东东东 陈煜东的博客

遭遇第一次网络安全攻击

网站应该遭受了攻击。攻击者ip:220.181.55.29。搜索此ip地址,发现有许多的此ip的记录,在其他页面提交了许多垃圾评论。

在今天的下午15:50,滴的一身,来了一个短信,一看短信内容,是几个135791这几个数字,以为是普通的机器人在网站上提交留言了。并不在意。随着连续的几次相同的短信内容,也并不在意,以为飞信抽了,相同内容的短信发了多次。可是在短短的10分钟内,访问了许多并不存在的页面。

http://www.daoiqi.com/wui/pay/index.php?f=credit&p=cmb%7Cping+-c+8+127.0.0.1

因为我的反馈页面给邮箱发邮件,同时用飞信给我发短信,导致我的手机频繁的收到短信。不得已将反馈页面给关闭了。

对了,还有许多的http request头是pylib。

有人说是来自360的安全检测。webscan.360.cn的ip为123.125.80.244。还不确定。ip123.125.160.216是360检测的一个ip,其他ip不知道。

测试是否是360检测引起的。不知道情况下,我再次去检测把原来的页面挂上去,然后再进行检测,如果还有非常的多提交反馈表单,那就是360引起的了。如果没有,那就暂时排除360导致的。

于是我又查看了博客的访问情况,发现来自ip:123.151.39.42的页有许多,访问sqladmin、myadmin等数据库管理软件的后台。应该是想寻找数据库的密码。 www.scanv.com的ip为123.151.39.27,这次很可能是这个网站检测引起的。

——————–update on 19:06 ———————

晚间19点多,又有来自220.181.55.30的ip的访问。

访问这样的url

/star.vancl.com/fashionsuit/products/?vp=27547%2c27614&jp=135791&cid=333%2c4019988%bf%27or+3%3D3+limit+1%23

———-update on 2013/3/30 10:00———

早上查看网站访问日志,发现来自117.42.72.100的ip在7点对网站进行扫描,立刻拒绝此ip的访问。在此时间07:11:15、07:18:57、07:23:42、07:27:26、07:46:48、07:57:31、08:15:38、08:39:28、08:58:26、09:03:09多次进行扫描。不知道是为什么呢?在拿我的网站检测做实验?还是初步学习攻击网络攻击?

扫描页面有

117.42.72.100 - - [10/Mar/2013:07:11:15 +0800] "HEAD /wwwroot.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
.......................
117.42.72.100 - - [10/Mar/2013:07:11:41 +0800] "HEAD /www_daoiqi_com.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"

117.42.72.100 - - [10/Mar/2013:07:18:57 +0800] "HEAD /wwwroot.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
.......................
117.42.72.100 - - [10/Mar/2013:07:19:26 +0800] "HEAD /www_daoiqi_com.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"



117.42.72.100 - - [10/Mar/2013:08:58:26 +0800] "HEAD /wwwroot.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:26 +0800] "HEAD /wwwroot.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:26 +0800] "HEAD /wwwroot.zip HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:26 +0800] "HEAD /wwwroot.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:27 +0800] "HEAD /HYTop.mdb HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:27 +0800] "HEAD /www.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:27 +0800] "HEAD /www.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:27 +0800] "HEAD /www.zip HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:28 +0800] "HEAD /www.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:28 +0800] "HEAD /web.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:28 +0800] "HEAD /www.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:28 +0800] "HEAD /web.zip HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:28 +0800] "HEAD /www.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:29 +0800] "HEAD /www.daoiqi.com.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:29 +0800] "HEAD /www.daoiqi.com.zip HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:29 +0800] "HEAD /www.daoiqi.com.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:30 +0800] "HEAD /wwwdaoiqicom.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:30 +0800] "HEAD /wwwdaoiqicom.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:30 +0800] "HEAD /wwwdaoiqicom.zip HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:30 +0800] "HEAD /wwwdaoiqicom.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:31 +0800] "HEAD /daoiqi.com.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:31 +0800] "HEAD /daoiqi.com.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:31 +0800] "HEAD /daoiqi.com.zip HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:31 +0800] "HEAD /daoiqi.com.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:31 +0800] "HEAD /daoiqi.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:32 +0800] "HEAD /daoiqi.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:32 +0800] "HEAD /daoiqi.zip HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:32 +0800] "HEAD /daoiqi.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:32 +0800] "HEAD /daoiqi_com.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:33 +0800] "HEAD /daoiqi_com.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:33 +0800] "HEAD /daoiqi_com.zip HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:33 +0800] "HEAD /daoiqi_com.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:33 +0800] "HEAD /www_daoiqi_com.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:33 +0800] "HEAD /www_daoiqi_com.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:34 +0800] "HEAD /www_daoiqi_com.zip HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
117.42.72.100 - - [10/Mar/2013:08:58:34 +0800] "HEAD /www_daoiqi_com.tgr.gz HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"

117.42.72.100 - - [10/Mar/2013:09:03:09 +0800] "HEAD /wwwroot.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
..................................
117.42.72.100 - - [10/Mar/2013:09:03:35 +0800] "HEAD /www_daoiqi_com.rar HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"

这是要下载网站的源代码,还有想看数据库的呀。

此次攻击总结反思

经过此次事件,进行一些总结反思。

不要在网站的根目录下放网站的源代码和数据库文件。不然攻击这会进行扫描目录。或者至少别直接放文件名和网站域名相关的重要文件。

出现异常的访问情况,可以先将其拒绝访问,以防止其攻击造成系统资源浪费。

平时得多注意网站的安全。

注意密码的保存。

声明:未经允许禁止转载 东东东 陈煜东的博客 文章,谢谢。如经授权,转载请注明: 转载自东东东 陈煜东的博客

本文链接地址: 遭遇第一次网络安全攻击 – https://www.chenyudong.com/archives/against-first-security-website-attacked.html

分类: 网络

用junit对struts2 action和spring进行单元测试 » « 获取struts2 include标签param参数

2 评论

  1. 我今天也遇到了220.181.55.29来攻击我的网站,先ban里IP,接下来再看看

发表评论

邮箱(不会被公开)

*

Copyright © 2019 东东东 陈煜东的博客 粤ICP备13059639号-1

SITEMAP回到顶部 ↑