那些遇到过的问题

被黑客入侵的Python服务器

use*_*470 5 python security exploit

我做了一件蠢事。我使用sudo python3 -m http.server\n启动了一个本地 python 服务器,我只是要访问一些文档并将其关闭,但我忘记了它并让它运行了 2 天。

\n\n

该服务器在没有任何私有数据的数字海洋实例上运行。\n但是它确实包含各种编码项目(不受版本控制)、一些我曾经打算转入博客的杂文和其他一些东西。

\n\n

我突然想起来并签名了,看起来至少有人试图侵入。我希望这里有人可以帮助我了解发生了什么以及我下一步应该采取什么步骤。这是输出的一部分:

\n\n
----------------------------------------                                                                                                                                                                                 \n5.178.86.78 - - [10/Sep/2019 23:20:49] code 400, message Bad request syntax (\'\\x05\\x01\\x00\')                                                                                                                             \n5.178.86.78 - - [10/Sep/2019 23:20:49] "" 400 -                                                                                                                                                                          \n----------------------------------------                                                                                                                                                                                 \nException happened during processing of request from (\'5.178.86.78\', 30322)                                                                                                                                              \nTraceback (most recent call last):                                                                                                                                                                                       \n  File "/usr/lib/python3.6/socketserver.py", line 317, in _handle_request_noblock                                                                                                                                        \n    self.process_request(request, client_address)                                                                                                                                                                        \n  File "/usr/lib/python3.6/socketserver.py", line 348, in process_request                                                                                                                                                \n    self.finish_request(request, client_address)                                                                                                                                                                         \n  File "/usr/lib/python3.6/socketserver.py", line 361, in finish_request                                                                                                                                                 \n    self.RequestHandlerClass(request, client_address, self)                                                                                                                                                              \n  File "/usr/lib/python3.6/socketserver.py", line 721, in __init__                                                                                                                                                       \n    self.handle()                                                                                                                                                                                                        \n  File "/usr/lib/python3.6/http/server.py", line 418, in handle                                                                                                                                                          \n    self.handle_one_request()\n  File "/usr/lib/python3.6/http/server.py", line 396, in handle_one_request\n    if not self.parse_request():\n  File "/usr/lib/python3.6/http/server.py", line 322, in parse_request\n    "Bad request syntax (%r)" % requestline)\n  File "/usr/lib/python3.6/http/server.py", line 473, in send_error\n    self.wfile.write(body)\n  File "/usr/lib/python3.6/socketserver.py", line 800, in write\n    self._sock.sendall(b)\nBrokenPipeError: [Errno 32] Broken pipe\n----------------------------------------\n85.175.98.209 - - [11/Sep/2019 00:24:45] code 400, message Bad request version (\'HTTP\')\n85.175.98.209 - - [11/Sep/2019 00:24:45] "GET ../../mnt/custom/ProductDefinition HTTP" 400 -\n85.175.98.209 - - [11/Sep/2019 00:31:21] code 400, message Bad request version (\'HTTP\')\n85.175.98.209 - - [11/Sep/2019 00:31:21] "GET ../../mnt/custom/ProductDefinition HTTP" 400 -\n
Run Code Online (Sandbox Code Playgroud)\n\n

这是另一件作品:

\n\n
BrokenPipeError: [Errno 32] Broken pipe\n----------------------------------------\n115.238.34.19 - - [12/Sep/2019 00:42:46] code 501, message Unsupported method (\'CONNECT\')\n115.238.34.19 - - [12/Sep/2019 00:42:46] "CONNECT www.baidu.com:443 HTTP/1.0" 501 -\n182.101.56.29 - - [12/Sep/2019 01:00:48] code 404, message File not found\n182.101.56.29 - - [12/Sep/2019 01:00:48] "HEAD http://123.125.114.144/ HTTP/1.1" 404 -\n109.234.153.132 - - [12/Sep/2019 03:22:33] code 501, message Unsupported method (\'POST\')\n109.234.153.132 - - [12/Sep/2019 03:22:33] "POST http://check.best-proxies.ru/azenv.php?s=156825855305657PC115286029608000 HTTP/1.1" 501 -\n109.234.153.132 - - [12/Sep/2019 03:22:38] code 501, message Unsupported method (\'CONNECT\')\n109.234.153.132 - - [12/Sep/2019 03:22:38] "CONNECT check.best-proxies.ru:80 HTTP/1.1" 501 -\n109.234.153.133 - - [12/Sep/2019 03:22:49] code 400, message Bad request syntax (\'\\x04\\x01\\x00P\\x05\xc2\xb2VL0\\x00\')\n109.234.153.133 - - [12/Sep/2019 03:22:49] "P\xc2\xb2VL0" 400 -\n----------------------------------------\nException happened during processing of request from (\'109.234.153.133\', 37823)\nTraceback (most recent call last):\n  File "/usr/lib/python3.6/socketserver.py", line 317, in _handle_request_noblock\n    self.process_request(request, client_address)\n  File "/usr/lib/python3.6/socketserver.py", line 348, in process_request\n    self.finish_request(request, client_address)\n  File "/usr/lib/python3.6/socketserver.py", line 361, in finish_request\n    self.RequestHandlerClass(request, client_address, self)\n  File "/usr/lib/python3.6/socketserver.py", line 721, in __init__\n    self.handle()\n  File "/usr/lib/python3.6/http/server.py", line 418, in handle\n    self.handle_one_request()\n  File "/usr/lib/python3.6/http/server.py", line 396, in handle_one_request\n    if not self.parse_request():\n  File "/usr/lib/python3.6/http/server.py", line 322, in parse_request\n    "Bad request syntax (%r)" % requestline)\n  File "/usr/lib/python3.6/http/server.py", line 473, in send_error\n    self.wfile.write(body)\n  File "/usr/lib/python3.6/socketserver.py", line 800, in write\n    self._sock.sendall(b)\nBrokenPipeError: [Errno 32] Broken pipe\n----------------------------------------\n109.234.153.131 - - [12/Sep/2019 03:22:54] code 400, message Bad request syntax (\'\\x05\\x01\\x00\')\n109.234.153.131 - - [12/Sep/2019 03:22:54] "" 400 -\n----------------------------------------\nException happened during processing of request from (\'109.234.153.131\', 18665)\n
Run Code Online (Sandbox Code Playgroud)\n\n

似乎有人试图发布二进制文件,之后出现了一些错误消息:

\n\n
5.178.86.76 - - [10/Sep/2019 23:20:44] code 400, message Bad request syntax (\'\\x04\\x01\\x00P\\x05\xc2\xb2VL0\\x00\')\n...\n5.178.86.78 - - [10/Sep/2019 23:20:49] code 400, message Bad request syntax (\'\\x05\\x01\\x00\')\n
Run Code Online (Sandbox Code Playgroud)\n\n

两者都以例外结束。

\n\n

令我印象深刻的一件事是,服务器上线 5 分钟后就被第三方访问了

\n\n

袭击均发生在每天23点至10点之间

\n

归档时间:

查看次数:

1171 次

最近记录:

6 年,2 月 前
相关归档
如何在python中清除屏幕 133
Python将字节写入文件 106
Python字符串不是不可变的吗?那为什么+""+ b有效呢? 95
什么是数据类,它们与普通类有什么不同? 82
为什么kerberos在WCF中默认为NTLM? 7
即使在经过验证的输入上,我是否需要检查sql注入? 6
如何禁用NSURLconnection或NSURLSession的sslv3 6
如何在弹性beanstalk环境中使用IMDSv2? 5
服务器 500 错误是安全问题吗? 3
我是否认为SilverLight Out Of Browser作为安全漏洞具有很高的潜力? 1
难疑归档
如何禁用文本选择突出显示? 4937
Dockerfile中CMD和ENTRYPOINT有什么区别? 1484
在UITableView中使用自动布局来获取动态单元格布局和可变行高 1477
在Visual Studio中使用Git 1452
.gitignore被Git忽略了 1407
如何垂直对齐div内的图像? 1371
在Node.js中读取环境变量 1240
将项目导入Eclipse后,"必须覆盖超类方法"错误 1223
如何获得最近提交的Git分支列表? 1197
Vim最有效的捷径是什么? 1127