Apache访问日志,奇怪的帖子请求

时间:2017-05-24 03:15:37

标签: apache access-log

在我的访问日志中收到很多奇怪的请求:

ip login:"-" - - [24/May/2017:01:26:30 +0700] "POST /3A348409-DD98-D443-96A4-D712F51D8B11/D89B1EDB-4CED-D145-9246-16243451D23D/from HTTP/1.0" 404 1346 Time:"2s" pid:23050 Mem:"2097152
ip login:"-" - - [24/May/2017:00:48:35 +0700] "POST /3A348409-DD98-D443-96A4-D712F51D8B11/E970DBFE-0DB1-A749-9392-CF1704CC81FD/from HTTP/1.0" 404 1348 Time:"0s" pid:22893 Mem:"4194304"
ip login:"-" - - [23/May/2017:00:33:08 +0700] "POST /CE92AFB2-2FDE-8742-B5ED-0629F2B9B622/2D682DC1-D8C5-574F-8A0E-AC62EB96CBD8/from HTTP/1.0" 404 1348 Time:"0s" pid:6695 Mem:"4194304"
...

此外,有时(不常见),获取包含HTML页面部分的其他类型的日志记录:

ip login:"-" - - [23/May/2017:14:00:49 +0700] "GET /static/legacy/js/ion%20value=201602>%D4%E5%E2%F0%E0%EB%FC%202016</option><option%20value=201601>%DF%ED%E2%E0%F0%FC%202016</option><option%20value=201512>%C4%E5%EA%E0%E1%F0%FC%202015</option><option%20value=201511>%CD%EE%FF%E1%F0%FC%202015</option><option%20value=201510>%CE%EA%F2%FF%E1%F0%FC%202015</option><option%20value=201509>%D1%E5%ED%F2%FF%E1%F0%FC%202015</option><option%20value=201508>%C0%E2%E3%F3%F1%F2%202015</option><option%20value=201507>%C8%FE%EB%FC%202015</option><option%20value=201506>%C8%FE%ED%FC%202015</option><option%20value=201505>%CC%E0%E9%202015</option><option%20value=201504>%C0%EF%F0%E5%EB%FC%202015</option><option%20value=201503>%CC%E0%F0%F2%202015</option><option%20value=201502>%D4%E5%E2%F0%E0%EB%FC%202015</option><option%20value=201501>%DF%ED%E2%E0%F0%FC%202015</option><option%20value=201412>%C4%E5%EA%E0%E1%F0%FC%202014</option><option%20value=201411>%CD%EE%FF%E1%F0%FC%202014</option><option%20value=201410>%CE%EA%F2%FF%E1%F0%FC%202014</option><option%20value=201409>%D1%E5%ED%F2%FF%E1%F0%FC%202014</option><option%20value=201408>%C0%E2%E3%F3%F1%F2%202014</option><option%20value=201407>%C8%FE%EB%FC%202014</option><option%20value=201406>%C8%FE%ED%FC%202014</option><option%20value=201405>%CC%E0%E9%202014</option><option%20value=201404>%C0%EF%F0%E5%EB%FC%202014</option><option%20value=201403>%CC%E0%F0%F2%202014</option><option%20value=201402>%D4%E5%E2%F0%E0%EB%FC%202014</option><option%20value=201401>%DF%ED%E2%E0%F0%FC%202014</option><option%20value=201312>%C4%E5%EA%E0%E1%F0%FC%202013</option><option%20value=201311>%CD%EE%FF%E1%F0%FC%202013</option></select></td></tr><script%20type= HTTP/1.0" 404 1347 Time:"0s" pid:15377 Mem:"4194304"

任何人都知道一些事情吗?

操作系统:ubuntu 15.10 x64

Apache:v 2.4.24

1 个答案:

答案 0 :(得分:0)

在我看来,有人在您的代码中某处发现了cross-site scripting(XSS)漏洞。

如果没有看到/static/legacy/js/ion中找到的文件中找到的代码(大概是),那么几乎不可能就需要做什么提供任何建议或答案。

一般来说,在某个地方,有一些代码存在,它在没有首先被消毒的情况下产生输出。它可能位于该文件中,或者甚至可能位于生成写入该行的输出的文件内。

无论哪种方式,最好搜索用户提供的$_POST$_GET$_REQUEST等内容,而不首先进行清理。

相关问题
最新问题