我本主开发,因没人,除了让人把几台server运到IDC。其他系统安装、虚拟机安装、系统上线、运维等事就我一手操办了。

         幸好大学时对server的倒腾及毕业后在广东移动OCS维护经验,尽管不专业,可是能一步一个脚印地实施。


         常常查看日志。偶尔会发现一些不怀好意的訪问,当然也可能是某些人或者机构来检查站点的安全性吧。


         通过日志看看别人是怎么扫描的,採取对应的措施。添加运维安全经验。

有时候公司老是提安全不记心。还不如亲身体验一下风险,那会后怕。


1. 通过直接获取站点根文件夹的文件。

 防治办法就是不要放置与站点无关的文件。

 

以下是一些訪问记录,看看都有些什么:

2014/07/06 17:17:38 [/radminpass.php][WARN]  radminpass.php 
2014/07/06 17:17:38 [/dg][WARN]  dg 
2014/07/06 17:17:38 [/ radminpass.php][WARN]   radminpass.php 
2014/07/06 17:17:38 [/d][WARN]  d 
2014/07/06 17:17:39 [/admin][WARN]  admin 
2014/07/06 17:17:39 [/dede][WARN]  dede 
2014/07/06 17:17:39 [/rc.php][WARN]  rc.php 
2014/07/06 17:17:39 [/admin_login.asp][WARN]  admin_login.asp 
2014/07/06 17:17:39 [/admin_login.php][WARN]  admin_login.php 
2014/07/06 17:17:39 [/install.php][WARN]  install.php 
2014/07/06 17:17:39 [/admi][WARN]  admi 
2014/07/06 17:17:39 [/manage][WARN]  manage 
2014/07/06 17:17:39 [/ded][WARN]  ded 
2014/07/06 17:17:39 [/ rc.php][WARN]   rc.php 
2014/07/06 17:17:39 [/ admin_login.asp][WARN]   admin_login.asp 
2014/07/06 17:17:39 [/ install.php][WARN]   install.php 
2014/07/06 17:17:39 [/ admin_login.php][WARN]   admin_login.php 
2014/07/06 17:17:39 [/manag][WARN]  manag 
2014/07/06 17:17:39 [/ftp.txt][WARN]  ftp.txt 
2014/07/06 17:17:39 [/使用说明.txt][WARN]  使用说明.txt 
2014/07/06 17:17:39 [/www.zip][WARN]  www.zip 
2014/07/06 17:17:39 [/admin.php][WARN]  admin.php 
2014/07/06 17:17:39 [/robot.txt][WARN]  robot.txt 
2014/07/06 17:17:39 [/wwwroot.rar][WARN]  wwwroot.rar 
2014/07/06 17:17:39 [/www.rar][WARN]  www.rar 
2014/07/06 17:17:39 [/wwwroot.zip][WARN]  wwwroot.zip 
2014/07/06 17:17:39 [/1.asp][WARN]  1.asp 
2014/07/06 17:17:39 [/fuck.asp][WARN]  fuck.asp 
2014/07/06 17:17:39 [/cmd.asp][WARN]  cmd.asp 
2014/07/06 17:17:39 [/1.php][WARN]  1.php 
2014/07/06 17:17:39 [/ok.asp][WARN]  ok.asp 
2014/07/06 17:17:39 [/123.asp][WARN]  123.asp 
2014/07/06 17:17:39 [/aspxspy.aspxx][WARN]  aspxspy.aspxx 
2014/07/06 17:17:39 [/aspxspy.phpx][WARN]  aspxspy.phpx 
2014/07/06 17:17:39 [/1.aspx][WARN]  1.aspx 
2014/07/06 17:17:39 [/ASPXspy2.phpx][WARN]  ASPXspy2.phpx 
2014/07/06 17:17:39 [/a.asp][WARN]  a.asp 
2014/07/06 17:17:39 [/ASPXspy2.aspxx][WARN]  ASPXspy2.aspxx 
2014/07/06 17:17:39 [/ wwwroot.rar][WARN]   wwwroot.rar 
2014/07/06 17:17:39 [/lcx.aspx][WARN]  lcx.aspx 
2014/07/06 17:17:39 [/ ftp.txt][WARN]   ftp.txt 
2014/07/06 17:17:39 [/ 使用说明.txt][WARN]   使用说明.txt 
2014/07/06 17:17:39 [/ www.zip][WARN]   www.zip 
2014/07/06 17:17:39 [/ robot.txt][WARN]   robot.txt 
2014/07/06 17:17:39 [/ www.rar][WARN]   www.rar 
2014/07/06 17:17:39 [/ admin.php][WARN]   admin.php 
2014/07/06 17:17:39 [/ fuck.asp][WARN]   fuck.asp 
2014/07/06 17:17:39 [/hack.asp][WARN]  hack.asp 
2014/07/06 17:17:39 [/ cmd.asp][WARN]   cmd.asp 
2014/07/06 17:17:39 [/ ok.asp][WARN]   ok.asp 
2014/07/06 17:17:39 [/xx.asp][WARN]  xx.asp 
2014/07/06 17:17:39 [/ 123.asp][WARN]   123.asp 
2014/07/06 17:17:39 [/gay.aspx][WARN]  gay.aspx 
2014/07/06 17:17:39 [/ 1.asp][WARN]   1.asp 
2014/07/06 17:17:39 [/ 1.php][WARN]   1.php 
2014/07/06 17:17:39 [/ aspxspy.aspxx][WARN]   aspxspy.aspxx 
2014/07/06 17:17:39 [/ wwwroot.zip][WARN]   wwwroot.zip 
2014/07/06 17:17:39 [/ ASPXspy2.phpx][WARN]   ASPXspy2.phpx 
2014/07/06 17:17:39 [/ a.asp][WARN]   a.asp 
2014/07/06 17:17:39 [/xxoo.asp][WARN]  xxoo.asp 
2014/07/06 17:17:39 [/xm.asp][WARN]  xm.asp 
2014/07/06 17:17:39 [/ 1.aspx][WARN]   1.aspx 
2014/07/06 17:17:39 [/ aspxspy.phpx][WARN]   aspxspy.phpx 
2014/07/06 17:17:39 [/ lcx.aspx][WARN]   lcx.aspx 
2014/07/06 17:17:39 [/diy.asp][WARN]  diy.asp 
2014/07/06 17:17:39 [/说明.txt][WARN]  说明.txt 
2014/07/06 17:17:39 [/安装说明书.txt][WARN]  安装说明书.txt 
2014/07/06 17:17:39 [/ms.asp][WARN]  ms.asp 
2014/07/06 17:17:39 [/新建文本文档.txt][WARN]  新建文本文档.txt 
2014/07/06 17:17:39 [/ xx.asp][WARN]   xx.asp 
2014/07/06 17:17:39 [/ ASPXspy2.aspxx][WARN]   ASPXspy2.aspxx 
2014/07/06 17:17:39 [/备份.rar][WARN]  备份.rar 
2014/07/06 17:17:39 [/安装说明.txt][WARN]  安装说明.txt 
2014/07/06 17:17:39 [/说明书.txt][WARN]  说明书.txt 
2014/07/06 17:17:39 [/ hack.asp][WARN]   hack.asp 
2014/07/06 17:17:39 [/站点备份.rar][WARN]  站点备份.rar 
2014/07/06 17:17:39 [/ftp.txt][WARN]  ftp.txt 
2014/07/06 17:17:39 [/mima.txt][WARN]  mima.txt 
2014/07/06 17:17:39 [/pass.txt][WARN]  pass.txt 
2014/07/06 17:17:39 [/123.txt][WARN]  123.txt 
2014/07/06 17:17:39 [/qq.txt][WARN]  qq.txt 
2014/07/06 17:17:39 [/ xxoo.asp][WARN]   xxoo.asp 
2014/07/06 17:17:39 [/ gay.aspx][WARN]   gay.aspx 
2014/07/06 17:17:39 [/password.txt][WARN]  password.txt 
2014/07/06 17:17:39 [/ xm.asp][WARN]   xm.asp 
2014/07/06 17:17:39 [/ diy.asp][WARN]   diy.asp 
2014/07/06 17:17:39 [/ 说明.txt][WARN]   说明.txt 
2014/07/06 17:17:39 [/ 备份.rar][WARN]   备份.rar 
2014/07/06 17:17:39 [/ 新建文本文档.txt][WARN]   新建文本文档.txt 
2014/07/06 17:17:39 [/ 安装说明书.txt][WARN]   安装说明书.txt 
2014/07/06 17:17:39 [/ ms.asp][WARN]   ms.asp 
2014/07/06 17:17:39 [/ ftp.txt][WARN]   ftp.txt 
2014/07/06 17:17:39 [/ mima.txt][WARN]   mima.txt 
2014/07/06 17:17:39 [/ 站点备份.rar][WARN]   站点备份.rar 
2014/07/06 17:17:39 [/ 说明书.txt][WARN]   说明书.txt 
2014/07/06 17:17:39 [/ 安装说明.txt][WARN]   安装说明.txt 
2014/07/06 17:17:39 [/ pass.txt][WARN]   pass.txt 
2014/07/06 17:17:39 [/ 123.txt][WARN]   123.txt 
2014/07/06 17:17:39 [/ qq.txt][WARN]   qq.txt 
2014/07/06 17:17:39 [/ password.txt][WARN]   password.txt 
2014/07/06 17:17:39 [/index.php/ password.txt][WARN]   password.txt 

2. SQL注入、运行脚本代码

网上说的一些案例都会好理解,但实际操作就复杂多了。不是我辈能理解的。可是一定要懂得其原理。

以下是日志:

2014/08/06 08:58:47 [/us/client/site/][WARN]  ?'?

"  2014/08/06 08:58:47 [/us/client/site/e''e""][WARN]  e''e""  2014/08/06 08:58:47 [/us/hi/password/activity_android][WARN]  activity_android  2014/08/06 08:58:47 [/us/hi/password/1'"][WARN]  1'"  2014/08/06 08:58:47 [/us/hi/password/\][WARN]  \  2014/08/06 08:58:48 [/us/hi/password/@@zhqPp][WARN]  @@zhqPp  2014/08/06 08:58:48 [/us/hi/password/JyI=][WARN]  JyI=  2014/08/06 08:58:48 [/us/hi/password/][WARN]  ?

'?"  2014/08/06 08:58:48 [/us/hi/password/e''e""][WARN]  e''e""  2014/08/06 08:58:48 [/us/client/download/o2a3iWxX][WARN]  o2a3iWxX  2014/08/06 08:58:48 [/us/client/download/activity_android' AND 2+1-1-1=0+0+0+1 AND 'Q36n'='Q36n][WARN]  activity_android' AND 2+1-1-1=0+0+0+1 AND 'Q36n'='Q36n  2014/08/06 08:58:49 [/us/client/download/activity_android" AND 2+1-1-1=0+0+0+1 AND "ios3"="ios3][WARN]  activity_android" AND 2+1-1-1=0+0+0+1 AND "ios3"="ios3  2014/08/06 08:58:49 [/us/client/download/wF9XZogm'; waitfor delay '0:0:9' -- ][WARN]  wF9XZogm'; waitfor delay '0:0:9' --   2014/08/06 08:58:49 [/us/client/download/8hzZ0diT'); waitfor delay '0:0:9' -- ][WARN]  8hzZ0diT'); waitfor delay '0:0:9' --   2014/08/06 08:58:49 [/us/client/download/P3y3ZpXe')); waitfor delay '0:0:9' -- ][WARN]  P3y3ZpXe')); waitfor delay '0:0:9' --   2014/08/06 08:58:49 [/us/client/download/p5Jv1biQ';select pg_sleep(3); -- ][WARN]  p5Jv1biQ';select pg_sleep(3); --   2014/08/06 08:58:49 [/us/client/download/yy4bfMpu');select pg_sleep(3); -- ][WARN]  yy4bfMpu');select pg_sleep(3); --   2014/08/06 08:58:49 [/us/client/download/1n24zbF7'));select pg_sleep(3); -- ][WARN]  1n24zbF7'));select pg_sleep(3); --   2014/08/06 08:58:49 [/us/client/site/activity_android][WARN]  activity_android  2014/08/06 08:58:49 [/us/client/site/activity_android][WARN]  activity_android  2014/08/06 08:58:50 [/us/client/site/bZYCjp9i][WARN]  bZYCjp9i  2014/08/06 08:58:50 [/us/client/site/Yp22mRb0'; waitfor delay '0:0:8' -- ][WARN]  Yp22mRb0'; waitfor delay '0:0:8' --   2014/08/06 08:58:50 [/us/client/site/GipCpLwS'); waitfor delay '0:0:12' -- ][WARN]  GipCpLwS'); waitfor delay '0:0:12' --   2014/08/06 08:58:50 [/us/client/site/wpaFt8uZ')); waitfor delay '0:0:12' -- ][WARN]  wpaFt8uZ')); waitfor delay '0:0:12' --   2014/08/06 08:58:50 [/us/client/site/LHmRvr2W';select pg_sleep(4); -- ][WARN]  LHmRvr2W';select pg_sleep(4); --   2014/08/06 08:58:50 [/us/client/site/FpfYyg8i');select pg_sleep(4); -- ][WARN]  FpfYyg8i');select pg_sleep(4); --   2014/08/06 08:58:50 [/us/client/site/bgAKX3yU'));select pg_sleep(8); -- ][WARN]  bgAKX3yU'));select pg_sleep(8); --   2014/08/06 08:58:50 [/us/hi/password/activity_android][WARN]  activity_android  2014/08/06 08:58:50 [/us/hi/password/activity_android][WARN]  activity_android  2014/08/06 08:58:50 [/us/hi/password/YnYOKKNo][WARN]  YnYOKKNo  2014/08/06 08:58:51 [/us/hi/password/lyolpZ8k'; waitfor delay '0:0:15' -- ][WARN]  lyolpZ8k'; waitfor delay '0:0:15' --   2014/08/06 08:58:51 [/us/hi/password/JCezDwnG'); waitfor delay '0:0:5' -- ][WARN]  JCezDwnG'); waitfor delay '0:0:5' --   2014/08/06 08:58:51 [/us/hi/password/Y21nSzkr')); waitfor delay '0:0:5' -- ][WARN]  Y21nSzkr')); waitfor delay '0:0:5' --   2014/08/06 08:58:51 [/us/hi/password/ZX3m329T';select pg_sleep(10); -- ][WARN]  ZX3m329T';select pg_sleep(10); --   2014/08/06 08:58:51 [/us/hi/password/LuzmHK9d');select pg_sleep(10); -- ][WARN]  LuzmHK9d');select pg_sleep(10); --   2014/08/06 08:58:51 [/us/hi/password/LvjtNfZh'));select pg_sleep(10); -- ][WARN]  LvjtNfZh'));select pg_sleep(10); --  



3. 推測可能的运行文件,或者看是否有已知漏洞的开源软件

像wordpress是最常被检測的开源站点。

除了站点同意请求URL地址,其他无关的地址都应该禁止。

还有小心robots.txt泄露了站点结构可能出现的问题。

以下仅仅是一小部分日志。仅仅有你想不到的。没有别人不会猜的,各种网页脚本后缀包

2014/08/03 04:03:23 [/us/index.php/insert.php][WARN]  insert.php WARN
2014/08/03 04:03:23 [/index.php/she11.php][WARN]  she11.php WARN
2014/08/03 04:03:23 [/us/index.php/r3za.php][WARN]  r3za.php WARN
2014/08/03 04:03:23 [/index.php/footer.php][WARN]  footer.php WARN
2014/08/03 04:03:23 [/us/index.php/hydd.php][WARN]  hydd.php WARN
2014/08/03 04:03:23 [/index.php/newfile.php][WARN]  newfile.php WARN
2014/08/03 04:03:23 [/us/index.php/Judge.php][WARN]  Judge.php WARN
2014/08/03 04:03:23 [/index.php/caoc.php][WARN]  caoc.php WARN
2014/08/03 04:03:23 [/us/index.php/she11.php][WARN]  she11.php WARN
2014/08/03 04:03:23 [/us/index.php/footer.php][WARN]  footer.php WARN
2014/08/03 04:03:23 [/index.php/ceshi.php][WARN]  ceshi.php WARN
2014/08/03 04:03:23 [/us/index.php/newfile.php][WARN]  newfile.php WARN
2014/08/03 04:03:23 [/index.php/jiance.php][WARN]  jiance.php WARN
2014/08/03 04:03:23 [/us/index.php/caoc.php][WARN]  caoc.php WARN
2014/08/03 04:03:23 [/index.php/aq.php][WARN]  aq.php WARN
2014/08/03 04:03:23 [/us/index.php/ceshi.php][WARN]  ceshi.php WARN
2014/08/03 04:03:23 [/index.php/bmzh.php][WARN]  bmzh.php WARN
2014/08/03 04:03:23 [/index.php/JspSpy.php][WARN]  JspSpy.php WARN
2014/08/03 04:03:23 [/us/index.php/jiance.php][WARN]  jiance.php WARN
2014/08/03 04:03:23 [/us/index.php/aq.php][WARN]  aq.php WARN
2014/08/03 04:03:23 [/index.php/jspSpy.php][WARN]  jspSpy.php WARN
2014/08/03 04:03:23 [/us/index.php/bmzh.php][WARN]  bmzh.php WARN
2014/08/03 04:03:23 [/index.php/jspspy.php][WARN]  jspspy.php WARN
2014/08/03 04:03:23 [/us/index.php/JspSpy.php][WARN]  JspSpy.php WARN
2014/08/03 04:03:23 [/index.php/ASPXspy.php][WARN]  ASPXspy.php WARN
2014/08/03 04:03:23 [/us/index.php/jspSpy.php][WARN]  jspSpy.php WARN
2014/08/03 04:03:23 [/index.php/aspxspy.php][WARN]  aspxspy.php WARN
2014/08/03 04:03:23 [/index.php/PHPspy.php][WARN]  PHPspy.php WARN
2014/08/03 04:03:23 [/us/index.php/jspspy.php][WARN]  jspspy.php WARN
2014/08/03 04:03:23 [/index.php/phpspy.php][WARN]  phpspy.php WARN
2014/08/03 04:03:23 [/us/index.php/ASPXspy.php][WARN]  ASPXspy.php WARN
2014/08/03 04:03:23 [/index.php/xx.php][WARN]  xx.php WARN
2014/08/03 04:03:23 [/us/index.php/aspxspy.php][WARN]  aspxspy.php WARN
2014/08/03 04:03:23 [/us/index.php/PHPspy.php][WARN]  PHPspy.php WARN
2014/08/03 04:03:23 [/index.php/1.php][WARN]  1.php WARN
2014/08/03 04:03:23 [/us/index.php/phpspy.php][WARN]  phpspy.php WARN
2014/08/03 04:03:23 [/index.php/2.php][WARN]  2.php WARN
2014/08/03 04:03:23 [/us/index.php/xx.php][WARN]  xx.php WARN
2014/08/03 04:03:23 [/us/index.php/1.php][WARN]  1.php WARN
2014/08/03 04:03:23 [/index.php/3.php][WARN]  3.php WARN
2014/08/03 04:03:23 [/us/index.php/2.php][WARN]  2.php WARN
2014/08/03 04:03:23 [/index.php/4.php][WARN]  4.php WARN
2014/08/03 04:03:23 [/us/index.php/3.php][WARN]  3.php WARN
2014/08/03 04:03:23 [/us/index.php/9.php][WARN]  9.php WARN
2014/08/03 04:03:24 [/index.php/w.php][WARN]  w.php WARN
2014/08/03 04:03:24 [/us/index.php/q.php][WARN]  q.php WARN
2014/08/03 04:03:24 [/index.php/e.php][WARN]  e.php WARN
2014/08/03 04:03:24 [/us/index.php/w.php][WARN]  w.php WARN
2014/08/03 04:03:24 [/index.php/r.php][WARN]  r.php WARN
2014/08/03 04:03:24 [/us/index.php/e.php][WARN]  e.php WARN
2014/08/03 04:03:24 [/us/index.php/r.php][WARN]  r.php WARN
2014/08/03 04:03:24 [/index.php/m.php][WARN]  m.php WARN
2014/08/03 04:03:24 [/us/index.php/n.php][WARN]  n.php WARN
2014/08/03 04:03:24 [/index.php/shell.php][WARN]  shell.php WARN
2014/08/03 04:03:24 [/us/index.php/m.php][WARN]  m.php WARN
2014/08/03 04:03:24 [/us/index.php/shell.php][WARN]  shell.php WARN
2014/08/03 04:03:27 [/kdrive/index.php/?shell.php][WARN]  ?

shell.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/ASPWebPack.php][WARN] ASPWebPack.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/121.php][WARN] 121.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/dana.php][WARN] dana.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/dark.php][WARN] dark.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/dd.php][WARN] dd.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/foots.php][WARN] foots.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/kqx.php][WARN] kqx.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/pic.php][WARN] pic.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/wrsky.php][WARN] wrsky.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/wuge.php][WARN] wuge.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/免杀.php][WARN] 免杀.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/小鱼免杀.php][WARN] 小鱼免杀.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/风韵.php][WARN] 风韵.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/DarkBlade.php][WARN] DarkBlade.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/cmd.php][WARN] cmd.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/diy.php][WARN] diy.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/upfile4k2.php][WARN] upfile4k2.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/xiao.php][WARN] xiao.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/dic.php][WARN] dic.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/wt.php][WARN] wt.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/80sec.php][WARN] 80sec.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/dabao.php][WARN] dabao.php WARN 2014/08/03 04:03:27 [/kdrive/index.php/T0p.php][WARN] T0p.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/fuck.php][WARN] fuck.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/dm.php][WARN] dm.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/xm.php][WARN] xm.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/dama.php][WARN] dama.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/xiaoma.php][WARN] xiaoma.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/asp.php][WARN] asp.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/jsp.php][WARN] jsp.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/php.php][WARN] php.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/aspx.php][WARN] aspx.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/mima.php][WARN] mima.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/kill.php][WARN] kill.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/ko.php][WARN] ko.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/rootnull.php][WARN] rootnull.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/root.php][WARN] root.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/r00t.php][WARN] r00t.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/sh0w.php][WARN] sh0w.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/safer.php][WARN] safer.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/houmen.php][WARN] houmen.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/h0umen.php][WARN] h0umen.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/ceshi.php][WARN] ceshi.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/jiance.php][WARN] jiance.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/aq.php][WARN] aq.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/bmzh.php][WARN] bmzh.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/JspSpy.php][WARN] JspSpy.php WARN 2014/08/03 04:03:28 [/kdrive/index.php/jspSpy.php][WARN] jspSpy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/jspspy.php][WARN] jspspy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/ASPXspy.php][WARN] ASPXspy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/aspxspy.php][WARN] aspxspy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/PHPspy.php][WARN] PHPspy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/phpspy.php][WARN] phpspy.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/xx.php][WARN] xx.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/1.php][WARN] 1.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/2.php][WARN] 2.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/q.php][WARN] q.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/w.php][WARN] w.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/e.php][WARN] e.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/r.php][WARN] r.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/t.php][WARN] t.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/y.php][WARN] y.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/u.php][WARN] u.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/i.php][WARN] i.php WARN 2014/08/03 04:03:29 [/kdrive/index.php/o.php][WARN] o.php WARN 2014/08/03 04:03:30 [/kdrive/index.php/shell.php][WARN] shell.php WARN 2014/08/03 04:03:33 [/index.php/nulllllllllll.html][WARN] nulllllllllll.html WARN 2014/08/03 04:03:35 [/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:35 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:35 [/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:35 [/us/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:35 [/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:35 [/us/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:35 [/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:35 [/us/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:35 [/us/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:36 [/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:36 [/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:36 [/us/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:36 [/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:36 [/us/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:36 [/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:36 [/us/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:36 [/us/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:36 [/kdrive/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:36 [/kdrive/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/bbcode.js][WARN] bbcode.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/newsfader.js][WARN] newsfader.js WARN 2014/08/03 04:03:36 [/kdrive/index.php/templates.cdb][WARN] templates.cdb WARN 2014/08/03 04:03:36 [/kdrive/index.php/u2upopup.js][WARN] u2upopup.js WARN 2014/08/03 04:03:37 [/index.php/alipay.html][WARN] alipay.html WARN 2014/08/03 04:03:37 [/us/index.php/alipay.html][WARN] alipay.html WARN 2014/08/03 04:03:38 [/kdrive/index.php/alipay.html][WARN] alipay.html WARN 2014/08/03 04:03:38 [/index.php/wlwmanifest.xml][WARN] wlwmanifest.xml WARN 2014/08/03 04:03:38 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:38 [/us/index.php/wlwmanifest.xml][WARN] wlwmanifest.xml WARN 2014/08/03 04:03:39 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:39 [/kdrive/index.php/wlwmanifest.xml][WARN] wlwmanifest.xml WARN 2014/08/03 04:03:39 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:40 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:41 [/index.php/license.txt][WARN] license.txt WARN 2014/08/03 04:03:41 [/us/index.php/license.txt][WARN] license.txt WARN 2014/08/03 04:03:41 [/kdrive/index.php/license.txt][WARN] license.txt WARN 2014/08/03 04:03:42 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:42 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:43 [/index.php/htaccess.txt][WARN] htaccess.txt WARN 2014/08/03 04:03:43 [/index.php/CONTRIBUTING.md][WARN] CONTRIBUTING.md WARN 2014/08/03 04:03:43 [/us/index.php/htaccess.txt][WARN] htaccess.txt WARN 2014/08/03 04:03:43 [/index.php/phpunit.xml.dist][WARN] phpunit.xml.dist WARN 2014/08/03 04:03:43 [/us/index.php/CONTRIBUTING.md][WARN] CONTRIBUTING.md WARN 2014/08/03 04:03:43 [/index.php/joomla.xml][WARN] joomla.xml WARN 2014/08/03 04:03:43 [/us/index.php/phpunit.xml.dist][WARN] phpunit.xml.dist WARN 2014/08/03 04:03:43 [/index.php/README.txt][WARN] README.txt WARN 2014/08/03 04:03:43 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:43 [/index.php/robots.txt.dist][WARN] robots.txt.dist WARN 2014/08/03 04:03:43 [/us/index.php/joomla.xml][WARN] joomla.xml WARN 2014/08/03 04:03:43 [/index.php/web.config.txt][WARN] web.config.txt WARN 2014/08/03 04:03:43 [/us/index.php/README.txt][WARN] README.txt WARN 2014/08/03 04:03:43 [/us/index.php/robots.txt.dist][WARN] robots.txt.dist WARN 2014/08/03 04:03:43 [/us/index.php/web.config.txt][WARN] web.config.txt WARN 2014/08/03 04:03:44 [/kdrive/index.php/htaccess.txt][WARN] htaccess.txt WARN 2014/08/03 04:03:44 [/kdrive/index.php/CONTRIBUTING.md][WARN] CONTRIBUTING.md WARN 2014/08/03 04:03:44 [/kdrive/index.php/phpunit.xml.dist][WARN] phpunit.xml.dist WARN 2014/08/03 04:03:44 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:44 [/kdrive/index.php/joomla.xml][WARN] joomla.xml WARN 2014/08/03 04:03:44 [/kdrive/index.php/README.txt][WARN] README.txt WARN 2014/08/03 04:03:44 [/kdrive/index.php/robots.txt.dist][WARN] robots.txt.dist WARN 2014/08/03 04:03:44 [/kdrive/index.php/web.config.txt][WARN] web.config.txt WARN 2014/08/03 04:03:45 [/index.php/readme.txt][WARN] readme.txt WARN 2014/08/03 04:03:45 [/us/index.php/readme.txt][WARN] readme.txt WARN 2014/08/03 04:03:45 [/kdrive/index.php/readme.txt][WARN] readme.txt WARN 2014/08/03 04:03:46 [/us/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:47 [/kdrive/index.php/robots.txt][WARN] robots.txt WARN 2014/08/03 04:03:48 [/index.php/licence.txt][WARN] licence.txt WARN 2014/08/03 04:03:48 [/index.php/recommend.html][WARN] recommend.html WARN 2014/08/03 04:03:48 [/index.php/wind.sql][WARN] wind.sql WARN 2014/08/03 04:03:48 [/us/index.php/licence.txt][WARN] licence.txt WARN 2014/08/06 08:57:48 [/us/client/download/Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n][DEBUG]  Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n  2014/08/06 08:57:49 [/us/client/download/WEB-INF\web.xml][DEBUG]  WEB-INF\web.xml  2014/08/06 08:57:49 [/us/client/download/../../../../../../../../windows/win.ini][DEBUG]  ../../../../../../../../windows/win.ini  2014/08/06 08:57:49 [/us/client/download/................windowswin.ini][DEBUG]  ................windowswin.ini  2014/08/06 08:57:49 [/us/client/download/..\..\..\..\..\..\..\..\windows\win.ini][DEBUG]  ..\..\..\..\..\..\..\..\windows\win.ini  2014/08/06 08:57:49 [/us/client/download/WEB-INF\web.xml][DEBUG]  WEB-INF\web.xml 


4. XSS、特殊字符等探測

也非常多。不粘贴出来了。

2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.cgi][WARN] 
2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.exe][WARN] 
2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.cfm][WARN] 
2014/08/03 03:55:03 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.html][WARN] 
2014/08/03 03:55:04 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.jsp][WARN]  
2014/08/03 03:55:04 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.php][WARN] 
2014/08/03 03:55:04 [/<IMG SRC="javascript:alert(cross_site_scripting.nasl);">.php3][WARN]
2014/08/06 08:58:39 [/us/client/site/!(()&&!|*|*|]
2014/08/06 08:58:36 [/us/hi/password/"+response.write(9800452*9475116)+"]
2014/08/06 08:58:33 [/us/hi/password/${99833+100209}][DEBUG]
2014/08/06 08:58:40 [/us/client/download/)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))][WARN] 

总结:

还是那句:过滤输入,转义输出

另外:病从口入,站点URL地址就是这个口