[安全]网站后台有奇怪的日志麻烦大家帮忙分析一下

jayesslin · · 3950 次点击 · 开始浏览    置顶
这是一个创建于 的主题,其中的信息可能已经有所发展或是发生改变。

``` 195.54.160.77 - - [05/May/2020:12:49:57 +0800] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 150 "-" "-" 195.54.160.77 - - [05/May/2020:12:49:58 +0800] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 150 "-" "-" 150.136.210.90 - - [05/May/2020:12:53:46 +0800] "GET /console HTTP/1.1" 200 2311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" 150.136.210.90 - - [05/May/2020:12:53:47 +0800] "GET /cgi-bin/test-cgi HTTP/1.1" 200 2311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" 150.136.210.90 - - [05/May/2020:12:53:48 +0800] "GET / HTTP/1.1" 200 2311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" 150.136.210.90 - - [05/May/2020:12:53:49 +0800] "GET /horde/imp/test.php HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" 150.136.210.90 - - [05/May/2020:12:53:49 +0800] "GET /login.action HTTP/1.1" 200 2311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" 150.136.210.90 - - [05/May/2020:12:53:51 +0800] "GET /login?from=0.000000 HTTP/1.1" 200 2311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" 150.136.210.90 - - [05/May/2020:12:53:52 +0800] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" 150.136.210.90 - - [05/May/2020:12:53:53 +0800] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" 150.136.210.90 - - [05/May/2020:12:53:53 +0800] "GET /login/do_login HTTP/1.1" 200 2311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" 115.29.179.82 - - [05/May/2020:13:12:16 +0800] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/&currentsetting.htm=1 HTTP/1.1" 400 150 "-" "Mozilla/5.0" 162.243.142.133 - - [05/May/2020:13:34:29 +0800] "GET /hudson HTTP/1.1" 200 1152 "-" "Mozilla/5.0 zgrab/0.x" 47.101.202.181 - - [05/May/2020:13:34:53 +0800] "GET /phpmyadmin/ HTTP/1.1" 200 2311 "-" "-" 47.101.202.181 - - [05/May/2020:13:34:53 +0800] "GET /pmd/ HTTP/1.1" 200 2311 "-" "-" 47.101.202.181 - - [05/May/2020:13:34:53 +0800] "GET /pma/ HTTP/1.1" 200 2311 "-" "-" ``` 网站有Php的环境, centos 7 ,用宝塔来运维,程序主要是由springboot提供API+一个前端项目 想问问大家 : 1. mstshash=Administr 400 150 (日志第一条)这样的请求还需要去封ip吗, 我百度了一下是对thinkphp的漏洞攻击,但具体不太清楚 2. GET /console HTTP/1.1" 200 2311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"这种上来就访问/phpMyAdmin 或者 /console的接口 网站竟然返回了200 ,想问问有无风险? 谢谢大家

有疑问加站长微信联系(非本文作者)

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

3950 次点击  
加入收藏 微博
2 回复  |  直到 2020-05-06 18:30:57
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传