V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
1dian01
V2EX  ›  然而并没有

这是不是被攻击了?网站在这个时间点宕机了,大神帮忙看看日志,谢谢

  •  
  •   1dian01 · 2023-09-15 11:05:33 +08:00 · 1031 次点击
    这是一个创建于 468 天前的主题,其中的信息可能已经有所发展或是发生改变。
    125.36.255.55 - - [15/Sep/2023:09:06:47 +0800] " GET /52hacker.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    110.177.179.164 - - [15/Sep/2023:09:06:47 +0800] " GET /junior.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    119.48.134.74 - - [15/Sep/2023:09:06:47 +0800] " GET /HACKED.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    123.245.25.51 - - [15/Sep/2023:09:06:47 +0800] " GET /hackway.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    124.31.107.168 - - [15/Sep/2023:09:06:47 +0800] " GET /myup2.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    122.96.28.64 - - [15/Sep/2023:09:06:47 +0800] " GET /king.txt HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    58.19.57.155 - - [15/Sep/2023:09:06:47 +0800] " GET /gddff.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    43.248.108.195 - - [15/Sep/2023:09:06:47 +0800] " GET /hacker.php HTTP/1.1 " 404 162 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    139.170.203.51 - - [15/Sep/2023:09:06:47 +0800] " GET /net.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    124.117.193.3 - - [15/Sep/2023:09:06:47 +0800] " GET /jza.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    59.173.181.252 - - [15/Sep/2023:09:06:47 +0800] " GET /admin/Default.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    144.255.18.156 - - [15/Sep/2023:09:06:47 +0800] " GET /jyhack.txt HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    124.235.138.251 - - [15/Sep/2023:09:06:47 +0800] " GET /kai.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    182.242.168.177 - - [15/Sep/2023:09:06:47 +0800] " GET /windis.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    222.181.11.33 - - [15/Sep/2023:09:06:47 +0800] " GET /NewsType.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    1.202.112.127 - - [15/Sep/2023:09:06:47 +0800] " GET /av.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    125.84.239.11 - - [15/Sep/2023:09:06:47 +0800] " GET /dsf.jsp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    222.181.11.112 - - [15/Sep/2023:09:06:48 +0800] " GET /kangzai.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    27.47.26.176 - - [15/Sep/2023:09:06:48 +0800] " GET /madman.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    101.68.126.126 - - [15/Sep/2023:09:06:48 +0800] " GET /xxoo.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    114.100.176.226 - - [15/Sep/2023:09:06:48 +0800] " GET /hc.txt HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    123.245.25.204 - - [15/Sep/2023:09:06:48 +0800] " GET /kid.txt HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    112.193.163.119 - - [15/Sep/2023:09:06:48 +0800] " GET /kest.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    220.200.170.252 - - [15/Sep/2023:09:06:48 +0800] " GET /safe86.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    60.13.7.63 - - [15/Sep/2023:09:06:48 +0800] " GET /BlackOdometer/Editor.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    123.191.142.151 - - [15/Sep/2023:09:06:48 +0800] " GET /xsd.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    222.94.140.12 - - [15/Sep/2023:09:06:48 +0800] " GET /52.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    121.29.178.104 - - [15/Sep/2023:09:06:48 +0800] " GET /t2ck.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    220.250.11.131 - - [15/Sep/2023:09:06:49 +0800] " GET /kim.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    139.170.202.22 - - [15/Sep/2023:09:06:49 +0800] " GET /20071215173556171.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    58.18.161.195 - - [15/Sep/2023:09:06:49 +0800] " GET /logo.php HTTP/1.1 " 404 162 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    124.160.236.124 - - [15/Sep/2023:09:06:49 +0800] " GET /suluoli.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    150.255.97.94 - - [15/Sep/2023:09:06:49 +0800] " GET /christ.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    60.13.7.61 - - [15/Sep/2023:09:06:49 +0800] " GET /myung.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    220.173.208.121 - - [15/Sep/2023:09:06:49 +0800] " GET /kim.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    58.18.161.79 - - [15/Sep/2023:09:06:49 +0800] " GET /xiaozi.asa HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    180.95.238.131 - - [15/Sep/2023:09:06:50 +0800] " GET /dhthacker.com.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    175.17.182.239 - - [15/Sep/2023:09:06:50 +0800] " GET /xenon.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    122.96.28.43 - - [15/Sep/2023:09:06:50 +0800] " GET /fuck-china.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    27.98.228.11 - - [15/Sep/2023:09:06:50 +0800] " GET /town.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    58.18.161.62 - - [15/Sep/2023:09:06:50 +0800] " GET /zongg/daima.asp?id = 65 HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    175.17.183.108 - - [15/Sep/2023:09:06:50 +0800] " GET /kuang.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    124.31.107.232 - - [15/Sep/2023:09:06:50 +0800] " GET /kk.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    150.255.44.242 - - [15/Sep/2023:09:06:51 +0800] " GET /20085160619797.cer HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    221.212.178.188 - - [15/Sep/2023:09:06:51 +0800] " GET /bubai.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    120.0.52.226 - - [15/Sep/2023:09:06:52 +0800] " GET /S.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    221.14.171.21 - - [15/Sep/2023:09:06:52 +0800] " GET /c.php HTTP/1.1 " 404 162 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    221.14.170.243 - - [15/Sep/2023:09:06:52 +0800] " GET /tr.txt HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    112.193.160.131 - - [15/Sep/2023:09:06:53 +0800] " GET /ouran.php HTTP/1.1 " 404 162 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    125.84.236.118 - - [15/Sep/2023:09:06:53 +0800] " GET /Soul.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    40.77.167.26 - - [15/Sep/2023:09:06:54 +0800] " GET /nfc-phone-can-not-read-or-write-nfc-tag-problem.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/103.0.5060.134 Safari/537.36 "
    180.95.238.134 - - [15/Sep/2023:09:06:54 +0800] " GET /kk.txt HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    183.191.29.212 - - [15/Sep/2023:09:06:55 +0800] " GET /752.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    27.184.93.90 - - [15/Sep/2023:09:06:55 +0800] " GET /albums/userpics/robots.txt HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    101.68.5.85 - - [15/Sep/2023:09:06:56 +0800] " GET /winSec.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    223.166.22.1 - - [15/Sep/2023:09:06:56 +0800] " GET /updue.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    123.245.25.112 - - [15/Sep/2023:09:06:56 +0800] " GET /bin.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    222.94.140.237 - - [15/Sep/2023:09:06:56 +0800] " GET /kyo.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    8.129.66.111 - - [15/Sep/2023:09:06:56 +0800] " POST /wp-cron.php?doing_wp_cron = 1694740012.4412710666656494140625 HTTP/1.1 " 444 0 " http://www.nfchome.org/wp-cron.php?doing_wp_cron = 1694740012.4412710666656494140625 " " WordPress/5.0.19; http://www.nfchome.org
    113.200.72.205 - - [15/Sep/2023:09:06:56 +0800] " GET /jedy.asa HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    124.235.138.17 - - [15/Sep/2023:09:06:57 +0800] " GET /l0rd.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    117.13.171.10 - - [15/Sep/2023:09:06:57 +0800] " GET /ChuMeng.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    36.32.2.63 - - [15/Sep/2023:09:06:57 +0800] " GET /robots.txt HTTP/1.1 " 200 203 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    182.242.168.156 - - [15/Sep/2023:09:06:57 +0800] " GET /heici.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    110.177.179.164 - - [15/Sep/2023:09:06:59 +0800] " GET /AnonGuy.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    58.18.161.222 - - [15/Sep/2023:09:07:00 +0800] " GET /kz.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    36.32.2.248 - - [15/Sep/2023:09:07:00 +0800] " GET /hacker-kof97.php HTTP/1.1 " 404 162 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    36.32.2.120 - - [15/Sep/2023:09:07:01 +0800] " GET /gui.asp HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    59.173.181.7 - - [15/Sep/2023:09:07:01 +0800] " GET /sec.html HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    220.250.11.196 - - [15/Sep/2023:09:07:01 +0800] " GET /xiaofeng.txt HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    110.177.182.81 - - [15/Sep/2023:09:07:01 +0800] " GET /kz.htm HTTP/1.1 " 499 0 "-" " Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 "
    4 条回复    2023-09-15 15:32:42 +08:00
    goodname
        1
    goodname  
       2023-09-15 11:17:12 +08:00
    扫描器而已,宕机是因为扫描器请求太多处理不过来了?
    1dian01
        2
    1dian01  
    OP
       2023-09-15 11:35:00 +08:00
    @goodname 估计是,请教一般有啥好办法处理
    forvvvv123
        3
    forvvvv123  
       2023-09-15 15:10:15 +08:00
    这才几个 QPS ,楼主先看看自己服务配置的是不是有问题,不应该这点量都承载不了。

    然后就没别的好办法了,想拦截扫描器最正常的是前面套 waf ,让 waf 帮你拦截掉,但 waf 也比较贵。
    1dian01
        4
    1dian01  
    OP
       2023-09-15 15:32:42 +08:00
    @forvvvv123 确实不多,一分钟才 300 个,等下次宕机,再看看是不是也是被扫的时候
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3262 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 22ms · UTC 12:28 · PVG 20:28 · LAX 04:28 · JFK 07:28
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.