V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
microget
V2EX  ›  问与答

在阿里云新装了一个 PHP 程序, nginx 日志一直报 error,是被黑了么?

  •  
  •   microget · 2015-08-19 00:33:59 +08:00 · 1617 次点击
    这是一个创建于 3376 天前的主题,其中的信息可能已经有所发展或是发生改变。
    PHP 门外汉,程序是 github 官方下的,装了个国人的 zh 语言包, centos,yum 安装的环境。

    日志中 www.0123456.com 指代我的域名, abcdef.aa2.cn 前面的 abcdef 是指代,真实的字符串会 cname 到我的域名。
    请求一分钟 10 次左右,client 的 IP 大概有好几个在变换。
    -------------------------其中一段 nginx 日志----------------------------------------------

    PHP message: PHP Warning: Unknown: Failed to write session data (files ). Please verify that the current setting of session.save_path is correct (/var/lib/php/session ) in Unknown on line 0" while reading upstream, client: 27.221.20.24, server: www.123456.com, request: "GET /jiecao/2013/0625/1322.html HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "abcdef.aa2.cn", referrer: "http://abcdef.aa2.cn/jiecao/2013/0625/1322.html"

    2015/08/19 00:26:37 [error] 24539#0: *1178 FastCGI sent in stderr: "PHP message: PHP Warning: session_start (): open (/var/lib/php/session/sess_8bc7claol3gq9b0p4scob8tp11, O_RDWR ) failed: Permission denied (13 ) in /www/.../app/users.php on line 146" while reading response header from upstream, client: 220.181.108.152, server: www.123456.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.123456.com"

    2015/08/19 00:26:37 [error] 24539#0: *1178 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: open (/var/lib/php/session/sess_8bc7claol3gq9b0p4scob8tp11, O_RDWR ) failed: Permission denied (13 ) in Unknown on line 0


    -----------------------------------------------------------------------
    查到域名所属信息是这个。
    http://whois.chinaz.com/reverse?host=+aa2.cn&ddlSearchMode=0

    这可能是什么情况呢?
    5 条回复    2015-08-19 12:05:52 +08:00
    wdd2007
        1
    wdd2007  
       2015-08-19 00:35:03 +08:00
    不是啊。是你 session 目录没有权限啊。。。
    microget
        2
    microget  
    OP
       2015-08-19 00:38:26 +08:00
    @wdd2007 是爬虫的性质?他这么做的目的是什么?
    程序安装好后,配置里面的默认域名好像是 abcdef.aa2.cn ,没在意就直接改成自己的。
    Starduster
        3
    Starduster  
       2015-08-19 04:41:47 +08:00   ❤️ 1
    = =是你这网站某个功能需要 PHP 的 session ,而你的 PHP 进程没有那个目录(/var/lib/php/session )的权限,他就在不停的报错,那么每个访问你网站的用到这个功能的人都会触发一次这个 error
    检查你的目录权限和 PHP CGI 进程管理器的属主到底是谁
    microget
        4
    microget  
    OP
       2015-08-19 10:48:04 +08:00
    @Starduster
    变换 client IP,请求一个不存在的 url (日志中的 /jiecao/2013/0625/1322.html ) ,这是爬虫性质的行为?
    可是 host 和 referrer 都不对,很容易被发现并处理啊。

    另,有了解这个 aa2.cn 域名背后的主人这么做,是属于什么模式的买卖么?
    microget
        5
    microget  
    OP
       2015-08-19 12:05:52 +08:00
    虽然我已经把 php-fpm 停了,但请求一直在持续。对这种行为的动机不是很理解- -!
    -------------------
    2015/08/19 11:53:53 [error] 24539#0: *4069 connect () failed (111: Connection refused ) while connecting to upstream, client: 120.52.18.45, server: www.123456.com, request: "HEAD / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "abcdef.aa2.cn"

    2015/08/19 11:53:53 [error] 24539#0: *4071 connect () failed (111: Connection refused ) while connecting to upstream, client: 120.52.18.45, server: www.123456.com, request: "HEAD / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "abcdef.aa2.cn"

    2015/08/19 11:54:50 [error] 24539#0: *4073 connect () failed (111: Connection refused ) while connecting to upstream, client: 120.52.18.45, server: www.123456.com, request: "HEAD / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "abcdef.aa2.cn"

    2015/08/19 11:54:50 [error] 24539#0: *4075 connect () failed (111: Connection refused ) while connecting to upstream, client: 120.52.18.45, server: www.123456.com, request: "HEAD / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "abcdef.aa2.cn"

    2015/08/19 11:56:30 [error] 24539#0: *4077 connect () failed (111: Connection refused ) while connecting to upstream, client: 222.73.144.32, server: www.123456.com, request: "HEAD / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "abcdef.aa2.cn"

    2015/08/19 11:56:30 [error] 24539#0: *4079 connect () failed (111: Connection refused ) while connecting to upstream, client: 222.73.144.32, server: www.123456.com, request: "HEAD / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "abcdef.aa2.cn"

    2015/08/19 11:56:46 [error] 24539#0: *4081 connect () failed (111: Connection refused ) while connecting to upstream, client: 125.88.189.21, server: www.123456.com, request: "HEAD / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "abcdef.aa2.cn"

    2015/08/19 11:56:46 [error] 24539#0: *4083 connect () failed (111: Connection refused ) while connecting to upstream, client: 125.88.189.21, server: www.123456.com, request: "HEAD / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "abcdef.aa2.cn"

    2015/08/19 11:57:16 [error] 24539#0: *4085 connect () failed (111: Connection refused ) while connecting to upstream, client: 125.88.189.21, server: www.123456.com, request: "HEAD / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "abcdef.aa2.cn"

    2015/08/19 11:57:16 [error] 24539#0: *4087 connect () failed (111: Connection refused ) while connecting to upstream, client: 125.88.189.21, server: www.123456.com, request: "HEAD / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "abcdef.aa2.cn"
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5532 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 06:44 · PVG 14:44 · LAX 22:44 · JFK 01:44
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.