网站受到奇怪的攻击,请求网站的地址是 https://epay.12306.cn?
今天检查网站的debug,偶然发现了几条奇怪的记录:
不明白为什么会有向 https://*.12306.cn 发送的请求指向了我的服务器
下面是几个请求的Request Headers
1. POST https://epay.12306.cn/pay/payGateway at 2018-12-07 06:37:06 pm by 139.199.188.192
| Name | Value |
|---|---|
| upgrade-insecure-requests | '1' |
| referer | 'https://kyfw.12306.cn/otn/pay...' |
| origin | 'https://kyfw.12306.cn' |
| content-type | 'application/x-www-form-urlencoded' |
| connection | 'keep-alive' |
| cache-control | 'max-age=0' |
| accept-language | 'zh-CN,zh;q=0.8,en;q=0.6' |
| accept-encoding | 'gzip, deflate, br' |
| accept | 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8' |
| content-length | '1987' |
| user-agent | 'Mozilla/5.0 (Windows NT 6.3; ARM; Trident/7.0; Touch; rv:11.0) like Gecko' |
| host | 'epay.12306.cn' |
2. GET https://kyfw.12306.cn/otn/login/init at 2018-12-07 06:36:34 pm by 121.41.39.6
| Name | Value |
|---|---|
| referer | 'https://kyfw.12306.cn/otn/lef...' |
| connection | 'keep-alive' |
| accept-language | 'zh-CN,zh;q=0.8,en;q=0.6' |
| accept-encoding | 'gzip, deflate, sdch, br' |
| accept | '/' |
| user-agent | 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A' |
| host | 'kyfw.12306.cn' |
3. GET https://mobile.12306.cn/otsmobile/app/mgs/mgw.htm?operationType=com.cars.otsmobile.queryLeftTicket&requestData=%5B%7B%22train_date%22%3A%2220181217%22%2C%22purpose_codes%22%3A%2200%22%2C%22from_station%22%3A%22PIJ%22%2C%22to_station%22%3A%22POJ%22%2C%22station_train_code%22%3A%22%22%2C%22start_time_begin%22%3A%220000%22%2C%22start_time_end%22%3A%222400%22%2C%22train_headers%22%3A%22QB%23%22%2C%22train_flag%22%3A%22%22%2C%22seat_type%22%3A%22%22%2C%22seatBack_Type%22%3A%22%22%2C%22ticket_num%22%3A%22%22%2C%22dfpStr%22%3A%22%22%2C%22baseDTO%22%3A%7B%22check_code%22%3A%227d6a7259915ae11894d2afae8b3cb8a9%22%2C%22device_no%22%3A%2261af7de9dbacd2b6%22%2C%22mobile_no%22%3A%22%22%2C%22os_type%22%3A%22a%22%2C%22time_str%22%3A%2220181207183649%22%2C%22user_name%22%3A%22%22%2C%22version_no%22%3A%224.1.9%22%7D%7D%5D&ts=1544179009469&sign= at 2018-12-07 06:36:49 pm by 111.230.50.47
| Name | Value |
|---|---|
| accept-encoding | 'gzip' |
| workspaceid | 'product' |
| trackerid | '' |
| signtype | '0' |
| riskudid | '00cb8864-fa0c-11e8-8657-000000000000' |
| platform | 'ANDROID' |
| did | '61af7de9dbacd2b6' |
| appid | '9101430221728' |
| user-agent | 'Go-http-client/1.1' |
| host | 'mobile.12306.cn' |
有哪位大佬了解是怎么发动攻击的吗?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我查看服务器日志,出现了和你一样的情况,就这样放着不管吗?
我也有,怎么处理?
大佬你们好,很想知道一下最后是怎么处理的?我这边相同情况,查看nginx的日志发现每天无时无刻源源不断地在请求otsmobile/app/mgs/mgw.htm?operationType=com.... 状态是301。
只能推断是有人利用服务器流量,然后把这个请求(otsmobile/app/mgs)再转发到12306(推测)进行刷票。
但我查遍了nginx没有发现配置文件有任何被改动的地方。
改本地的
hosts就可以了,你改下你本地电脑的hosts把baidu.com指向你的 ip,你在访问baidu.com看看.估计是这个客户端本机的
hosts或者中间的某个路由被动了手脚,把12306.cn指向到你这里了.