网站被机器扫漏洞

网络安全
1

前端时间弄的网站,被人XSS攻击放了一段垃圾代码。今天准备做个监控站点,一看网站log,刚架上去,就有人开始扫了。话说各位大佬,有没有啥手段去减少这种扫描?还是直接banip?

213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /config/database.php HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /config.xml HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /backup.zip HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /docker-compose.yml HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /dump.sql HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /config.php HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /backup.tar.gz HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /etc/shadow HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /.kube/config HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /.ssh/id_ecdsa HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /database.sql HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:16 +0800] "GET /secrets.json HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:17 +0800] "GET /config/production.json HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:17 +0800] "GET /etc/ssl/private/server.key HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:17 +0800] "GET /config.yml HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:17 +0800] "GET / HTTP/1.1" 302 32 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:17 +0800] "GET /feed HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:17 +0800] "GET /backup.sql HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:18 +0800] "GET /.aws/credentials HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:18 +0800] "GET /wp-admin/setup-config.php HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:18 +0800] "GET /.ssh/id_ed25519 HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:18 +0800] "GET /.env HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:18 +0800] "GET /.ssh/id_rsa HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:19 +0800] "GET /web.config HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:19 +0800] "GET /server.key HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:20 +0800] "GET /.svn/wc.db HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:21 +0800] "GET /config.json HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:21 +0800] "GET /.env.production HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:22 +0800] "GET /.git/HEAD HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:25 +0800] "GET /config.yaml HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:25 +0800] "GET /server-status HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:26 +0800] "GET /wp-config.php HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.232.87.232 - - [24/Jun/2024:12:12:26 +0800] "GET /phpinfo.php HTTP/1.1" 200 1157 "-" "Go-http-client/1.1" "-"
213.152.176.252 - - [24/Jun/2024:12:12:28 +0800] "GET /dashboard HTTP/1.1" 200 0 "https://up.gooday.press/" "Go-http-client/1.1" "-"
152.42.190.149 - - [24/Jun/2024:13:19:45 +0800] "GET /wp-admin/setup-config.php?step=1 HTTP/1.1" 301 166 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-J111F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.90 Mobile Safari/537.36" "-"
152.42.190.149 - - [24/Jun/2024:13:19:46 +0800] "GET /wp-admin/setup-config.php?step=1 HTTP/2.0" 200 1145 "http://up.gooday.press/wp-admin/setup-config.php?step=1" "Mozilla/5.0 (Linux; Android 5.1.1; SM-J111F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.90 Mobile Safari/537.36" "-"
152.42.190.149 - - [24/Jun/2024:13:19:46 +0800] "GET /wordpress/wp-admin/setup-config.php?step=1 HTTP/1.1" 301 166 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-J111F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.90 Mobile Safari/537.36" "-"
152.42.190.149 - - [24/Jun/2024:13:19:46 +0800] "GET /wordpress/wp-admin/setup-config.php?step=1 HTTP/2.0" 200 1145 "http://up.gooday.press/wordpress/wp-admin/setup-config.php?step=1" "Mozilla/5.0 (Linux; Android 5.1.1; SM-J111F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.90 Mobile Safari/537.36" "-"
218.104.46.226 - - [24/Jun/2024:13:22:24 +0800] "GET /wp-admin/setup-config.php?step=1 HTTP/2.0" 200 1145 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:24 +0800] "GET /socket.io/?EIO=4&transport=polling&t=P18iWJZ HTTP/2.0" 200 118 "https://up.gooday.press/wp-admin/setup-config.php?step=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:24 +0800] "POST /socket.io/?EIO=4&transport=polling&t=P18iWM8&sid=lOkiwUkMI3seaNgBAAA8 HTTP/2.0" 200 2 "https://up.gooday.press/wp-admin/setup-config.php?step=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:24 +0800] "GET /socket.io/?EIO=4&transport=polling&t=P18iWM9&sid=lOkiwUkMI3seaNgBAAA8 HTTP/2.0" 200 32 "https://up.gooday.press/wp-admin/setup-config.php?step=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:24 +0800] "GET /socket.io/?EIO=4&transport=polling&t=P18iWN7&sid=lOkiwUkMI3seaNgBAAA8 HTTP/2.0" 200 99 "https://up.gooday.press/wp-admin/setup-config.php?step=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:24 +0800] "POST /socket.io/?EIO=4&transport=polling&t=P18iWN7.0&sid=lOkiwUkMI3seaNgBAAA8 HTTP/2.0" 200 2 "https://up.gooday.press/wp-admin/setup-config.php?step=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:24 +0800] "GET /socket.io/?EIO=4&transport=polling&t=P18iWNr&sid=lOkiwUkMI3seaNgBAAA8 HTTP/2.0" 200 16 "https://up.gooday.press/wp-admin/setup-config.php?step=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:24 +0800] "GET /socket.io/?EIO=4&transport=polling&t=P18iWOY&sid=lOkiwUkMI3seaNgBAAA8 HTTP/2.0" 200 1267 "https://up.gooday.press/wp-admin/setup-config.php?step=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:24 +0800] "GET /manifest.json HTTP/2.0" 200 415 "https://up.gooday.press/wp-admin/setup-config.php?step=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:28 +0800] "GET /socket.io/?EIO=4&transport=websocket&sid=lOkiwUkMI3seaNgBAAA8 HTTP/1.1" 101 111703 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:34 +0800] "GET / HTTP/2.0" 302 64 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:34 +0800] "GET /dashboard HTTP/2.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:34 +0800] "GET /socket.io/?EIO=4&transport=polling&t=P18iYnb HTTP/2.0" 200 118 "https://up.gooday.press/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:34 +0800] "POST /socket.io/?EIO=4&transport=polling&t=P18iYpI&sid=tJw-LL5FzDkD2MNfAAA- HTTP/2.0" 200 2 "https://up.gooday.press/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:34 +0800] "GET /socket.io/?EIO=4&transport=polling&t=P18iYpJ&sid=tJw-LL5FzDkD2MNfAAA- HTTP/2.0" 200 32 "https://up.gooday.press/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:34 +0800] "GET /socket.io/?EIO=4&transport=polling&t=P18iYqN&sid=tJw-LL5FzDkD2MNfAAA- HTTP/2.0" 200 99 "https://up.gooday.press/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:34 +0800] "POST /socket.io/?EIO=4&transport=polling&t=P18iYqO&sid=tJw-LL5FzDkD2MNfAAA- HTTP/2.0" 200 2 "https://up.gooday.press/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:34 +0800] "GET /manifest.json HTTP/2.0" 200 415 "https://up.gooday.press/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:34 +0800] "GET /socket.io/?EIO=4&transport=polling&t=P18iYr4&sid=tJw-LL5FzDkD2MNfAAA- HTTP/2.0" 200 1275 "https://up.gooday.press/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:35 +0800] "POST /socket.io/?EIO=4&transport=polling&t=P18iYs6&sid=tJw-LL5FzDkD2MNfAAA- HTTP/2.0" 200 2 "https://up.gooday.press/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:35 +0800] "GET /socket.io/?EIO=4&transport=polling&t=P18iYro&sid=tJw-LL5FzDkD2MNfAAA- HTTP/2.0" 200 26 "https://up.gooday.press/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
218.104.46.226 - - [24/Jun/2024:13:22:44 +0800] "GET /socket.io/?EIO=4&transport=websocket&sid=tJw-LL5FzDkD2MNfAAA- HTTP/1.1" 101 111703 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" "-"
1 个赞
2

简单点就是fail2ban
直接点,就是放任不管

3

网站只监听内网,然后使用cloudflare tunnel转发
注意是tunnel 不是开启CDN
这样可以在DNS里隐藏你网站真实ip
无论啥攻击 cloudflare都帮你挡了

6 个赞
4

这个要点技术,tunnel转发还在学习中。

5

tunnel确实好,还能配合access弄认证,唯一的就是速度慢

6

公网扫描多很正常,如果有资源,防护可以用开源的waf之类的应用。比如雷池社区版https://waf-ce.chaitin.cn/