请问这种请求是什么意思?

发布于 2022-09-04 09:33:46 字数 2623 浏览 7 评论 0

Nginx的日志当中有很多这样的请求:

183.57.53.196 - - [04/Jan/2017:07:54:46 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
101.226.33.224 - - [04/Jan/2017:07:54:56 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 403 189 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
114.239.120.109 - - [04/Jan/2017:07:55:08 +0800] "GET /phpMyAdmin/js/messages.php?lang%25253Dzh_CN%252526db%25253D%252526collation_connection%25253Dutf8_unicode_ci%252526token%25253Dec2c28cf6971d3a135af7a2e7c8cd661 HTTP/1.1" 404 56 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
101.226.64.174 - - [04/Jan/2017:08:03:36 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
61.151.218.118 - - [04/Jan/2017:08:03:45 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1" 404 56 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
120.83.121.129 - - [04/Jan/2017:08:04:01 +0800] "GET /phpMyAdmin/sql.php?server%2525253D1%25252526db%2525253Dsb_fuck%25252526table%2525253Dtypecho_comments%25252526pos%2525253D0%25252526token%2525253D57d0cefa5b6edd1f5edc38e29831b305%25252526ajax_request%2525253Dtrue%25252526ajax_page_request%2525253Dtrue%25252526menuHashes%2525253D8d3a48ca%25252526_nocache%2525253D14834314376021934 HTTP/1.1

如果是非法请求,我应该如何防范.谢谢。

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

弱骨蛰伏 2022-09-11 09:33:46

拿其中一条反复unescape,得到如下代码

/phpMyAdmin/sql.php?server=1&db=sb_fuck&table=typecho_comments&pos=0&token=57d0cefa5b6edd1f5edc38e29831b305&ajax_request=true&ajax_page_request=true&menuHashes=8d3a48ca&_nocache=14834314376021934 HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/11

应该是有人在测试能不能通过phpMyAdmin操纵你的数据库,如果你真的有phpAdmin,配置一下Nginx

location /(admin|phpadmin|status) { deny all; }

如果没有的话,加固一下你的Nginx

Nginx 安全加固心得

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文