VPS侦探论坛 › LNMP一键安装包 › 军哥，遇到这种情况，该怎么防御，附上nginx的日志

bskr 发表于 2019-3-8 10:13:40

军哥，遇到这种情况，该怎么防御，附上nginx的日志

132.232.30.140 - - "POST /z.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /7.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /xiaoma.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /xiaomae.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /xiaomar.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /qq.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /data.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /log.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /fack.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /angge.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /cxfm666.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /db.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /hacly.php HTTP/1.1" 503 608 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /xiaomo.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"
132.232.30.140 - - "POST /xiaoyu.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36"


上面只是日志的一小部分，持续了有十分钟。然后我网站根本没有这些文件，xiaoyu.php，xiaomo.php，hacly.php。。。等等
请问这是什么情况，该怎么防御，谢谢！！！

licess 发表于 2019-3-8 12:01:48

没有具体的规律
只能限制访问次数或者安装waf

查看完整版本: 军哥，遇到这种情况，该怎么防御，附上nginx的日志