对于未知的。php文件,HTTP GET请求被发送到我的网站。为什么以及如何预防这种情况

时间:2022-11-11 23:07:46

I have an application deployed on a digital ocean droplet. About 1 day after deploying, my server crashed, the final logs look like this:

我有一个应用程序部署在一个数字海洋小滴上。在部署后大约1天,我的服务器崩溃了,最后的日志是这样的:

GET /vehicle/tank/all/1 304 2.965 ms - -
GET /vehicle/tank/all/1 304 2.582 ms - -
GET /vehicle/tank/all/1 304 1.735 ms - -
GET /vehicle/tank/all/1 304 1.566 ms - -
GET http://dhg.pisz.pl/httptest.php 404 1.771 ms - 43
GET http://dhg.pisz.pl/httptest.php 404 3.271 ms - 43
GET http://dhg.pisz.pl/httptest.php 404 1.051 ms - 43
GET http://24x7-allrequestsallowed.com/?  PHPSESSID=aab45f4f00143PWZJTVBY%40DXJFV%5D 200 1.777 ms - 1878
GET / 200 2.794 ms - 1878
GET http://testp4.pospr.waw.pl/testproxy.php 404 2.617 ms - 52
HEAD /robots.txt 404 2.946 ms - 24
HEAD / 200 1.751 ms - 1878
GET http://dhg.pisz.pl/httptest.php 404 9.679 ms - 43

Error: Connection lost: The server closed the connection.
at Protocol.end (/root/tycho/node_modules/mysql/lib/protocol/Protocol.js:109:13)
at Socket.<anonymous> (/root/tycho/node_modules/mysql/lib/Connection.js:102:28)
at Socket.EventEmitter.emit (events.js:117:20)
at _stream_readable.js:920:16
at process._tickCallback (node.js:415:13)
[nodemon] app crashed - waiting for file changes before starting...

Is this an attack? If so, what can I do to prevent a client from making these types of get requests in the first place?

这是攻击吗?如果是的话,我首先要做什么来阻止客户端发出这些类型的get请求呢?

1 个解决方案

#1


2  

You could block their IP addresses with your firewall. Searching for "fail2ban" and the name of your server should turn up some tutorials on how to automate this process. If you notice the majority of the attacks are from a certain area, blocking IP addresses by region (geoIP) is also an option.

你可以用防火墙阻止他们的IP地址。搜索“fail2ban”和服务器名时,应该会找到一些关于如何自动执行这个过程的教程。如果您注意到大多数攻击来自特定的区域,那么按区域阻塞IP地址(geoIP)也是一种选择。

#1


2  

You could block their IP addresses with your firewall. Searching for "fail2ban" and the name of your server should turn up some tutorials on how to automate this process. If you notice the majority of the attacks are from a certain area, blocking IP addresses by region (geoIP) is also an option.

你可以用防火墙阻止他们的IP地址。搜索“fail2ban”和服务器名时,应该会找到一些关于如何自动执行这个过程的教程。如果您注意到大多数攻击来自特定的区域,那么按区域阻塞IP地址(geoIP)也是一种选择。