首页 > 代码库 > 网站访问日志看安全

网站访问日志看安全

         我本主开发,因没人,除了让人把几台服务器运到IDC,其它系统安装、虚拟机安装、系统上线、运维等事就我一手操办了。

         幸好大学时对服务器的倒腾及毕业后在广东移动OCS维护经验,虽然不专业,但是能一步一个脚印地实施。


         经常查看日志,偶尔会发现一些不怀好意的访问,当然也可能是某些人或者机构来检查网站的安全性吧。


         通过日志看看别人是怎么扫描的,采取相应的措施,增加运维安全经验。有时候公司老是提安全不记心,还不如亲身体验一下风险,那会后怕。


1. 通过直接获取网站根目录的文件。

 防治办法就是不要放置与网站无关的文件。 

下面是一些访问记录,看看都有些什么:

2014/07/06 17:17:38 [/radminpass.php][WARN]  radminpass.php 
2014/07/06 17:17:38 [/dg][WARN]  dg 
2014/07/06 17:17:38 [/ radminpass.php][WARN]   radminpass.php 
2014/07/06 17:17:38 [/d][WARN]  d 
2014/07/06 17:17:39 [/admin][WARN]  admin 
2014/07/06 17:17:39 [/dede][WARN]  dede 
2014/07/06 17:17:39 [/rc.php][WARN]  rc.php 
2014/07/06 17:17:39 [/admin_login.asp][WARN]  admin_login.asp 
2014/07/06 17:17:39 [/admin_login.php][WARN]  admin_login.php 
2014/07/06 17:17:39 [/install.php][WARN]  install.php 
2014/07/06 17:17:39 [/admi][WARN]  admi 
2014/07/06 17:17:39 [/manage][WARN]  manage 
2014/07/06 17:17:39 [/ded][WARN]  ded 
2014/07/06 17:17:39 [/ rc.php][WARN]   rc.php 
2014/07/06 17:17:39 [/ admin_login.asp][WARN]   admin_login.asp 
2014/07/06 17:17:39 [/ install.php][WARN]   install.php 
2014/07/06 17:17:39 [/ admin_login.php][WARN]   admin_login.php 
2014/07/06 17:17:39 [/manag][WARN]  manag 
2014/07/06 17:17:39 [/ftp.txt][WARN]  ftp.txt 
2014/07/06 17:17:39 [/使用说明.txt][WARN]  使用说明.txt 
2014/07/06 17:17:39 [/www.zip][WARN]  www.zip 
2014/07/06 17:17:39 [/admin.php][WARN]  admin.php 
2014/07/06 17:17:39 [/robot.txt][WARN]  robot.txt 
2014/07/06 17:17:39 [/wwwroot.rar][WARN]  wwwroot.rar 
2014/07/06 17:17:39 [/www.rar][WARN]  www.rar 
2014/07/06 17:17:39 [/wwwroot.zip][WARN]  wwwroot.zip 
2014/07/06 17:17:39 [/1.asp][WARN]  1.asp 
2014/07/06 17:17:39 [/fuck.asp][WARN]  fuck.asp 
2014/07/06 17:17:39 [/cmd.asp][WARN]  cmd.asp 
2014/07/06 17:17:39 [/1.php][WARN]  1.php 
2014/07/06 17:17:39 [/ok.asp][WARN]  ok.asp 
2014/07/06 17:17:39 [/123.asp][WARN]  123.asp 
2014/07/06 17:17:39 [/aspxspy.aspxx][WARN]  aspxspy.aspxx 
2014/07/06 17:17:39 [/aspxspy.phpx][WARN]  aspxspy.phpx 
2014/07/06 17:17:39 [/1.aspx][WARN]  1.aspx 
2014/07/06 17:17:39 [/ASPXspy2.phpx][WARN]  ASPXspy2.phpx 
2014/07/06 17:17:39 [/a.asp][WARN]  a.asp 
2014/07/06 17:17:39 [/ASPXspy2.aspxx][WARN]  ASPXspy2.aspxx 
2014/07/06 17:17:39 [/ wwwroot.rar][WARN]   wwwroot.rar 
2014/07/06 17:17:39 [/lcx.aspx][WARN]  lcx.aspx 
2014/07/06 17:17:39 [/ ftp.txt][WARN]   ftp.txt 
2014/07/06 17:17:39 [/ 使用说明.txt][WARN]   使用说明.txt 
2014/07/06 17:17:39 [/ www.zip][WARN]   www.zip 
2014/07/06 17:17:39 [/ robot.txt][WARN]   robot.txt 
2014/07/06 17:17:39 [/ www.rar][WARN]   www.rar 
2014/07/06 17:17:39 [/ admin.php][WARN]   admin.php 
2014/07/06 17:17:39 [/ fuck.asp][WARN]   fuck.asp 
2014/07/06 17:17:39 [/hack.asp][WARN]  hack.asp 
2014/07/06 17:17:39 [/ cmd.asp][WARN]   cmd.asp 
2014/07/06 17:17:39 [/ ok.asp][WARN]   ok.asp 
2014/07/06 17:17:39 [/xx.asp][WARN]  xx.asp 
2014/07/06 17:17:39 [/ 123.asp][WARN]   123.asp 
2014/07/06 17:17:39 [/gay.aspx][WARN]  gay.aspx 
2014/07/06 17:17:39 [/ 1.asp][WARN]   1.asp 
2014/07/06 17:17:39 [/ 1.php][WARN]   1.php 
2014/07/06 17:17:39 [/ aspxspy.aspxx][WARN]   aspxspy.aspxx 
2014/07/06 17:17:39 [/ wwwroot.zip][WARN]   wwwroot.zip 
2014/07/06 17:17:39 [/ ASPXspy2.phpx][WARN]   ASPXspy2.phpx 
2014/07/06 17:17:39 [/ a.asp][WARN]   a.asp 
2014/07/06 17:17:39 [/xxoo.asp][WARN]  xxoo.asp 
2014/07/06 17:17:39 [/xm.asp][WARN]  xm.asp 
2014/07/06 17:17:39 [/ 1.aspx][WARN]   1.aspx 
2014/07/06 17:17:39 [/ aspxspy.phpx][WARN]   aspxspy.phpx 
2014/07/06 17:17:39 [/ lcx.aspx][WARN]   lcx.aspx 
2014/07/06 17:17:39 [/diy.asp][WARN]  diy.asp 
2014/07/06 17:17:39 [/说明.txt][WARN]  说明.txt 
2014/07/06 17:17:39 [/安装说明书.txt][WARN]  安装说明书.txt 
2014/07/06 17:17:39 [/ms.asp][WARN]  ms.asp 
2014/07/06 17:17:39 [/新建文本文档.txt][WARN]  新建文本文档.txt 
2014/07/06 17:17:39 [/ xx.asp][WARN]   xx.asp 
2014/07/06 17:17:39 [/ ASPXspy2.aspxx][WARN]   ASPXspy2.aspxx 
2014/07/06 17:17:39 [/备份.rar][WARN]  备份.rar 
2014/07/06 17:17:39 [/安装说明.txt][WARN]  安装说明.txt 
2014/07/06 17:17:39 [/说明书.txt][WARN]  说明书.txt 
2014/07/06 17:17:39 [/ hack.asp][WARN]   hack.asp 
2014/07/06 17:17:39 [/网站备份.rar][WARN]  网站备份.rar 
2014/07/06 17:17:39 [/ftp.txt][WARN]  ftp.txt 
2014/07/06 17:17:39 [/mima.txt][WARN]  mima.txt 
2014/07/06 17:17:39 [/pass.txt][WARN]  pass.txt 
2014/07/06 17:17:39 [/123.txt][WARN]  123.txt 
2014/07/06 17:17:39 [/qq.txt][WARN]  qq.txt 
2014/07/06 17:17:39 [/ xxoo.asp][WARN]   xxoo.asp 
2014/07/06 17:17:39 [/ gay.aspx][WARN]   gay.aspx 
2014/07/06 17:17:39 [/password.txt][WARN]  password.txt 
2014/07/06 17:17:39 [/ xm.asp][WARN]   xm.asp 
2014/07/06 17:17:39 [/ diy.asp][WARN]   diy.asp 
2014/07/06 17:17:39 [/ 说明.txt][WARN]   说明.txt 
2014/07/06 17:17:39 [/ 备份.rar][WARN]   备份.rar 
2014/07/06 17:17:39 [/ 新建文本文档.txt][WARN]   新建文本文档.txt 
2014/07/06 17:17:39 [/ 安装说明书.txt][WARN]   安装说明书.txt 
2014/07/06 17:17:39 [/ ms.asp][WARN]   ms.asp 
2014/07/06 17:17:39 [/ ftp.txt][WARN]   ftp.txt 
2014/07/06 17:17:39 [/ mima.txt][WARN]   mima.txt 
2014/07/06 17:17:39 [/ 网站备份.rar][WARN]   网站备份.rar 
2014/07/06 17:17:39 [/ 说明书.txt][WARN]   说明书.txt 
2014/07/06 17:17:39 [/ 安装说明.txt][WARN]   安装说明.txt 
2014/07/06 17:17:39 [/ pass.txt][WARN]   pass.txt 
2014/07/06 17:17:39 [/ 123.txt][WARN]   123.txt 
2014/07/06 17:17:39 [/ qq.txt][WARN]   qq.txt 
2014/07/06 17:17:39 [/ password.txt][WARN]   password.txt 
2014/07/06 17:17:39 [/index.php/ password.txt][WARN]   password.txt 

2. SQL注入、执行脚本代码

网上说的一些案例都会好理解,但实际操作就复杂多了,不是我辈能理解的。但是一定要懂得其原理。

下面是日志:

2014/08/06 08:58:47 [/us/client/site/][WARN]  ?'?" 
2014/08/06 08:58:47 [/us/client/site/e''e""][WARN]  e''e"" 
2014/08/06 08:58:47 [/us/hi/password/activity_android][WARN]  activity_android 
2014/08/06 08:58:47 [/us/hi/password/1'"][WARN]  1'" 
2014/08/06 08:58:47 [/us/hi/password/\][WARN]  \ 
2014/08/06 08:58:48 [/us/hi/password/@@zhqPp][WARN]  @@zhqPp 
2014/08/06 08:58:48 [/us/hi/password/JyI=][WARN]  JyI= 
2014/08/06 08:58:48 [/us/hi/password/][WARN]  ?'?" 
2014/08/06 08:58:48 [/us/hi/password/e''e""][WARN]  e''e"" 
2014/08/06 08:58:48 [/us/client/download/o2a3iWxX][WARN]  o2a3iWxX 
2014/08/06 08:58:48 [/us/client/download/activity_android' AND 2+1-1-1=0+0+0+1 AND 'Q36n'='Q36n][WARN]  activity_android' AND 2+1-1-1=0+0+0+1 AND 'Q36n'='Q36n 
2014/08/06 08:58:49 [/us/client/download/activity_android" AND 2+1-1-1=0+0+0+1 AND "ios3"="ios3][WARN]  activity_android" AND 2+1-1-1=0+0+0+1 AND "ios3"="ios3 
2014/08/06 08:58:49 [/us/client/download/wF9XZogm'; waitfor delay '0:0:9' -- ][WARN]  wF9XZogm'; waitfor delay '0:0:9' --  
2014/08/06 08:58:49 [/us/client/download/8hzZ0diT'); waitfor delay '0:0:9' -- ][WARN]  8hzZ0diT'); waitfor delay '0:0:9' --  
2014/08/06 08:58:49 [/us/client/download/P3y3ZpXe')); waitfor delay '0:0:9' -- ][WARN]  P3y3ZpXe')); waitfor delay '0:0:9' --  
2014/08/06 08:58:49 [/us/client/download/p5Jv1biQ';select pg_sleep(3); -- ][WARN]  p5Jv1biQ';select pg_sleep(3); --  
2014/08/06 08:58:49 [/us/client/download/yy4bfMpu');select pg_sleep(3); -- ][WARN]  yy4bfMpu');select pg_sleep(3); --  
2014/08/06 08:58:49 [/us/client/download/1n24zbF7'));select pg_sleep(3); -- ][WARN]  1n24zbF7'));select pg_sleep(3); --  
2014/08/06 08:58:49 [/us/client/site/activity_android][WARN]  activity_android 
2014/08/06 08:58:49 [/us/client/site/activity_android][WARN]  activity_android 
2014/08/06 08:58:50 [/us/client/site/bZYCjp9i][WARN]  bZYCjp9i 
2014/08/06 08:58:50 [/us/client/site/Yp22mRb0'; waitfor delay '0:0:8' -- ][WARN]  Yp22mRb0'; waitfor delay '0:0:8' --  
2014/08/06 08:58:50 [/us/client/site/GipCpLwS'); waitfor delay '0:0:12' -- ][WARN]  GipCpLwS'); waitfor delay '0:0:12' --  
2014/08/06 08:58:50 [/us/client/site/wpaFt8uZ')); waitfor delay '0:0:12' -- ][WARN]  wpaFt8uZ')); waitfor delay '0:0:12' --  
2014/08/06 08:58:50 [/us/client/site/LHmRvr2W';select pg_sleep(4); -- ][WARN]  LHmRvr2W';select pg_sleep(4); --  
2014/08/06 08:58:50 [/us/client/site/FpfYyg8i');select pg_sleep(4); -- ][WARN]  FpfYyg8i');select pg_sleep(4); --  
2014/08/06 08:58:50 [/us/client/site/bgAKX3yU'));select pg_sleep(8); -- ][WARN]  bgAKX3yU'));select pg_sleep(8); --  
2014/08/06 08:58:50 [/us/hi/password/activity_android][WARN]  activity_android 
2014/08/06 08:58:50 [/us/hi/password/activity_android][WARN]  activity_android 
2014/08/06 08:58:50 [/us/hi/password/YnYOKKNo][WARN]  YnYOKKNo 
2014/08/06 08:58:51 [/us/hi/password/lyolpZ8k'; waitfor delay '0:0:15' -- ][WARN]  lyolpZ8k'; waitfor delay '0:0:15' --  
2014/08/06 08:58:51 [/us/hi/password/JCezDwnG'); waitfor delay '0:0:5' -- ][WARN]  JCezDwnG'); waitfor delay '0:0:5' --  
2014/08/06 08:58:51 [/us/hi/password/Y21nSzkr')); waitfor delay '0:0:5' -- ][WARN]  Y21nSzkr')); waitfor delay '0:0:5' --  
2014/08/06 08:58:51 [/us/hi/password/ZX3m329T';select pg_sleep(10); -- ][WARN]  ZX3m329T';select pg_sleep(10); --  
2014/08/06 08:58:51 [/us/hi/password/LuzmHK9d');select pg_sleep(10); -- ][WARN]  LuzmHK9d');select pg_sleep(10); --  
2014/08/06 08:58:51 [/us/hi/password/LvjtNfZh'));select pg_sleep(10); -- ][WARN]  LvjtNfZh'));select pg_sleep(10); --  


3. 猜测可能的执行文件,或者看是否有已知漏洞的开源软件

像wordpress是最常被检测的开源网站。

除了网站允许请求URL地址,其它无关的地址都应该禁止。

还有小心robots.txt泄露了网站结构可能出现的问题。

下面只是一小部分日志,只有你想不到的,没有别人不会猜的,各种网页脚本后缀包

2014/08/03 04:03:23 [/us/index.php/insert.php][WARN]  insert.php WARN
2014/08/03 04:03:23 [/index.php/she11.php][WARN]  she11.php WARN
2014/08/03 04:03:23 [/us/index.php/r3za.php][WARN]  r3za.php WARN
2014/08/03 04:03:23 [/index.php/footer.php][WARN]  footer.php WARN
2014/08/03 04:03:23 [/us/index.php/hydd.php][WARN]  hydd.php WARN
2014/08/03 04:03:23 [/index.php/newfile.php][WARN]  newfile.php WARN
2014/08/03 04:03:23 [/us/index.php/Judge.php][WARN]  Judge.php WARN
2014/08/03 04:03:23 [/index.php/caoc.php][WARN]  caoc.php WARN
2014/08/03 04:03:23 [/us/index.php/she11.php][WARN]  she11.php WARN
2014/08/03 04:03:23 [/us/index.php/footer.php][WARN]  footer.php WARN
2014/08/03 04:03:23 [/index.php/ceshi.php][WARN]  ceshi.php WARN
2014/08/03 04:03:23 [/us/index.php/newfile.php][WARN]  newfile.php WARN
2014/08/03 04:03:23 [/index.php/jiance.php][WARN]  jiance.php WARN
2014/08/03 04:03:23 [/us/index.php/caoc.php][WARN]  caoc.php WARN
2014/08/03 04:03:23 [/index.php/aq.php][WARN]  aq.php WARN
2014/08/03 04:03:23 [/us/index.php/ceshi.php][WARN]  ceshi.php WARN
2014/08/03 04:03:23 [/index.php/bmzh.php][WARN]  bmzh.php WARN
2014/08/03 04:03:23 [/index.php/JspSpy.php][WARN]  JspSpy.php WARN
2014/08/03 04:03:23 [/us/index.php/jiance.php][WARN]  jiance.php WARN
2014/08/03 04:03:23 [/us/index.php/aq.php][WARN]  aq.php WARN
2014/08/03 04:03:23 [/index.php/jspSpy.php][WARN]  jspSpy.php WARN
2014/08/03 04:03:23 [/us/index.php/bmzh.php][WARN]  bmzh.php WARN
2014/08/03 04:03:23 [/index.php/jspspy.php][WARN]  jspspy.php WARN
2014/08/03 04:03:23 [/us/index.php/JspSpy.php][WARN]  JspSpy.php WARN
2014/08/03 04:03:23 [/index.php/ASPXspy.php][WARN]  ASPXspy.php WARN
2014/08/03 04:03:23 [/us/index.php/jspSpy.php][WARN]  jspSpy.php WARN
2014/08/03 04:03:23 [/index.php/aspxspy.php][WARN]  aspxspy.php WARN
2014/08/03 04:03:23 [/index.php/PHPspy.php][WARN]  PHPspy.php WARN
2014/08/03 04:03:23 [/us/index.php/jspspy.php][WARN]  jspspy.php WARN
2014/08/03 04:03:23 [/index.php/phpspy.php][WARN]  phpspy.php WARN
2014/08/03 04:03:23 [/us/index.php/ASPXspy.php][WARN]  ASPXspy.php WARN
2014/08/03 04:03:23 [/index.php/xx.php][WARN]  xx.php WARN
2014/08/03 04:03:23 [/us/index.php/aspxspy.php][WARN]  aspxspy.php WARN
2014/08/03 04:03:23 [/us/index.php/PHPspy.php][WARN]  PHPspy.php WARN
2014/08/03 04:03:23 [/index.php/1.php][WARN]  1.php WARN
2014/08/03 04:03:23 [/us/index.php/phpspy.php][WARN]  phpspy.php WARN
2014/08/03 04:03:23 [/index.php/2.php][WARN]  2.php WARN
2014/08/03 04:03:23 [/us/index.php/xx.php][WARN]  xx.php WARN
2014/08/03 04:03:23 [/us/index.php/1.php][WARN]  1.php WARN
2014/08/03 04:03:23 [/index.php/3.php][WARN]  3.php WARN
2014/08/03 04:03:23 [/us/index.php/2.php][WARN]  2.php WARN
2014/08/03 04:03:23 [/index.php/4.php][WARN]  4.php WARN
2014/08/03 04:03:23 [/us/index.php/3.php][WARN]  3.php WARN
2014/08/03 04:03:23 [/us/index.php/9.php][WARN]  9.php WARN
2014/08/03 04:03:24 [/index.php/w.php][WARN]  w.php WARN
2014/08/03 04:03:24 [/us/index.php/q.php][WARN]  q.php WARN
2014/08/03 04:03:24 [/index.php/e.php][WARN]  e.php WARN
2014/08/03 04:03:24 [/us/index.php/w.php][WARN]  w.php WARN
2014/08/03 04:03:24 [/index.php/r.php][WARN]  r.php WARN
2014/08/03 04:03:24 [/us/index.php/e.php][WARN]  e.php WARN
2014/08/03 04:03:24 [/us/index.php/r.php][WARN]  r.php WARN
2014/08/03 04:03:24 [/index.php/m.php][WARN]  m.php WARN
2014/08/03 04:03:24 [/us/index.php/n.php][WARN]  n.php WARN
2014/08/03 04:03:24 [/index.php/shell.php][WARN]  shell.php WARN
2014/08/03 04:03:24 [/us/index.php/m.php][WARN]  m.php WARN
2014/08/03 04:03:24 [/us/index.php/shell.php][WARN]  shell.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/?shell.php][WARN]  ?shell.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/ASPWebPack.php][WARN]  ASPWebPack.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/121.php][WARN]  121.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/dana.php][WARN]  dana.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/dark.php][WARN]  dark.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/dd.php][WARN]  dd.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/foots.php][WARN]  foots.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/kqx.php][WARN]  kqx.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/pic.php][WARN]  pic.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/wrsky.php][WARN]  wrsky.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/wuge.php][WARN]  wuge.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/免杀.php][WARN]  免杀.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/小鱼免杀.php][WARN]  小鱼免杀.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/风韵.php][WARN]  风韵.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/DarkBlade.php][WARN]  DarkBlade.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/cmd.php][WARN]  cmd.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/diy.php][WARN]  diy.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/upfile4k2.php][WARN]  upfile4k2.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/xiao.php][WARN]  xiao.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/dic.php][WARN]  dic.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/wt.php][WARN]  wt.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/80sec.php][WARN]  80sec.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/dabao.php][WARN]  dabao.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/T0p.php][WARN]  T0p.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/fuck.php][WARN]  fuck.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/dm.php][WARN]  dm.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/xm.php][WARN]  xm.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/dama.php][WARN]  dama.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/xiaoma.php][WARN]  xiaoma.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/asp.php][WARN]  asp.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/jsp.php][WARN]  jsp.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/php.php][WARN]  php.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/aspx.php][WARN]  aspx.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/mima.php][WARN]  mima.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/kill.php][WARN]  kill.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/ko.php][WARN]  ko.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/rootnull.php][WARN]  rootnull.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/root.php][WARN]  root.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/r00t.php][WARN]  r00t.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/sh0w.php][WARN]  sh0w.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/safer.php][WARN]  safer.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/houmen.php][WARN]  houmen.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/h0umen.php][WARN]  h0umen.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/ceshi.php][WARN]  ceshi.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/jiance.php][WARN]  jiance.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/aq.php][WARN]  aq.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/bmzh.php][WARN]  bmzh.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/JspSpy.php][WARN]  JspSpy.php WARN
2014/08/03 04:03:28 [/kdrive/index.php/jspSpy.php][WARN]  jspSpy.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/jspspy.php][WARN]  jspspy.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/ASPXspy.php][WARN]  ASPXspy.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/aspxspy.php][WARN]  aspxspy.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/PHPspy.php][WARN]  PHPspy.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/phpspy.php][WARN]  phpspy.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/xx.php][WARN]  xx.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/1.php][WARN]  1.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/2.php][WARN]  2.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/q.php][WARN]  q.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/w.php][WARN]  w.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/e.php][WARN]  e.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/r.php][WARN]  r.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/t.php][WARN]  t.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/y.php][WARN]  y.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/u.php][WARN]  u.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/i.php][WARN]  i.php WARN
2014/08/03 04:03:29 [/kdrive/index.php/o.php][WARN]  o.php WARN
2014/08/03 04:03:30 [/kdrive/index.php/shell.php][WARN]  shell.php WARN
2014/08/03 04:03:33 [/index.php/nulllllllllll.html][WARN]  nulllllllllll.html WARN
2014/08/03 04:03:35 [/index.php/bbcode.js][WARN]  bbcode.js WARN
2014/08/03 04:03:35 [/us/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:35 [/index.php/newsfader.js][WARN]  newsfader.js WARN
2014/08/03 04:03:35 [/us/index.php/bbcode.js][WARN]  bbcode.js WARN
2014/08/03 04:03:35 [/index.php/templates.cdb][WARN]  templates.cdb WARN
2014/08/03 04:03:35 [/us/index.php/newsfader.js][WARN]  newsfader.js WARN
2014/08/03 04:03:35 [/index.php/u2upopup.js][WARN]  u2upopup.js WARN
2014/08/03 04:03:35 [/us/index.php/templates.cdb][WARN]  templates.cdb WARN
2014/08/03 04:03:35 [/us/index.php/u2upopup.js][WARN]  u2upopup.js WARN
2014/08/03 04:03:36 [/index.php/bbcode.js][WARN]  bbcode.js WARN
2014/08/03 04:03:36 [/index.php/newsfader.js][WARN]  newsfader.js WARN
2014/08/03 04:03:36 [/us/index.php/bbcode.js][WARN]  bbcode.js WARN
2014/08/03 04:03:36 [/index.php/templates.cdb][WARN]  templates.cdb WARN
2014/08/03 04:03:36 [/us/index.php/newsfader.js][WARN]  newsfader.js WARN
2014/08/03 04:03:36 [/index.php/u2upopup.js][WARN]  u2upopup.js WARN
2014/08/03 04:03:36 [/us/index.php/templates.cdb][WARN]  templates.cdb WARN
2014/08/03 04:03:36 [/us/index.php/u2upopup.js][WARN]  u2upopup.js WARN
2014/08/03 04:03:36 [/kdrive/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:36 [/kdrive/index.php/bbcode.js][WARN]  bbcode.js WARN
2014/08/03 04:03:36 [/kdrive/index.php/newsfader.js][WARN]  newsfader.js WARN
2014/08/03 04:03:36 [/kdrive/index.php/templates.cdb][WARN]  templates.cdb WARN
2014/08/03 04:03:36 [/kdrive/index.php/u2upopup.js][WARN]  u2upopup.js WARN
2014/08/03 04:03:36 [/kdrive/index.php/bbcode.js][WARN]  bbcode.js WARN
2014/08/03 04:03:36 [/kdrive/index.php/newsfader.js][WARN]  newsfader.js WARN
2014/08/03 04:03:36 [/kdrive/index.php/templates.cdb][WARN]  templates.cdb WARN
2014/08/03 04:03:36 [/kdrive/index.php/u2upopup.js][WARN]  u2upopup.js WARN
2014/08/03 04:03:37 [/index.php/alipay.html][WARN]  alipay.html WARN
2014/08/03 04:03:37 [/us/index.php/alipay.html][WARN]  alipay.html WARN
2014/08/03 04:03:38 [/kdrive/index.php/alipay.html][WARN]  alipay.html WARN
2014/08/03 04:03:38 [/index.php/wlwmanifest.xml][WARN]  wlwmanifest.xml WARN
2014/08/03 04:03:38 [/us/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:38 [/us/index.php/wlwmanifest.xml][WARN]  wlwmanifest.xml WARN
2014/08/03 04:03:39 [/kdrive/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:39 [/kdrive/index.php/wlwmanifest.xml][WARN]  wlwmanifest.xml WARN
2014/08/03 04:03:39 [/us/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:40 [/kdrive/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:41 [/index.php/license.txt][WARN]  license.txt WARN
2014/08/03 04:03:41 [/us/index.php/license.txt][WARN]  license.txt WARN
2014/08/03 04:03:41 [/kdrive/index.php/license.txt][WARN]  license.txt WARN
2014/08/03 04:03:42 [/us/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:42 [/kdrive/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:43 [/index.php/htaccess.txt][WARN]  htaccess.txt WARN
2014/08/03 04:03:43 [/index.php/CONTRIBUTING.md][WARN]  CONTRIBUTING.md WARN
2014/08/03 04:03:43 [/us/index.php/htaccess.txt][WARN]  htaccess.txt WARN
2014/08/03 04:03:43 [/index.php/phpunit.xml.dist][WARN]  phpunit.xml.dist WARN
2014/08/03 04:03:43 [/us/index.php/CONTRIBUTING.md][WARN]  CONTRIBUTING.md WARN
2014/08/03 04:03:43 [/index.php/joomla.xml][WARN]  joomla.xml WARN
2014/08/03 04:03:43 [/us/index.php/phpunit.xml.dist][WARN]  phpunit.xml.dist WARN
2014/08/03 04:03:43 [/index.php/README.txt][WARN]  README.txt WARN
2014/08/03 04:03:43 [/us/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:43 [/index.php/robots.txt.dist][WARN]  robots.txt.dist WARN
2014/08/03 04:03:43 [/us/index.php/joomla.xml][WARN]  joomla.xml WARN
2014/08/03 04:03:43 [/index.php/web.config.txt][WARN]  web.config.txt WARN
2014/08/03 04:03:43 [/us/index.php/README.txt][WARN]  README.txt WARN
2014/08/03 04:03:43 [/us/index.php/robots.txt.dist][WARN]  robots.txt.dist WARN
2014/08/03 04:03:43 [/us/index.php/web.config.txt][WARN]  web.config.txt WARN
2014/08/03 04:03:44 [/kdrive/index.php/htaccess.txt][WARN]  htaccess.txt WARN
2014/08/03 04:03:44 [/kdrive/index.php/CONTRIBUTING.md][WARN]  CONTRIBUTING.md WARN
2014/08/03 04:03:44 [/kdrive/index.php/phpunit.xml.dist][WARN]  phpunit.xml.dist WARN
2014/08/03 04:03:44 [/kdrive/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:44 [/kdrive/index.php/joomla.xml][WARN]  joomla.xml WARN
2014/08/03 04:03:44 [/kdrive/index.php/README.txt][WARN]  README.txt WARN
2014/08/03 04:03:44 [/kdrive/index.php/robots.txt.dist][WARN]  robots.txt.dist WARN
2014/08/03 04:03:44 [/kdrive/index.php/web.config.txt][WARN]  web.config.txt WARN
2014/08/03 04:03:45 [/index.php/readme.txt][WARN]  readme.txt WARN
2014/08/03 04:03:45 [/us/index.php/readme.txt][WARN]  readme.txt WARN
2014/08/03 04:03:45 [/kdrive/index.php/readme.txt][WARN]  readme.txt WARN
2014/08/03 04:03:46 [/us/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:47 [/kdrive/index.php/robots.txt][WARN]  robots.txt WARN
2014/08/03 04:03:48 [/index.php/licence.txt][WARN]  licence.txt WARN
2014/08/03 04:03:48 [/index.php/recommend.html][WARN]  recommend.html WARN
2014/08/03 04:03:48 [/index.php/wind.sql][WARN]  wind.sql WARN
2014/08/03 04:03:48 [/us/index.php/licence.txt][WARN]  licence.txt WARN
2014/08/06 08:57:48 [/us/client/download/Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n][DEBUG]  Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n 
2014/08/06 08:57:49 [/us/client/download/WEB-INF\web.xml][DEBUG]  WEB-INF\web.xml 
2014/08/06 08:57:49 [/us/client/download/../../../../../../../../windows/win.ini][DEBUG]  ../../../../../../../../windows/win.ini 
2014/08/06 08:57:49 [/us/client/download/................windowswin.ini][DEBUG]  ................windowswin.ini 
2014/08/06 08:57:49 [/us/client/download/..\..\..\..\..\..\..\..\windows\win.ini][DEBUG]  ..\..\..\..\..\..\..\..\windows\win.ini 
2014/08/06 08:57:49 [/us/client/download/WEB-INF\web.xml][DEBUG]  WEB-INF\web.xml 

4. XSS、特殊字符等探测

也很多,不粘贴出来了。

2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.cgi][WARN] 
2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.exe][WARN] 
2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.cfm][WARN] 
2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.html][WARN] 
2014/08/03 03:55:04 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.jsp][WARN]  
2014/08/03 03:55:04 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.php][WARN] 
2014/08/03 03:55:04 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.php3][WARN]
2014/08/06 08:58:39 [/us/client/site/!(()&&!|*|*|]
2014/08/06 08:58:36 [/us/hi/password/"+response.write(9800452*9475116)+"]
2014/08/06 08:58:33 [/us/hi/password/${99833+100209}][DEBUG]
2014/08/06 08:58:40 [/us/client/download/)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))][WARN] 

总结:

还是那句:过滤输入,转义输出

另外:病从口入,网站URL地址就是这个口

网站访问日志看安全