这是一个创建于 3667 天前的主题,其中的信息可能已经有所发展或是发生改变。
2014.11.18当天总共21229多行180.173.169.247这个地址的行为,总共才25154行日子。这IP貌似来自360的?然后这堆日志是什么意思?扫描我的网站吗?
180.173.169.247 - - [18/Nov/2014:20:53:52 +0800] "HEAD /bbbb.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:52 +0800] "HEAD /cccc.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:52 +0800] "HEAD /3333.rar HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:53 +0800] "HEAD /dddd.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:53 +0800] "HEAD /4444.rar HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:53 +0800] "HEAD /eeee.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:53 +0800] "HEAD /5555.rar HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:53 +0800] "HEAD /ffff.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:54 +0800] "HEAD /6666.rar HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:54 +0800] "HEAD /gggg.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:54 +0800] "HEAD /7777.rar HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:54 +0800] "HEAD /hhhh.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:54 +0800] "HEAD /8888.rar HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:55 +0800] "HEAD /iiii.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:55 +0800] "HEAD /9999.rar HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:56 +0800] "HEAD /jjjj.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:56 +0800] "HEAD /11111.tar.gz HTTP/1.0" 404 1833 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:57 +0800] "HEAD /22222.tar.gz HTTP/1.0" 404 1833 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:57 +0800] "HEAD /kkkk.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:57 +0800] "HEAD /33333.tar.gz HTTP/1.0" 404 1833 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:58 +0800] "HEAD /llll.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:58 +0800] "HEAD /44444.tar.gz HTTP/1.0" 404 1833 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:58 +0800] "HEAD /mmmm.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:58 +0800] "HEAD /55555.tar.gz HTTP/1.0" 404 1833 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:59 +0800] "HEAD /nnnn.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:59 +0800] "HEAD /66666.tar.gz HTTP/1.0" 404 1833 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:59 +0800] "HEAD /oooo.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:53:59 +0800] "HEAD /77777.tar.gz HTTP/1.0" 404 1833 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:00 +0800] "HEAD /88888.tar.gz HTTP/1.0" 404 1833 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:00 +0800] "HEAD /pppp.tgz HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:01 +0800] "HEAD /qqqq.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:02 +0800] "HEAD /99999.tar.gz HTTP/1.0" 404 1833 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:02 +0800] "HEAD /rrrr.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:03 +0800] "HEAD /ssss.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:03 +0800] "HEAD /33333.zip HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:04 +0800] "HEAD /44444.zip HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:04 +0800] "HEAD /tttt.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:04 +0800] "HEAD /55555.zip HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:04 +0800] "HEAD /uuuu.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:05 +0800] "HEAD /66666.zip HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:05 +0800] "HEAD /vvvv.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:05 +0800] "HEAD /wwww.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:06 +0800] "HEAD /xxxx.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:06 +0800] "HEAD /77777.zip HTTP/1.0" 404 1831 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:06 +0800] "HEAD /yyyy.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:07 +0800] "HEAD /88888.zip HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:07 +0800] "HEAD /zzzz.tgz HTTP/1.0" 404 1829 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:07 +0800] "HEAD /99999.zip HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:08 +0800] "HEAD /33333.rar HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:08 +0800] "HEAD /44444.rar HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:09 +0800] "HEAD /55555.rar HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:09 +0800] "HEAD /aaaaa.zip HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:09 +0800] "HEAD /66666.rar HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:09 +0800] "HEAD /aaaaa.rar HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:10 +0800] "HEAD /77777.rar HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:10 +0800] "HEAD /bbbbb.zip HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:10 +0800] "HEAD /88888.rar HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:11 +0800] "HEAD /99999.rar HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:11 +0800] "HEAD /bbbbb.rar HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:11 +0800] "HEAD /11111.tgz HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:12 +0800] "HEAD /ccccc.zip HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:12 +0800] "HEAD /22222.tgz HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:12 +0800] "HEAD /ccccc.rar HTTP/1.0" 404 1831 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:13 +0800] "HEAD /33333.tgz HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:13 +0800] "HEAD /ddddd.zip HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:13 +0800] "HEAD /44444.tgz HTTP/1.0" 404 1831 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:13 +0800] "HEAD /55555.tgz HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:13 +0800] "HEAD /ddddd.rar HTTP/1.0" 404 1831 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:14 +0800] "HEAD /66666.tgz HTTP/1.0" 404 1831 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:14 +0800] "HEAD /eeeee.zip HTTP/1.0" 404 1831 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:14 +0800] "HEAD /77777.tgz HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:14 +0800] "HEAD /eeeee.rar HTTP/1.0" 404 1831 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:15 +0800] "HEAD /fffff.zip HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:15 +0800] "HEAD /88888.tgz HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:16 +0800] "HEAD /99999.tgz HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
180.173.169.247 - - [18/Nov/2014:20:54:16 +0800] "HEAD /fffff.rar HTTP/1.0" 404 1830 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
太多了。基本类似
14 条回复 • 2014-11-20 09:14:00 +08:00
|
|
1
iptux 2014-11-20 00:15:49 +08:00
.7z 保平安
|
|
|
2
hjc4869 2014-11-20 00:16:19 +08:00 via iPhone
穷举压缩包?
|
|
|
3
jimmy2010 2014-11-20 00:20:10 +08:00
这就是猜备份文件,万一你不小心将代码压缩在根目录了呢? 看来你的网站已经成为目标了。
|
|
|
4
zhs227 2014-11-20 00:22:15 +08:00
看着都觉得不可思议。 经常有时候备份的zip放在网站目录下,看来不保险,要改一下.htaccess了
有没有什么办法如果一个用户多次404以后直接ban掉?比如利用fail2ban的机制这种 正常不会有一个疯子一直不停的访问404页面。
|
|
|
5
xifangczy 2014-11-20 00:23:04 +08:00
扫描工具干的呗。很正常。经常有这样的日志,这么大量估计是针对你网站扫的。
|
|
|
6
jimmy2010 2014-11-20 00:24:28 +08:00
你把日志down下来,正则匹配搜索 HEAD.*200 如果有结果的话,说明该行类似 /fffff.zip 这样的已经被他猜到了
|
|
|
7
xiaozi 2014-11-20 00:24:48 +08:00 3
已经被扫n次,为了配合扫描,我都有文件返回给他们,是不是对这些人很好。
|
|
|
8
jimmy2010 2014-11-20 00:40:56 +08:00
@ xiaozi 404改200么,这个也是可以通过分析返回内容来判断文件是否真实存在的
|
|
|
9
Showfom 2014-11-20 00:42:16 +08:00 via iPhone
|
|
|
10
Showfom 2014-11-20 00:42:46 +08:00 via iPhone
@ jimmy2010 你可以把 404 跳转到某个 www.zip 里面放点木马什么的
|
|
|
11
vibbow 2014-11-20 03:01:22 +08:00
@ xiaozi 好主意 写个PHP脚本去,把这些文件都重定向到PHP脚本,然后无限输出......
|