我本主开发,因没人,除了让人把几台server运到IDC。其他系统安装、虚拟机安装、系统上线、运维等事就我一手操办了。
幸好大学时对server的倒腾及毕业后在广东移动OCS维护经验,尽管不专业,可是能一步一个脚印地实施。
常常查看日志。偶尔会发现一些不怀好意的訪问,当然也可能是某些人或者机构来检查站点的安全性吧。
通过日志看看别人是怎么扫描的,採取对应的措施。添加运维安全经验。
有时候公司老是提安全不记心。还不如亲身体验一下风险,那会后怕。
1. 通过直接获取站点根文件夹的文件。
防治办法就是不要放置与站点无关的文件。
以下是一些訪问记录,看看都有些什么:
2014/07/06 17:17:38 [/radminpass.php][WARN] radminpass.php
2014/07/06 17:17:38 [/dg][WARN] dg
2014/07/06 17:17:38 [/ radminpass.php][WARN] radminpass.php
2014/07/06 17:17:38 [/d][WARN] d
2014/07/06 17:17:39 [/admin][WARN] admin
2014/07/06 17:17:39 [/dede][WARN] dede
2014/07/06 17:17:39 [/rc.php][WARN] rc.php
2014/07/06 17:17:39 [/admin_login.asp][WARN] admin_login.asp
2014/07/06 17:17:39 [/admin_login.php][WARN] admin_login.php
2014/07/06 17:17:39 [/install.php][WARN] install.php
2014/07/06 17:17:39 [/admi][WARN] admi
2014/07/06 17:17:39 [/manage][WARN] manage
2014/07/06 17:17:39 [/ded][WARN] ded
2014/07/06 17:17:39 [/ rc.php][WARN] rc.php
2014/07/06 17:17:39 [/ admin_login.asp][WARN] admin_login.asp
2014/07/06 17:17:39 [/ install.php][WARN] install.php
2014/07/06 17:17:39 [/ admin_login.php][WARN] admin_login.php
2014/07/06 17:17:39 [/manag][WARN] manag
2014/07/06 17:17:39 [/ftp.txt][WARN] ftp.txt
2014/07/06 17:17:39 [/使用说明.txt][WARN] 使用说明.txt
2014/07/06 17:17:39 [/www.zip][WARN] www.zip
2014/07/06 17:17:39 [/admin.php][WARN] admin.php
2014/07/06 17:17:39 [/robot.txt][WARN] robot.txt
2014/07/06 17:17:39 [/wwwroot.rar][WARN] wwwroot.rar
2014/07/06 17:17:39 [/www.rar][WARN] www.rar
2014/07/06 17:17:39 [/wwwroot.zip][WARN] wwwroot.zip
2014/07/06 17:17:39 [/1.asp][WARN] 1.asp
2014/07/06 17:17:39 [/fuck.asp][WARN] fuck.asp
2014/07/06 17:17:39 [/cmd.asp][WARN] cmd.asp
2014/07/06 17:17:39 [/1.php][WARN] 1.php
2014/07/06 17:17:39 [/ok.asp][WARN] ok.asp
2014/07/06 17:17:39 [/123.asp][WARN] 123.asp
2014/07/06 17:17:39 [/aspxspy.aspxx][WARN] aspxspy.aspxx
2014/07/06 17:17:39 [/aspxspy.phpx][WARN] aspxspy.phpx
2014/07/06 17:17:39 [/1.aspx][WARN] 1.aspx
2014/07/06 17:17:39 [/ASPXspy2.phpx][WARN] ASPXspy2.phpx
2014/07/06 17:17:39 [/a.asp][WARN] a.asp
2014/07/06 17:17:39 [/ASPXspy2.aspxx][WARN] ASPXspy2.aspxx
2014/07/06 17:17:39 [/ wwwroot.rar][WARN] wwwroot.rar
2014/07/06 17:17:39 [/lcx.aspx][WARN] lcx.aspx
2014/07/06 17:17:39 [/ ftp.txt][WARN] ftp.txt
2014/07/06 17:17:39 [/ 使用说明.txt][WARN] 使用说明.txt
2014/07/06 17:17:39 [/ www.zip][WARN] www.zip
2014/07/06 17:17:39 [/ robot.txt][WARN] robot.txt
2014/07/06 17:17:39 [/ www.rar][WARN] www.rar
2014/07/06 17:17:39 [/ admin.php][WARN] admin.php
2014/07/06 17:17:39 [/ fuck.asp][WARN] fuck.asp
2014/07/06 17:17:39 [/hack.asp][WARN] hack.asp
2014/07/06 17:17:39 [/ cmd.asp][WARN] cmd.asp
2014/07/06 17:17:39 [/ ok.asp][WARN] ok.asp
2014/07/06 17:17:39 [/xx.asp][WARN] xx.asp
2014/07/06 17:17:39 [/ 123.asp][WARN] 123.asp
2014/07/06 17:17:39 [/gay.aspx][WARN] gay.aspx
2014/07/06 17:17:39 [/ 1.asp][WARN] 1.asp
2014/07/06 17:17:39 [/ 1.php][WARN] 1.php
2014/07/06 17:17:39 [/ aspxspy.aspxx][WARN] aspxspy.aspxx
2014/07/06 17:17:39 [/ wwwroot.zip][WARN] wwwroot.zip
2014/07/06 17:17:39 [/ ASPXspy2.phpx][WARN] ASPXspy2.phpx
2014/07/06 17:17:39 [/ a.asp][WARN] a.asp
2014/07/06 17:17:39 [/xxoo.asp][WARN] xxoo.asp
2014/07/06 17:17:39 [/xm.asp][WARN] xm.asp
2014/07/06 17:17:39 [/ 1.aspx][WARN] 1.aspx
2014/07/06 17:17:39 [/ aspxspy.phpx][WARN] aspxspy.phpx
2014/07/06 17:17:39 [/ lcx.aspx][WARN] lcx.aspx
2014/07/06 17:17:39 [/diy.asp][WARN] diy.asp
2014/07/06 17:17:39 [/说明.txt][WARN] 说明.txt
2014/07/06 17:17:39 [/安装说明书.txt][WARN] 安装说明书.txt
2014/07/06 17:17:39 [/ms.asp][WARN] ms.asp
2014/07/06 17:17:39 [/新建文本文档.txt][WARN] 新建文本文档.txt
2014/07/06 17:17:39 [/ xx.asp][WARN] xx.asp
2014/07/06 17:17:39 [/ ASPXspy2.aspxx][WARN] ASPXspy2.aspxx
2014/07/06 17:17:39 [/备份.rar][WARN] 备份.rar
2014/07/06 17:17:39 [/安装说明.txt][WARN] 安装说明.txt
2014/07/06 17:17:39 [/说明书.txt][WARN] 说明书.txt
2014/07/06 17:17:39 [/ hack.asp][WARN] hack.asp
2014/07/06 17:17:39 [/站点备份.rar][WARN] 站点备份.rar
2014/07/06 17:17:39 [/ftp.txt][WARN] ftp.txt
2014/07/06 17:17:39 [/mima.txt][WARN] mima.txt
2014/07/06 17:17:39 [/pass.txt][WARN] pass.txt
2014/07/06 17:17:39 [/123.txt][WARN] 123.txt
2014/07/06 17:17:39 [/qq.txt][WARN] qq.txt
2014/07/06 17:17:39 [/ xxoo.asp][WARN] xxoo.asp
2014/07/06 17:17:39 [/ gay.aspx][WARN] gay.aspx
2014/07/06 17:17:39 [/password.txt][WARN] password.txt
2014/07/06 17:17:39 [/ xm.asp][WARN] xm.asp
2014/07/06 17:17:39 [/ diy.asp][WARN] diy.asp
2014/07/06 17:17:39 [/ 说明.txt][WARN] 说明.txt
2014/07/06 17:17:39 [/ 备份.rar][WARN] 备份.rar
2014/07/06 17:17:39 [/ 新建文本文档.txt][WARN] 新建文本文档.txt
2014/07/06 17:17:39 [/ 安装说明书.txt][WARN] 安装说明书.txt
2014/07/06 17:17:39 [/ ms.asp][WARN] ms.asp
2014/07/06 17:17:39 [/ ftp.txt][WARN] ftp.txt
2014/07/06 17:17:39 [/ mima.txt][WARN] mima.txt
2014/07/06 17:17:39 [/ 站点备份.rar][WARN] 站点备份.rar
2014/07/06 17:17:39 [/ 说明书.txt][WARN] 说明书.txt
2014/07/06 17:17:39 [/ 安装说明.txt][WARN] 安装说明.txt
2014/07/06 17:17:39 [/ pass.txt][WARN] pass.txt
2014/07/06 17:17:39 [/ 123.txt][WARN] 123.txt
2014/07/06 17:17:39 [/ qq.txt][WARN] qq.txt
2014/07/06 17:17:39 [/ password.txt][WARN] password.txt
2014/07/06 17:17:39 [/index.php/ password.txt][WARN] password.txt
2. SQL注入、运行脚本代码
网上说的一些案例都会好理解,但实际操作就复杂多了。不是我辈能理解的。可是一定要懂得其原理。
以下是日志:
2014/08/06 08:58:47 [/us/client/site/][WARN] ?'?
" 2014/08/06 08:58:47 [/us/client/site/e''e""][WARN] e''e"" 2014/08/06 08:58:47 [/us/hi/password/activity_android][WARN] activity_android 2014/08/06 08:58:47 [/us/hi/password/1'"][WARN] 1'" 2014/08/06 08:58:47 [/us/hi/password/\][WARN] \ 2014/08/06 08:58:48 [/us/hi/password/@@zhqPp][WARN] @@zhqPp 2014/08/06 08:58:48 [/us/hi/password/JyI=][WARN] JyI= 2014/08/06 08:58:48 [/us/hi/password/][WARN] ?
'?" 2014/08/06 08:58:48 [/us/hi/password/e''e""][WARN] e''e"" 2014/08/06 08:58:48 [/us/client/download/o2a3iWxX][WARN] o2a3iWxX 2014/08/06 08:58:48 [/us/client/download/activity_android' AND 2+1-1-1=0+0+0+1 AND 'Q36n'='Q36n][WARN] activity_android' AND 2+1-1-1=0+0+0+1 AND 'Q36n'='Q36n 2014/08/06 08:58:49 [/us/client/download/activity_android" AND 2+1-1-1=0+0+0+1 AND "ios3"="ios3][WARN] activity_android" AND 2+1-1-1=0+0+0+1 AND "ios3"="ios3 2014/08/06 08:58:49 [/us/client/download/wF9XZogm'; waitfor delay '0:0:9' -- ][WARN] wF9XZogm'; waitfor delay '0:0:9' -- 2014/08/06 08:58:49 [/us/client/download/8hzZ0diT'); waitfor delay '0:0:9' -- ][WARN] 8hzZ0diT'); waitfor delay '0:0:9' -- 2014/08/06 08:58:49 [/us/client/download/P3y3ZpXe')); waitfor delay '0:0:9' -- ][WARN] P3y3ZpXe')); waitfor delay '0:0:9' -- 2014/08/06 08:58:49 [/us/client/download/p5Jv1biQ';select pg_sleep(3); -- ][WARN] p5Jv1biQ';select pg_sleep(3); -- 2014/08/06 08:58:49 [/us/client/download/yy4bfMpu');select pg_sleep(3); -- ][WARN] yy4bfMpu');select pg_sleep(3); -- 2014/08/06 08:58:49 [/us/client/download/1n24zbF7'));select pg_sleep(3); -- ][WARN] 1n24zbF7'));select pg_sleep(3); -- 2014/08/06 08:58:49 [/us/client/site/activity_android][WARN] activity_android 2014/08/06 08:58:49 [/us/client/site/activity_android][WARN] activity_android 2014/08/06 08:58:50 [/us/client/site/bZYCjp9i][WARN] bZYCjp9i 2014/08/06 08:58:50 [/us/client/site/Yp22mRb0'; waitfor delay '0:0:8' -- ][WARN] Yp22mRb0'; waitfor delay '0:0:8' -- 2014/08/06 08:58:50 [/us/client/site/GipCpLwS'); waitfor delay '0:0:12' -- ][WARN] GipCpLwS'); waitfor delay '0:0:12' -- 2014/08/06 08:58:50 [/us/client/site/wpaFt8uZ')); waitfor delay '0:0:12' -- ][WARN] wpaFt8uZ')); waitfor delay '0:0:12' -- 2014/08/06 08:58:50 [/us/client/site/LHmRvr2W';select pg_sleep(4); -- ][WARN] LHmRvr2W';select pg_sleep(4); -- 2014/08/06 08:58:50 [/us/client/site/FpfYyg8i');select pg_sleep(4); -- ][WARN] FpfYyg8i');select pg_sleep(4); -- 2014/08/06 08:58:50 [/us/client/site/bgAKX3yU'));select pg_sleep(8); -- ][WARN] bgAKX3yU'));select pg_sleep(8); -- 2014/08/06 08:58:50 [/us/hi/password/activity_android][WARN] activity_android 2014/08/06 08:58:50 [/us/hi/password/activity_android][WARN] activity_android 2014/08/06 08:58:50 [/us/hi/password/YnYOKKNo][WARN] YnYOKKNo 2014/08/06 08:58:51 [/us/hi/password/lyolpZ8k'; waitfor delay '0:0:15' -- ][WARN] lyolpZ8k'; waitfor delay '0:0:15' -- 2014/08/06 08:58:51 [/us/hi/password/JCezDwnG'); waitfor delay '0:0:5' -- ][WARN] JCezDwnG'); waitfor delay '0:0:5' -- 2014/08/06 08:58:51 [/us/hi/password/Y21nSzkr')); waitfor delay '0:0:5' -- ][WARN] Y21nSzkr')); waitfor delay '0:0:5' -- 2014/08/06 08:58:51 [/us/hi/password/ZX3m329T';select pg_sleep(10); -- ][WARN] ZX3m329T';select pg_sleep(10); -- 2014/08/06 08:58:51 [/us/hi/password/LuzmHK9d');select pg_sleep(10); -- ][WARN] LuzmHK9d');select pg_sleep(10); -- 2014/08/06 08:58:51 [/us/hi/password/LvjtNfZh'));select pg_sleep(10); -- ][WARN] LvjtNfZh'));select pg_sleep(10); --
3. 推測可能的运行文件,或者看是否有已知漏洞的开源软件
像wordpress是最常被检測的开源站点。
除了站点同意请求URL地址,其他无关的地址都应该禁止。
还有小心robots.txt泄露了站点结构可能出现的问题。
以下仅仅是一小部分日志。仅仅有你想不到的。没有别人不会猜的,各种网页脚本后缀包
2014/08/03 04:03:23 [/us/index.php/insert.php][WARN] insert.php WARN
2014/08/03 04:03:23 [/index.php/she11.php][WARN] she11.php WARN
2014/08/03 04:03:23 [/us/index.php/r3za.php][WARN] r3za.php WARN
2014/08/03 04:03:23 [/index.php/footer.php][WARN] footer.php WARN
2014/08/03 04:03:23 [/us/index.php/hydd.php][WARN] hydd.php WARN
2014/08/03 04:03:23 [/index.php/newfile.php][WARN] newfile.php WARN
2014/08/03 04:03:23 [/us/index.php/Judge.php][WARN] Judge.php WARN
2014/08/03 04:03:23 [/index.php/caoc.php][WARN] caoc.php WARN
2014/08/03 04:03:23 [/us/index.php/she11.php][WARN] she11.php WARN
2014/08/03 04:03:23 [/us/index.php/footer.php][WARN] footer.php WARN
2014/08/03 04:03:23 [/index.php/ceshi.php][WARN] ceshi.php WARN
2014/08/03 04:03:23 [/us/index.php/newfile.php][WARN] newfile.php WARN
2014/08/03 04:03:23 [/index.php/jiance.php][WARN] jiance.php WARN
2014/08/03 04:03:23 [/us/index.php/caoc.php][WARN] caoc.php WARN
2014/08/03 04:03:23 [/index.php/aq.php][WARN] aq.php WARN
2014/08/03 04:03:23 [/us/index.php/ceshi.php][WARN] ceshi.php WARN
2014/08/03 04:03:23 [/index.php/bmzh.php][WARN] bmzh.php WARN
2014/08/03 04:03:23 [/index.php/JspSpy.php][WARN] JspSpy.php WARN
2014/08/03 04:03:23 [/us/index.php/jiance.php][WARN] jiance.php WARN
2014/08/03 04:03:23 [/us/index.php/aq.php][WARN] aq.php WARN
2014/08/03 04:03:23 [/index.php/jspSpy.php][WARN] jspSpy.php WARN
2014/08/03 04:03:23 [/us/index.php/bmzh.php][WARN] bmzh.php WARN
2014/08/03 04:03:23 [/index.php/jspspy.php][WARN] jspspy.php WARN
2014/08/03 04:03:23 [/us/index.php/JspSpy.php][WARN] JspSpy.php WARN
2014/08/03 04:03:23 [/index.php/ASPXspy.php][WARN] ASPXspy.php WARN
2014/08/03 04:03:23 [/us/index.php/jspSpy.php][WARN] jspSpy.php WARN
2014/08/03 04:03:23 [/index.php/aspxspy.php][WARN] aspxspy.php WARN
2014/08/03 04:03:23 [/index.php/PHPspy.php][WARN] PHPspy.php WARN
2014/08/03 04:03:23 [/us/index.php/jspspy.php][WARN] jspspy.php WARN
2014/08/03 04:03:23 [/index.php/phpspy.php][WARN] phpspy.php WARN
2014/08/03 04:03:23 [/us/index.php/ASPXspy.php][WARN] ASPXspy.php WARN
2014/08/03 04:03:23 [/index.php/xx.php][WARN] xx.php WARN
2014/08/03 04:03:23 [/us/index.php/aspxspy.php][WARN] aspxspy.php WARN
2014/08/03 04:03:23 [/us/index.php/PHPspy.php][WARN] PHPspy.php WARN
2014/08/03 04:03:23 [/index.php/1.php][WARN] 1.php WARN
2014/08/03 04:03:23 [/us/index.php/phpspy.php][WARN] phpspy.php WARN
2014/08/03 04:03:23 [/index.php/2.php][WARN] 2.php WARN
2014/08/03 04:03:23 [/us/index.php/xx.php][WARN] xx.php WARN
2014/08/03 04:03:23 [/us/index.php/1.php][WARN] 1.php WARN
2014/08/03 04:03:23 [/index.php/3.php][WARN] 3.php WARN
2014/08/03 04:03:23 [/us/index.php/2.php][WARN] 2.php WARN
2014/08/03 04:03:23 [/index.php/4.php][WARN] 4.php WARN
2014/08/03 04:03:23 [/us/index.php/3.php][WARN] 3.php WARN
2014/08/03 04:03:23 [/us/index.php/9.php][WARN] 9.php WARN
2014/08/03 04:03:24 [/index.php/w.php][WARN] w.php WARN
2014/08/03 04:03:24 [/us/index.php/q.php][WARN] q.php WARN
2014/08/03 04:03:24 [/index.php/e.php][WARN] e.php WARN
2014/08/03 04:03:24 [/us/index.php/w.php][WARN] w.php WARN
2014/08/03 04:03:24 [/index.php/r.php][WARN] r.php WARN
2014/08/03 04:03:24 [/us/index.php/e.php][WARN] e.php WARN
2014/08/03 04:03:24 [/us/index.php/r.php][WARN] r.php WARN
2014/08/03 04:03:24 [/index.php/m.php][WARN] m.php WARN
2014/08/03 04:03:24 [/us/index.php/n.php][WARN] n.php WARN
2014/08/03 04:03:24 [/index.php/shell.php][WARN] shell.php WARN
2014/08/03 04:03:24 [/us/index.php/m.php][WARN] m.php WARN
2014/08/03 04:03:24 [/us/index.php/shell.php][WARN] shell.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/?shell.php][WARN] ?
shell.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/ASPWebPack.php][WARN] ASPWebPack.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/121.php][WARN] 121.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/dana.php][WARN] dana.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/dark.php][WARN] dark.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/dd.php][WARN] dd.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/foots.php][WARN] foots.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/kqx.php][WARN] kqx.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/pic.php][WARN] pic.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/wrsky.php][WARN] wrsky.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/wuge.php][WARN] wuge.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/免杀.php][WARN] 免杀.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/小鱼免杀.php][WARN] 小鱼免杀.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/风韵.php][WARN] 风韵.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/DarkBlade.php][WARN] DarkBlade.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/cmd.php][WARN] cmd.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/diy.php][WARN] diy.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/upfile4k2.php][WARN] upfile4k2.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/xiao.php][WARN] xiao.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/dic.php][WARN] dic.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/wt.php][WARN] wt.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/80sec.php][WARN] 80sec.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/dabao.php][WARN] dabao.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/T0p.php][WARN] T0p.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/fuck.php][WARN] fuck.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/dm.php][WARN] dm.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/xm.php][WARN] xm.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/dama.php][WARN] dama.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/xiaoma.php][WARN] xiaoma.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/asp.php][WARN] asp.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/jsp.php][WARN] jsp.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/php.php][WARN] php.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/aspx.php][WARN] aspx.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/mima.php][WARN] mima.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/kill.php][WARN] kill.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/ko.php][WARN] ko.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/rootnull.php][WARN] rootnull.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/root.php][WARN] root.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/r00t.php][WARN] r00t.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/sh0w.php][WARN] sh0w.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/safer.php][WARN] safer.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/houmen.php][WARN] houmen.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/h0umen.php][WARN] h0umen.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/ceshi.php][WARN] ceshi.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/jiance.php][WARN] jiance.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/aq.php][WARN] aq.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/bmzh.php][WARN] bmzh.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/JspSpy.php][WARN] JspSpy.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/jspSpy.php][WARN] jspSpy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/jspspy.php][WARN] jspspy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/ASPXspy.php][WARN] ASPXspy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/aspxspy.php][WARN] aspxspy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/PHPspy.php][WARN] PHPspy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/phpspy.php][WARN] phpspy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/xx.php][WARN] xx.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/1.php][WARN] 1.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/2.php][WARN] 2.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/q.php][WARN] q.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/w.php][WARN] w.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/e.php][WARN] e.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/r.php][WARN] r.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/t.php][WARN] t.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/y.php][WARN] y.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/u.php][WARN] u.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/i.php][WARN] i.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/o.php][WARN] o.php WARN 2014/08/03 04:03:30 [/kdrive/index.php/shell.php][WARN] shell.php WARN 2014/08/03 04:03:33 [/index.php/nulllllllllll.html][WARN] nulllllllllll.html WARN 2014/08/03 04:03:35 [/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:35 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:35 [/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:35 [/us/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:35 [/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:35 [/us/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:35 [/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:35 [/us/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:35 [/us/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:36 [/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:36 [/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:36 [/us/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:36 [/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:36 [/us/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:36 [/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:36 [/us/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:36 [/us/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:36 [/kdrive/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:36 [/kdrive/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:36 [/kdrive/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:37 [/index.php/alipay.html][WARN] alipay.html WARN 2014/08/03 04:03:37 [/us/index.php/alipay.html][WARN] alipay.html WARN 2014/08/03 04:03:38 [/kdrive/index.php/alipay.html][WARN] alipay.html WARN 2014/08/03 04:03:38 [/index.php/wlwmanifest.xml][WARN] wlwmanifest.xml WARN 2014/08/03 04:03:38 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:38 [/us/index.php/wlwmanifest.xml][WARN] wlwmanifest.xml WARN 2014/08/03 04:03:39 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:39 [/kdrive/index.php/wlwmanifest.xml][WARN] wlwmanifest.xml WARN 2014/08/03 04:03:39 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:40 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:41 [/index.php/license.txt][WARN] license.txt WARN 2014/08/03 04:03:41 [/us/index.php/license.txt][WARN] license.txt WARN 2014/08/03 04:03:41 [/kdrive/index.php/license.txt][WARN] license.txt WARN 2014/08/03 04:03:42 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:42 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:43 [/index.php/htaccess.txt][WARN] htaccess.txt WARN 2014/08/03 04:03:43 [/index.php/CONTRIBUTING.md][WARN] CONTRIBUTING.md WARN 2014/08/03 04:03:43 [/us/index.php/htaccess.txt][WARN] htaccess.txt WARN 2014/08/03 04:03:43 [/index.php/phpunit.xml.dist][WARN] phpunit.xml.dist WARN 2014/08/03 04:03:43 [/us/index.php/CONTRIBUTING.md][WARN] CONTRIBUTING.md WARN 2014/08/03 04:03:43 [/index.php/joomla.xml][WARN] joomla.xml WARN 2014/08/03 04:03:43 [/us/index.php/phpunit.xml.dist][WARN] phpunit.xml.dist WARN 2014/08/03 04:03:43 [/index.php/README.txt][WARN] README.txt WARN 2014/08/03 04:03:43 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:43 [/index.php/robots.txt.dist][WARN] robots.txt.dist WARN 2014/08/03 04:03:43 [/us/index.php/joomla.xml][WARN] joomla.xml WARN 2014/08/03 04:03:43 [/index.php/web.config.txt][WARN] web.config.txt WARN 2014/08/03 04:03:43 [/us/index.php/README.txt][WARN] README.txt WARN 2014/08/03 04:03:43 [/us/index.php/robots.txt.dist][WARN] robots.txt.dist WARN 2014/08/03 04:03:43 [/us/index.php/web.config.txt][WARN] web.config.txt WARN 2014/08/03 04:03:44 [/kdrive/index.php/htaccess.txt][WARN] htaccess.txt WARN 2014/08/03 04:03:44 [/kdrive/index.php/CONTRIBUTING.md][WARN] CONTRIBUTING.md WARN 2014/08/03 04:03:44 [/kdrive/index.php/phpunit.xml.dist][WARN] phpunit.xml.dist WARN 2014/08/03 04:03:44 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:44 [/kdrive/index.php/joomla.xml][WARN] joomla.xml WARN 2014/08/03 04:03:44 [/kdrive/index.php/README.txt][WARN] README.txt WARN 2014/08/03 04:03:44 [/kdrive/index.php/robots.txt.dist][WARN] robots.txt.dist WARN 2014/08/03 04:03:44 [/kdrive/index.php/web.config.txt][WARN] web.config.txt WARN 2014/08/03 04:03:45 [/index.php/readme.txt][WARN] readme.txt WARN 2014/08/03 04:03:45 [/us/index.php/readme.txt][WARN] readme.txt WARN 2014/08/03 04:03:45 [/kdrive/index.php/readme.txt][WARN] readme.txt WARN 2014/08/03 04:03:46 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:47 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:48 [/index.php/licence.txt][WARN] licence.txt WARN 2014/08/03 04:03:48 [/index.php/recommend.html][WARN] recommend.html WARN 2014/08/03 04:03:48 [/index.php/wind.sql][WARN] wind.sql WARN 2014/08/03 04:03:48 [/us/index.php/licence.txt][WARN] licence.txt WARN 2014/08/06 08:57:48 [/us/client/download/Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n][DEBUG] Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n 2014/08/06 08:57:49 [/us/client/download/WEB-INF\web.xml][DEBUG] WEB-INF\web.xml 2014/08/06 08:57:49 [/us/client/download/../../../../../../../../windows/win.ini][DEBUG] ../../../../../../../../windows/win.ini 2014/08/06 08:57:49 [/us/client/download/................windowswin.ini][DEBUG] ................windowswin.ini 2014/08/06 08:57:49 [/us/client/download/..\..\..\..\..\..\..\..\windows\win.ini][DEBUG] ..\..\..\..\..\..\..\..\windows\win.ini 2014/08/06 08:57:49 [/us/client/download/WEB-INF\web.xml][DEBUG] WEB-INF\web.xml
4. XSS、特殊字符等探測
也非常多。不粘贴出来了。
2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.cgi][WARN]
2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.exe][WARN]
2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.cfm][WARN]
2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.html][WARN]
2014/08/03 03:55:04 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.jsp][WARN]
2014/08/03 03:55:04 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.php][WARN]
2014/08/03 03:55:04 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.php3][WARN]
2014/08/06 08:58:39 [/us/client/site/!(()&&!|*|*|]
2014/08/06 08:58:36 [/us/hi/password/"+response.write(9800452*9475116)+"]
2014/08/06 08:58:33 [/us/hi/password/${99833+100209}][DEBUG]
2014/08/06 08:58:40 [/us/client/download/)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))][WARN]
总结:
还是那句:过滤输入,转义输出
另外:病从口入,站点URL地址就是这个口