我正在查看我的 nginx 日志,我看到了一些非常奇怪的东西。
2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st��x�KS``�����Č@�Q��� H��e&�*$&g+2���00��rc��\`&��K7��n
9�n
;�3��sch�^�4'J����0Ñh]&��ΗS�A4L?2=�Ē�
@�`
T��]"
2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st��x�KS``�����Č@�Q��� H��e&�*$&g+2���00��rc��\`&��K7��n
9�n
;�3��sch�^�4'J����0Ñh]&��ΗS�A4L?2=�Ē�
@�`
T��]"
2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st��x�KS``�����Č@�Q��� H��e&�*$&g+2���00��rc��\`&��K7��n
9�n
;�3��sch�^�4'J����0Ñh]&��ΗS�A4L?2=�Ē�
@�`
T��]"
2019/10/19 05:44:17 [warn] 30490#0: *6309 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "Gh0st��x�KS``�����Č@�Q��� H��e&�*$&g+2���00��rc��\`&��K7��n
9�n
;�3��sch�^�4'J����0Ñh]&��ΗS�A4L?2=�Ē�
@�`
T��]"
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6310 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA=="
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "Htj��#D�+��l���Jn��xu[l�E-j��xL�r�u�%�Rtgfv�]%̀
�Ϯ��fȍD� �"
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "Htj��#D�+��l���Jn��xu[l�E-j��xL�r�u�%�Rtgfv�]%̀
�Ϯ��fȍD� �"
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "Htj��#D�+��l���Jn��xu[l�E-j��xL�r�u�%�Rtgfv�]%̀
�Ϯ��fȍD� �"
2019/10/19 05:44:17 [warn] 30490#0: *6311 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "Htj��#D�+��l���Jn��xu[l�E-j��xL�r�u�%�Rtgfv�]%̀
�Ϯ��fȍD� �"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6312 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "HELP"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "�հ]�ē�0�X�ڱ�n�3*��'��k��"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "�հ]�ē�0�X�ڱ�n�3*��'��k��"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "�հ]�ē�0�X�ڱ�n�3*��'��k��"
2019/10/19 05:44:17 [warn] 30490#0: *6313 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "�հ]�ē�0�X�ڱ�n�3*��'��k��"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "year" variable while logging request, client: xx.xx.xxx, server: , request: "batman"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "month" variable while logging request, client: xx.xx.xxx, server: , request: "batman"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "day" variable while logging request, client: xx.xx.xxx, server: , request: "batman"
2019/10/19 05:44:18 [warn] 30490#0: *6314 using uninitialized "hour" variable while logging request, client: xx.xx.xxx, server: , request: "batman"
我的猜测是有人正在发送恶意数据包。这是我应该关心的事情吗?我应该做什么?
对我来说最可怕的是:“Gh0st��x�KS”
这看起来像是试图闯入您的服务器的脚本小子或这个特定的黑客 Gh0st - https://rsplayers.fandom.com/wiki/Gh0st。
无论如何,这是有人在探测您的网站以寻找漏洞。除了在互联网上维护您的网站时应该做的事情之外,您不需要做任何事情。
Gh0st 和 JPNAPIER 行很可能是由 shodan 检查 RAT/僵尸网络是否存在。 https://malware-hunter.shodan.io/