Django 开发服务器,在控制台中发现类似病毒的东西?
我正在运行 Django 开发服务器,发现一次又一次显示相同的访问消息:
[03/Dec/2009 21:02:30] "GET http://222.186.27.9/R.asp?P=58.50.245.72:8000 HTTP/1.1" 500 717 Traceback (most recent call last): File "d:\www\lib\django\django\core\servers\basehttp.py", line 279, in run self.result = application(self.environ, self.start_response) File "d:\www\lib\django\django\core\servers\basehttp.py", line 651, in __call__ return self.application(environ, start_response) File "d:\www\lib\django\django\core\handlers\wsgi.py", line 241, in __call__ response = self.get_response(request) File "d:\www\lib\django\django\core\handlers\base.py", line 115, in get_response return debug.technical_404_response(request, e) File "d:\www\lib\django\django\views\debug.py", line 247, in technical_404_response tried = exception.args[0]['tried'] KeyError: 'tried' [03/Dec/2009 22:18:31] "GET http : / / pay .qq.com/ HTTP/1.1" 500 717
我怀疑它是病毒,有人知道是什么访问了该 url,我怎样才能找到它?谢谢!
I was running Django Development server, and found same access message shown up again and again:
[03/Dec/2009 21:02:30] "GET http://222.186.27.9/R.asp?P=58.50.245.72:8000 HTTP/1.1" 500 717 Traceback (most recent call last): File "d:\www\lib\django\django\core\servers\basehttp.py", line 279, in run self.result = application(self.environ, self.start_response) File "d:\www\lib\django\django\core\servers\basehttp.py", line 651, in __call__ return self.application(environ, start_response) File "d:\www\lib\django\django\core\handlers\wsgi.py", line 241, in __call__ response = self.get_response(request) File "d:\www\lib\django\django\core\handlers\base.py", line 115, in get_response return debug.technical_404_response(request, e) File "d:\www\lib\django\django\views\debug.py", line 247, in technical_404_response tried = exception.args[0]['tried'] KeyError: 'tried' [03/Dec/2009 22:18:31] "GET http : / / pay .qq.com/ HTTP/1.1" 500 717
I wander it's a virus, do any one know what accessed the url, how can I find it? Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
看起来确实很可疑。 pay.qq.com 接缝了中国某种虚拟商品商店的网址(wikipedia)。
我建议在您的服务器上设置 wireshark 来捕获流量。它应该可以帮助您识别它的来源。希望它不是网络上负责此操作的机器之一。
另外,您的 django 开发服务器不应暴露在公共互联网上。来自 django 源代码(basehttp.py):
Looks suspicious indeed. pay.qq.com seams the to be url for some kind of virtual good store in china (wikipedia).
I recommend setting up wireshark on your server to capture traffic. It should help you identify the source of it. Hopefully, it is not one of the machine on your network responsible for this.
Also, your django development server should not be exposed to the public internet. From the django source code (basehttp.py):
您是否使用默认参数运行开发服务器?如果是这样,它应该只绑定到本地主机(127.0.0.1),除了您的机器之外,它不应该从任何地方访问。如果是这样,那么您的机器就有问题了。
如果您已将开发服务器绑定到面向外部互联网的地址,则不要!它不是一个功能齐全的网络服务器,并且可能充满安全问题。
无论哪种方式,请求看起来都像是代理请求,而 8000 是运行代理的常用端口,因此您计算机上的某些进程或某些外部 LAN 或基于互联网的服务已发现它并试图滥用它。
Did you run the dev server with the default arguments? If so it should only be bound to localhost (127.0.0.1) which shouldn't be accessible from anywhere except your machine. If so then you have trouble on your machine.
If you have bound the dev server to an external internet facing address, then don't! It isn't a fully featured web server and is probably full of security problems.
Either way, the requests look like they are proxy requests and 8000 is a common port to run a proxy on, so some process on your machine, or some external lan or internet based service has discovered it and is trying to abuse it.
很可能有人只是试图使用您的服务器作为代理。
most likely someone is just trying to use your server as a proxy.