phpmyadmin 的日志里面好多诡异请求连接?
113.108.10.5 - - [07/Nov/2017:15:50:26 +0800] "GET /index.php?ajax_request%3D1%26recent_table%3D1%26no_debug%3Dtrue%26_nocache%3D1510033324320978429 HTTP/1.1" 200 3377 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
101.226.64.174 - - [07/Nov/2017:16:09:07 +0800] "GET /box/tbl_replace.php HTTP/1.1" 200 3384 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
183.57.53.177 - - [07/Nov/2017:16:37:46 +0800] "GET /box HTTP/1.1" 301 178 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
183.57.53.177 - - [07/Nov/2017:16:37:46 +0800] "GET /box/ HTTP/1.1" 200 3377 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
112.90.82.236 - - [07/Nov/2017:17:12:11 +0800] "GET /index.php?ajax_request%3D1%26recent_table%3D1%26no_debug%3Dtrue%26_nocache%3D1510036119779233145 HTTP/1.1" 200 3376 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
163.177.90.152 - - [07/Nov/2017:18:25:44 +0800] "GET / HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
日志里面好多这样的连接。他们是获得了什么了么?
特别是这个
50.118.255.37 - - [08/Nov/2017:21:15:10 +0800] "CONNECT www.baidu.com:443 HTTP/1.1" 400 166 "-" "-"
50.118.255.37 - - [08/Nov/2017:21:15:21 +0800] "CONNECT www.baidu.com:443 HTTP/1.1" 400 166 "-" "-"
50.118.255.37 - - [08/Nov/2017:21:54:02 +0800] "CONNECT www.alipay.com:443 HTTP/1.1" 400 166 "-" "-"
219.133.49.231 - - [08/Nov/2017:18:08:08 +0800] "GET http://10.177.152.217/proxy.html HTTP/1.1" 400 264 "-" "-"
219.133.49.231 - - [08/Nov/2017:18:08:08 +0800] "\x04\x01" 400 166 "-" "-"
219.133.49.231 - - [08/Nov/2017:18:08:08 +0800] "\x05\x01" 400 166 "-" "-"
这个特别不明白,也没有任何可以代理的。
不明白 \x04\x01 和 CONNECT
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
人家找你的漏洞呢
不过也别太担心,估计是一些安全平台,比如百度云观测什么的,
没用过phpmyadmin
攻击者尝试入侵你的phpmyadmin,从这几条日志看来,似乎没有成功,其他日志就不清楚了
建议:
不使用phpmyadmin这种软件,一定要使用的话,不暴露给公网访问
采用堡垒机、VPN等报障业务安全