106.14.83.56 - - [20/Aug/2020:10:21:54 +0800] "GET / HTTP/1.0" 403 162 "-" "-"
106.14.83.56 - - [20/Aug/2020:10:22:05 +0800] "GET / HTTP/1.0" 403 162 "-" "-"
106.14.83.56 - - [20/Aug/2020:10:22:05 +0800] "GET / HTTP/1.1" 403 162 "-" "-"
47.100.130.114 - - [20/Aug/2020:11:27:27 +0800] "GET / HTTP/1.0" 403 162 "-" "-"
79.124.62.254 - - [20/Aug/2020:16:25:36 +0800] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 166 "-" "-"
101.133.224.44 - - [20/Aug/2020:16:44:43 +0800] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\x8Fe\xA3S\x98\x8B:\x94\xF0~\x0B\xA1\xD5\x1A\xAB\x0C\xE8\xD3\xD8\xC4X\x1A]\x12]Q\xD9\xB5i\xC8\x96\xF0 \x96\x8C" 400 166 "-" "-"
101.133.224.44 - - [20/Aug/2020:16:44:43 +0800] "GET / HTTP/1.1" 400 568 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"
194.61.55.107 - - [21/Aug/2020:06:34:26 +0800] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 166 "-" "-"
194.61.55.107 - - [21/Aug/2020:06:34:27 +0800] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 166 "-" "-"
针对thinkphp的远程代码执行漏洞进行的攻击,下面写了一个正则表达式针对此攻击
正则表达式:
\[function|exec|sh]$
剩下那个cookie没啥用,就不匹配了