroot/xxxxxx.com/web;
    }


    location ~ .*\.php$
    {
    fastcgi_pass unix:/tmp/php-cgi-xxxxxx.com.sock;
    fastcgi_index index.php;
    include fcgi-host.conf;
    fastcgi_param DOCUMENT_ROOT /web$subdomain;
    fastcgi_param SCRIPT_FILENAME /web$subdomain$fastcgi_script_name;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp3|wma)$
    {
    expires 30d;
    }

    location ~ .*\.(js|css)$
    {
    expires 12h;
    }

    access_log off; #access_log end
    error_log /home/wwwroot/xxxxxx.com/log/error.log crit; #error_log end
    }



    另一个文件
    nginx/conf/nginx.conf
    user www www;
    worker_processes auto;
    error_log /home/wwwroot/index/log/nginx_error.log crit;
    pid /usr/local/nginx/logs/nginx.pid;

    #Specifies the value for maximum file descriptors that can be opened by this process.
    worker_rlimit_nofile 51200;

    events
    {
    use epoll;
    worker_connections 51200;
    }

    http
    {
    include mime.types;
    default_type application/octet-stream;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 4k;
    large_client_header_buffers 4 4k;
    client_max_body_size 50m;

    sendfile on;
    tcp_nopush on;

    keepalive_timeout 60 60;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 16k;
    fastcgi_buffers 16 16k;
    fastcgi_busy_buffers_size 16k;
    fastcgi_temp_file_write_size 16k;
    fastcgi_intercept_errors on;
    proxy_cache_valid 200 304 12h;
    proxy_cache_key $scheme://$host$request_uri;
    proxy_temp_path /home/amproxy_cache_tmp;
    proxy_cache_path /home/amproxy_cache levels=1:2 keys_zone=amproxy:20m inactive=10d max_size=2g;

    tcp_nodelay on;
    server_tokens off;
    gzip on;
    gzip_min_length 1000;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/rss+xml application/xhtml+xml application/atom_xml;
    gzip_disable "MSIE [1-6].(?!.*SV1)";
    log_format access '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" $http_x_forwarded_for';

    include vhost/*.conf;
    include proxy/*.conf;
    server
    {
    listen 8888;
    server_name 106.185.43.**;
    index index.html index.htm index.php;
    root /home/wwwroot/index/web;
    fastcgi_buffer_size 4k;
    fastcgi_buffers 8 4k;
    fastcgi_busy_buffers_size 4k;
    gzip off;

    location ~ .*\.php$
    {
    fastcgi_pass unix:/tmp/php-cgi.sock;
    fastcgi_index index.php;
    include fcgi.conf;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
    expires 30d;
    }

    location ~ .*\.(js|css)?$
    {
    expires 12h;
    }

    access_log /home/wwwroot/index/log/access.log combined;
    error_log /home/wwwroot/index/log/error.log crit;
    }

    server
    {
    listen 80 default;
    return 400;
    }
    }
    icedx
        6
    icedx  
       2014-12-30 11:50:51 +08:00 via Android   ❤️ 1
    @la0wei 好长 回去看
    la0wei
        7
    la0wei  
       2014-12-30 12:28:54 +08:00
    @icedx 谢谢,静候佳音
    la0wei
        8
    la0wei  
       2014-12-31 13:13:04 +08:00
    @icedx 有眉目没有?
    Lullaby
        9
    Lullaby  
       2015-01-02 02:26:23 +08:00
    今天查日志也有类似的情况,以为是用了ss代理,试了一下,代不代理都不会出现.php的请求...
    暂时也没弄清楚这日志是怎么来的。。。
    Starduster
        10
    Starduster  
       2015-01-03 09:20:54 +08:00
    遇到和楼主一样的问题,请问楼主现在有没有什么头绪
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3371 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 21ms · UTC 11:21 · PVG 19:21 · LAX 03:21 · JFK 06:21
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.