来自 AWS 的 nginx 日志说“帮助...蝙蝠侠”？

Question

来自 AWS 的 nginx 日志说“帮助...蝙蝠侠”？

我正在查看我的 nginx 日志，我看到了一些非常奇怪的东西。

2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st??x?KS``??????@?Q???    H??e&?*$&g+2???00??rc??\`&??K7??n9?n;?3??sch?^?4'J????0Ñh]&???S?A4L?2=???@?`T??]"
2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st??x?KS``??????@?Q???   H??e&?*$&g+2???00??rc??\`&??K7??n9?n;?3??sch?^?4'J????0Ñh]&???S?A4L?2=???@?`T??]"
2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st??x?KS``??????@?Q??? H??e&?*$&g+2???00??rc??\`&??K7??n9?n;?3??sch?^?4'J????0Ñh]&???S?A4L?2=???@?`T??]"
2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st??x?KS``??????@?Q???    H??e&?*$&g+2???00??rc??\`&??K7??n9?n;?3??sch?^?4'J????0Ñh]&???S?A4L?2=???@?`T??]"
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "Htj??#D?+??l????Jn??xu[l?E-j??xL?r?u?%?Rtgfv?]%?????f?D?    ?"
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "Htj??#D?+??l????Jn??xu[l?E-j??xL?r?u?%?Rtgfv?]%?????f?D?   ?"
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "Htj??#D?+??l????Jn??xu[l?E-j??xL?r?u?%?Rtgfv?]%?????f?D? ?"
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "Htj??#D?+??l????Jn??xu[l?E-j??xL?r?u?%?Rtgfv?]%?????f?D?    ?"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "??]???0?X????n?3*??'??k??"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "??]???0?X????n?3*??'??k??"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "??]???0?X????n?3*??'??k??"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "??]???0?X????n?3*??'??k??"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "batman"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "batman"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "batman"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "batman"

Run Code Online (Sandbox Code Playgroud)

我的猜测是有人正在发送恶意数据包。这是我应该关心的事情吗，我应该怎么做？

对我来说最可怕的是：“Gh0st??x?KS”

Answer 1

slm*_*slm 6

这看起来像是试图闯入您的服务器的脚本小子或这个特定黑客 Gh0st - https://rsplayers.fandom.com/wiki/Gh0st的便捷工作。

无论如何，这是有人在探查您的站点以寻找漏洞。除了在 Internet 上维护站点时应该做的事情之外，您无需执行任何其他操作。

保持您的底层操作系统打补丁
使您的软件保持最新
限制仅从已知源 IP 等访问您的应用程序。
使用防火墙和诸如 fail2ban 之类的东西来动态地将过多访问列入黑名单

参考

https://www.fail2ban.org/wiki/index.php/Main_Page

归档时间：	6 年，2 月前
查看次数：	2302 次
最近记录：	6 年，2 月前