鍍金池/ 問答/PHP  Linux  數(shù)據(jù)庫(kù)/ phpmyadmin 的日志里面好多詭異請(qǐng)求連接?

phpmyadmin 的日志里面好多詭異請(qǐng)求連接?

113.108.10.5 - - [07/Nov/2017:15:50:26 +0800] "GET /sqlbox/index.php?ajax_request%3D1%26recent_table%3D1%26no_debug%3Dtrue%26_nocache%3D1510033324320978429 HTTP/1.1" 200 3377 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
101.226.64.174 - - [07/Nov/2017:16:09:07 +0800] "GET /sqlbox/tbl_replace.php HTTP/1.1" 200 3384 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
183.57.53.177 - - [07/Nov/2017:16:37:46 +0800] "GET /sqlbox HTTP/1.1" 301 178 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
183.57.53.177 - - [07/Nov/2017:16:37:46 +0800] "GET /sqlbox/ HTTP/1.1" 200 3377 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
112.90.82.236 - - [07/Nov/2017:17:12:11 +0800] "GET /sqlbox/index.php?ajax_request%3D1%26recent_table%3D1%26no_debug%3Dtrue%26_nocache%3D1510036119779233145 HTTP/1.1" 200 3376 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"
163.177.90.152 - - [07/Nov/2017:18:25:44 +0800] "GET / HTTP/1.1" 403 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"

日志里面好多這樣的連接。他們是獲得了什么了么?

特別是這個(gè)

50.118.255.37 - - [08/Nov/2017:21:15:10 +0800] "CONNECT www.baidu.com:443 HTTP/1.1" 400 166 "-" "-"
50.118.255.37 - - [08/Nov/2017:21:15:21 +0800] "CONNECT www.baidu.com:443 HTTP/1.1" 400 166 "-" "-"
50.118.255.37 - - [08/Nov/2017:21:54:02 +0800] "CONNECT www.alipay.com:443 HTTP/1.1" 400 166 "-" "-"
219.133.49.231 - - [08/Nov/2017:18:08:08 +0800] "GET http://10.177.152.217/proxy.html HTTP/1.1" 400 264 "-" "-"
219.133.49.231 - - [08/Nov/2017:18:08:08 +0800] "\x04\x01" 400 166 "-" "-"
219.133.49.231 - - [08/Nov/2017:18:08:08 +0800] "\x05\x01" 400 166 "-" "-"

這個(gè)特別不明白,也沒有任何可以代理的。
不明白 \x04\x01CONNECT

回答
編輯回答
空痕

人家找你的漏洞呢
不過也別太擔(dān)心,估計(jì)是一些安全平臺(tái),比如百度云觀測(cè)什么的,

2018年5月20日 00:47
編輯回答
寫榮

沒用過phpmyadmin
攻擊者嘗試入侵你的phpmyadmin,從這幾條日志看來,似乎沒有成功,其他日志就不清楚了

建議:
不使用phpmyadmin這種軟件,一定要使用的話,不暴露給公網(wǎng)訪問
采用堡壘機(jī)、VPN等報(bào)障業(yè)務(wù)安全

2017年9月4日 17:28