我有一个 Rails 应用程序在 aws 弹性 beantalk 平台上的 nginx 上运行。我检查了 nginx/access.log 并发现了一些可疑的 GET 请求,如下所示:
SUSPICIOUS_URL == '#m. #face #book #.com'
172.31.17.148 - - [24/Jul/2016:04:02:37 +0000] "GET /bisnis/read/2439204/beredar-di-medsos-bi-bantah-keluarkan-uang-pecahan-rp-200-ribu HTTP/1.1" 301 5
"http://SUSPICIOUS_URL/" "Mozilla/5.0 (Linux; Android 5.1.1; SM-E700H Build/LMY47X; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/51.0.2
704.81 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/86.0.0.19.69;]" "175.141.68.34"
172.31.17.148 - - [24/Jul/2016:04:02:37 +0000] "GET /bisnis/read/2439204/beredar-di-medsos-bi-bantah-keluarkan-uang-pecahan-rp-200-ribu HTTP/1.1" 301 5
"http://SUSPICIOUS_URL/" "Mozilla/5.0 (Linux; Android 5.1.1; SM-E700H Build/LMY47X; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/51.0.2
704.81 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/86.0.0.19.69;]" "175.141.68.34"
172.31.17.148 - - …nginx ×1