V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
wickila
V2EX  ›  问与答

在服务器上看到一些奇怪的日志

  •  
  •   wickila · 2015-10-28 10:00:05 +08:00 · 5620 次点击
    这是一个创建于 3320 天前的主题,其中的信息可能已经有所发展或是发生改变。
    给别人做的一个网站,放在阿里云上面。平时很少上去看,今天突然想上去瞧瞧,然后看到服务器日志里面有一些奇怪的访问日志,如下:
    5.178.86.77:14389 - - [24/Oct/2015 15:48:59] "HTTP/1.1 POST azenv.php" - 404 Not Found
    182.254.154.72:42477 - - [24/Oct/2015 18:19:03] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    5.178.86.76:34713 - - [24/Oct/2015 18:59:03] "HTTP/1.1 POST azenv.php" - 404 Not Found
    182.254.154.72:36303 - - [24/Oct/2015 19:16:19] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    120.24.54.198:56163 - - [24/Oct/2015 19:19:01] "HTTP/1.1 GET /" - 303 See Other
    120.24.54.198:59810 - - [24/Oct/2015 19:19:06] "HTTP/1.1 HEAD /" - 303 See Other
    120.24.54.198:36319 - - [24/Oct/2015 19:19:12] "HTTP/1.1 TRACE /" - 405 Method Not Allowed
    182.254.154.72:35039 - - [24/Oct/2015 19:47:04] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    182.254.154.72:53031 - - [24/Oct/2015 20:52:05] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    42.120.145.227:11353 - - [24/Oct/2015 21:03:09] "HTTP/1.1 GET /" - 303 See Other
    42.120.145.145:20416 - - [24/Oct/2015 21:03:09] "HTTP/1.1 GET /signin" - 200 OK
    182.254.154.72:52793 - - [24/Oct/2015 21:23:50] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    182.254.154.72:38664 - - [24/Oct/2015 22:50:21] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    182.254.154.72:40754 - - [25/Oct/2015 00:21:15] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    182.254.154.72:59285 - - [25/Oct/2015 01:22:16] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    5.178.86.77:4139 - - [25/Oct/2015 02:07:57] "HTTP/1.1 POST azenv.php" - 404 Not Found
    185.49.14.190:36507 - - [25/Oct/2015 02:24:46] "HTTP/1.1 GET testproxy.php" - 404 Not Found
    182.254.154.72:56069 - - [25/Oct/2015 03:50:17] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    95.131.151.238:56504 - - [25/Oct/2015 03:58:49] "HTTP/1.1 GET proxy.php" - 404 Not Found
    182.254.154.72:40328 - - [25/Oct/2015 04:47:47] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    222.186.129.85:4423 - - [25/Oct/2015 05:46:00] "HTTP/1.1 GET /manager/html" - 404 Not Found
    182.254.154.72:55288 - - [25/Oct/2015 06:41:57] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    60.173.14.142:40564 - - [25/Oct/2015 06:54:20] "HTTP/1.1 POST /index.php" - 404 Not Found
    182.254.154.72:47508 - - [25/Oct/2015 07:43:02] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    182.254.154.72:48420 - - [25/Oct/2015 08:15:48] "HTTP/1.1 GET test/check_proxy.php" - 404 Not Found
    42.120.142.221:33519 - - [25/Oct/2015 10:20:00] "HTTP/1.1 GET /" - 303 See Other
    42.120.142.221:42657 - - [25/Oct/2015 10:20:00] "HTTP/1.1 OPTIONS /" - 405 Method Not Allowed
    42.120.142.221:42683 - - [25/Oct/2015 10:20:00] "HTTP/1.1 OPTIONS /" - 405 Method Not Allowed
    42.120.142.221:42684 - - [25/Oct/2015 10:20:01] "HTTP/1.1 GET /nice ports,/Trinity.txt.bak" - 404 Not Found

    这些日志好像都是尝试去访问 PHP 的后台, IP 来自腾讯云与阿里云。这是别人的爬虫自动访问的,还是有人盯上这台服务器了?有这方面经验的同学能否帮忙答疑解惑一下?
    6 条回复    2019-11-12 10:34:25 +08:00
    pi1ot
        1
    pi1ot  
       2015-10-28 10:12:41 +08:00
    爬虫或者扫端口之类
    LeoSocks
        2
    LeoSocks  
       2015-10-28 10:16:31 +08:00 via Android
    别人的漏洞扫描测试,有漏洞就入侵了
    BOYPT
        3
    BOYPT  
       2015-10-28 10:39:15 +08:00
    爬虫检查有没有被种马找到就进呗
    oott123
        4
    oott123  
       2015-10-28 11:38:11 +08:00
    看上去像扫代理啊~
    icegreen
        5
    icegreen  
       2015-10-28 12:45:22 +08:00
    阿里自己的漏洞扫描也会扫
    jaylee4869
        6
    jaylee4869  
       2019-11-12 10:34:25 +08:00
    不是漏洞扫描,是恶意代理,只要返回的不是 200 就 ok。
    https://blog.mythsman.com/post/5d2ab9c0f678ba2eb3bd34c9/
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3457 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 04:49 · PVG 12:49 · LAX 20:49 · JFK 23:49
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.