最近频繁有Apache服务挂掉的问题,分析日志有大量奇怪的访问请求,请问是什么原因?
<code>localhost 115.239.248.246 - - [10/Aug/2015:00:07:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8839821094708698 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:00:40:48 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4025078830133967 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 192.184.40.114 - - [10/Aug/2015:01:02:54 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71" localhost 115.159.2.233 - - [10/Aug/2015:01:03:07 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65" localhost 115.239.248.246 - - [10/Aug/2015:01:13:49 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3043665172696199 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 192.184.51.130 - - [10/Aug/2015:01:17:51 +0800] "GET http://115.159.2.233/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_85" localhost 115.239.248.246 - - [10/Aug/2015:01:46:50 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4615361246842085 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:02:19:45 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2990789348253239 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:02:52:44 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6869198661483608 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:03:25:46 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2991618600130071 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.159.2.233 - - [10/Aug/2015:03:26:25 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65" localhost 192.184.40.114 - - [10/Aug/2015:03:26:55 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71" localhost 115.239.248.246 - - [10/Aug/2015:03:58:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.1211653377116418 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:04:31:39 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.0352315087349496 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:05:04:36 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6878875883743808 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 192.184.40.114 - - [10/Aug/2015:05:17:39 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71" localhost 115.159.2.233 - - [10/Aug/2015:05:18:18 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65" localhost 115.239.248.246 - - [10/Aug/2015:05:37:29 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.7106912058271124 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:06:10:24 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3061906553984412 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:06:43:20 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6265654122561397 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:07:16:21 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6289064254784770 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:07:49:23 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8639985854100296 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 211.142.200.2 - - [10/Aug/2015:08:10:54 +0800] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" </code>
最近频繁有Apache服务挂掉的问题,分析日志有大量奇怪的访问请求,请问是什么原因?
<code>localhost 115.239.248.246 - - [10/Aug/2015:00:07:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8839821094708698 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:00:40:48 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4025078830133967 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 192.184.40.114 - - [10/Aug/2015:01:02:54 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71" localhost 115.159.2.233 - - [10/Aug/2015:01:03:07 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65" localhost 115.239.248.246 - - [10/Aug/2015:01:13:49 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3043665172696199 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 192.184.51.130 - - [10/Aug/2015:01:17:51 +0800] "GET http://115.159.2.233/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_85" localhost 115.239.248.246 - - [10/Aug/2015:01:46:50 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4615361246842085 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:02:19:45 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2990789348253239 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:02:52:44 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6869198661483608 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:03:25:46 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2991618600130071 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.159.2.233 - - [10/Aug/2015:03:26:25 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65" localhost 192.184.40.114 - - [10/Aug/2015:03:26:55 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71" localhost 115.239.248.246 - - [10/Aug/2015:03:58:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.1211653377116418 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:04:31:39 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.0352315087349496 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:05:04:36 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6878875883743808 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 192.184.40.114 - - [10/Aug/2015:05:17:39 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71" localhost 115.159.2.233 - - [10/Aug/2015:05:18:18 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65" localhost 115.239.248.246 - - [10/Aug/2015:05:37:29 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.7106912058271124 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:06:10:24 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3061906553984412 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:06:43:20 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6265654122561397 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:07:16:21 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6289064254784770 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 115.239.248.246 - - [10/Aug/2015:07:49:23 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8639985854100296 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)" localhost 211.142.200.2 - - [10/Aug/2015:08:10:54 +0800] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" </code>
http://zc.qq.com/cgi-bin/common/ 这个你程序中有请求这个地址么?
感觉是不是页面代码里面有一些qq统计的代码但是链接拼错了?
GET里带域名这是HTTP正向代理的格式吧……
看起来有人把你当成HTTP代理,或者有人在测试有没有支持正向代理出去的服务器(里面一堆test_proxy之类的东西)
<code>::ffff:192.184.40.114 - - [14/Aug/2015:06:55:01 +0000] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 200 594 "-" "Java/1.7.0_71"</code>
我的也是,楼主有什么解决方案吗?是因为没有设置反向代理吗?
我自己写了个http服务器,获取到了些信息,其实就是一个IP地址为115.239.228.14 伪造http请求,如果我这台服务器是个转发http请求的服务的话就能把他的这个请求转发并且返回结果。
<code>[2016-03-11 15:37:57--734000] [22496] CNetConnectHandle::handle_input(holder=Acceptor,sid=) => connect-handle 00000000000001D4 | IP(115.239.228.14:30584) [2016-03-11 15:37:57--740000] [22496] CReactorExplorer::ParseCmdLine() => Parse http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3376436716251803 . [2016-03-11 15:37:57--741000] [22496] CResourceExplorer::OpenReactor() => sid is NULL in http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3376436716251803. [2016-03-11 15:37:57--743000] [22496] CHttpFilter::InputProcess(sid=) => Fail to CResourceExplorer::OpenReactor(http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3376436716251803)</code>