V2EX = way to explore
V2EX 是一个关于分享和探索的地方
Sign Up Now
For Existing Member Sign In
• 请不要在回答技术问题时复制粘贴 AI 生成的内容
This topic created in 3157 days ago, the information mentioned may be changed or developed.
这是有人在黑我吗?
139.99.104.209 - - [14/Sep/2017:10:57:30 +0800] "GET //myadmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:10:57:31 +0800] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:35 +0800] "GET /muieblackcat HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:37 +0800] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:38 +0800] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:39 +0800] "GET //pma/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:40 +0800] "GET //myadmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:41 +0800] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
正在调试微信支付,涉及到钱了,所以是不是有人在扫描我的服务器?
ping 了一下这个 IP,300 多 ms,显然是境外的服务器
139.99.104.209 - - [14/Sep/2017:10:57:30 +0800] "GET //myadmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:10:57:31 +0800] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:35 +0800] "GET /muieblackcat HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:37 +0800] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:38 +0800] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:39 +0800] "GET //pma/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:40 +0800] "GET //myadmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
139.99.104.209 - - [14/Sep/2017:11:00:41 +0800] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 301 185 "-" "-" "-"
正在调试微信支付,涉及到钱了,所以是不是有人在扫描我的服务器?
ping 了一下这个 IP,300 多 ms,显然是境外的服务器
33 replies • 2017-09-14 23:26:47 +08:00
 |
1
Lisp Sep 14, 2017
正常 IP 段扫描,不是单单针对你
|
 |
2
xenme Sep 14, 2017
批量扫而已
|
 |
4
leekafai Sep 14, 2017 via Android
你要这么想,我也没办法
|
 |
6
234747005 Sep 14, 2017
你要是纠结这个原因,你就没完没了了,互联网上总有很多 robot 行为
|
 |
7
WeaPoon Sep 14, 2017
每时每刻都有这样的扫描,做好防护措施.
扫描的目的肯定是想做坏事就是. |
 |
8
ysicing Sep 14, 2017
你能怎么办,ban ip 呗。对于这种的只有这种方法
|
 |
9
lafirel Sep 14, 2017
一开始我就 iptables+fail2ban 各种写规则和这些作斗争,乐此不疲
不过过一阵就没啥意思也懒得弄了,随它去吧 |
 |
10
evlos Sep 14, 2017
你用的是阿里云的话,阿里云会扫你然后给你推销云盾安骑士
|
 |
11
121121121 Sep 14, 2017
phpmyadmin 都敢用?
|
 |
12
siguretto Sep 14, 2017
公司里有个新员工写了微信小程序的支付接口,但是没做某些安全处理,还没上线,功能开发完第二天就被搞了。
很好奇为什么暴露得这么快 |
 |
14
NoAnyLove Sep 14, 2017
很常见的批量扫描,如果扫描出了问题才会黑你。如果很在意的话,直接用 fail2ban 屏蔽掉就行,以前 WordPress 的 xmlrpc 漏洞的时候,我的 VPS 直接被扫描得监控显示无响应了。
|
 |
15
winglight2016 Sep 14, 2017  1
@siguretto 没做完就上生产环境?
|
 |
17
codeyung Sep 14, 2017
都是批量的 - -
|
 |
18
nicevar Sep 14, 2017
不一定是人,都是自动化的工具扫描的
|
 |
19
Phariel Sep 14, 2017 via Android
这是日常批量扫 稍安勿躁
|
|
21
siguretto Sep 14, 2017
@winglight2016 直接放测试环境了,因为证书问题和别的功能有回调接口
@zwgmlr3 没有放 github,放的是 coding 的私有仓库 上面说错了,不是微信支付,是微信企业付款的接口。 本地数据库没做锁表,测试环境接口也没加密没上 ssl,被人并发访问提现接口,提了点钱。 对方手段也挺专业的,查日志没发现大面积扫描,n 个帐号同一代理地址。 问题是,怎么做到第二天就发现我使用了微信的提现呢,感觉像是被内部卖掉了数据一样。 |
 |
22
cxbig Sep 14, 2017
自动化工具或脚本批量扫描而已,我们的项目加了一堆类似的黑名单了。
可以优化一下你的 nginx 配置,用 php 只允许经由 index.php 的访问,其他 try_files 直接=404 |
 |
25
pynix Sep 14, 2017
只要是公网 ip,你躲不掉的。。。
|
 |
26
aksoft Sep 14, 2017
不被扫的不是好服务器
|
 |
27
gclove Sep 14, 2017
被扫很正常啊, 连阿里云自己都去扫你
不扫怎么知道你有没有问题, 安全公司都会扫的 |
 |
29
ipconfiger Sep 14, 2017
自动化扫, 别装这些无实包经的东西就没得危险得
|
 |
30
yzmm Sep 14, 2017
有人在全球范围内扫描吧,我的国外的 VPS 也记录了大量的请求。
155.4.167.190 - - [10/Sep/2017:12:58:14 +0000] "HEAD http://xx.xx.xx.xx:80/sql/phpmyadmin2/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:14 +0000] "HEAD http://xx.xx.xx.xx:80/sql/phpMyAdmin2/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:14 +0000] "HEAD http://xx.xx.xx.xx:80/sql/phpMyAdmin/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:15 +0000] "HEAD http://xx.xx.xx.xx:80/db/myadmin/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:15 +0000] "HEAD http://xx.xx.xx.xx:80/db/webadmin/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:15 +0000] "HEAD http://xx.xx.xx.xx:80/db/dbweb/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:16 +0000] "HEAD http://xx.xx.xx.xx:80/db/websql/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:16 +0000] "HEAD http://xx.xx.xx.xx:80/db/webdb/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:16 +0000] "HEAD http://xx.xx.xx.xx:80/db/dbadmin/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:17 +0000] "HEAD http://xx.xx.xx.xx:80/db/db-admin/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:17 +0000] "HEAD http://xx.xx.xx.xx:80/db/phpmyadmin3/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:17 +0000] "HEAD http://xx.xx.xx.xx:80/db/phpMyAdmin3/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" 155.4.167.190 - - [10/Sep/2017:12:58:17 +0000] "HEAD http://xx.xx.xx.xx:80/db/phpMyAdmin-3/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee" "-" |
 |
33
isCyan Sep 14, 2017
躲不掉的,自己系统别留漏洞就好,注意点安全,我都被扫惯了。
再有,怎么那么多人看 pma 不顺眼? |
Select Language