未分類
20 8 月 2020

网站疑似被攻击,网站日志分析这是准备试我后台密码?

微笑着吃饭 大佬有话说 :

网站疑似被攻击,网站日志分析这是准备试我后台密码?

昨天开始断断续续挂掉,我还有点兴奋,日均1IP的小博客,居然一个月200多M的网站日志。。。

打开翻了下,以下这种都是准备试我后台密码? 我网络安全一窍不通,应该怎么搞

120.26.50.66 – – "HEAD /admin/login.php HTTP/1.1" 200 0 "-" "-"
120.26.50.66 – – "HEAD /guanli/login.php HTTP/1.1" 404 0 "-" "-"
120.26.50.66 – – "HEAD /caiyuan/login.php HTTP/1.1" 404 0 "-" "-"
120.26.50.66 – – "HEAD /admin/%20login.php HTTP/1.1" 404 0 "-" "-"
120.26.50.66 – – "HEAD /dede/login.php HTTP/1.1" 404 0 "-" "-"
120.26.50.66 – – "HEAD /dedea/login.php HTTP/1.1" 404 0 "-" "-"
120.26.50.66 – – "HEAD /jian/login.php HTTP/1.1" 404 0 "-" "-"
120.26.50.66 – – "HEAD /houtai/login.php HTTP/1.1" 404 0 "-" "-"
120.26.50.66 – – "HEAD /wang/login.php HTTP/1.1" 404 0 "-" "-"
120.26.50.66 – – "HEAD /dede123/login.php HTTP/1.1" 404 0 "-" "-"
120.26.50.66 – – "HEAD /chen/login.php HTTP/1.1" 404 0 "-" "-"

128.199.231.165 – – "GET /vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
61.182.137.86 – – "GET /background.html HTTP/1.1" 200 5047 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
61.182.137.86 – – "GET /so/background/bing-img.php HTTP/1.1" 302 5 "https://www.123er.com/usr/themes/default/123er.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
61.182.137.116 – – "GET /favicon.ico HTTP/1.1" 200 67646 "https://www.123er.com/background.html" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
128.199.231.165 – – "GET /wp-content/plugins/cloudflare/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /sites/all/libraries/mailchimp/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /modules/autoupgrade/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /modules/pscartabandonmentpro/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /modules/ps_facetedsearch/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /modules/gamification/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
117.34.13.78 – – "HEAD / HTTP/1.1" 200 0 "-" "-"
128.199.231.165 – – "GET /modules/ps_checkout/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
61.182.137.81 – – "GET /so/background/img4.php HTTP/1.1" 200 342928 "https://www.123er.com/background.html" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
128.199.231.165 – – "GET /apps-external/polls/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /apps/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /dev/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /demo/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /cms/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
58.211.2.42 – – "GET / HTTP/1.1" 200 5143 "-" "DNSPod-Monitor/2.0"
128.199.231.165 – – "GET /crm/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /blog/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /api/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /admin/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
58.211.2.114 – – "GET / HTTP/1.1" 200 5143 "-" "DNSPod-Monitor/2.0"
128.199.231.165 – – "GET /laravel/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /yii/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /admin/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /new/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
58.211.2.102 – – "GET / HTTP/1.1" 200 5143 "http://www.sogou.com/web?query=site%3Awww.123er.com" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"
122.190.2.54 – – "GET /usr/themes/default/assets/css/fontawesome-all.min.css HTTP/1.1" 404 2767 "http://www.123er.com/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"
128.199.231.165 – – "GET /old/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /admin/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
128.199.231.165 – – "GET /site/vendor/phpunit/phpunit/phpunit.xml HTTP/1.1" 404 2767 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
117.34.13.90 – – "HEAD / HTTP/1.1" 200 0 "-" "-"

012 大佬有话说 :

我觉得是在扫你目录 不用管https://cdn.jsdelivr.net/gh/hishis/forum-master/public/images/patch.gif

panghu 大佬有话说 :

poweroff 随便他扫

蝙蝠侠 大佬有话说 :

这个让他随便扫

Sage 大佬有话说 :

扫描敏感文件敏感目录的

kem 大佬有话说 :

密码复杂,随便破解,加个验证

微笑着吃饭 大佬有话说 :

012 大佬有话说 : 2020-8-20 17:44
我觉得是在扫你目录 不用管

那偶尔挂掉纯粹是我的小鸡不给力?

llmwxt 大佬有话说 :

暴力破解!:lol:lol:lol

avada 大佬有话说 :

这是在扫目录确定后台和程序,然后扫插件利用漏洞上传木马

野兔 大佬有话说 :

工具扫后台,扫到再撞库。