>백엔드 개발 >PHP 튜토리얼 >Apache经常挂掉,日志中有奇怪的请求,欢迎探讨

Apache经常挂掉,日志中有奇怪的请求,欢迎探讨

WBOY
WBOY원래의
2016-06-06 20:29:521476검색

最近频繁有Apache服务挂掉的问题,分析日志有大量奇怪的访问请求,请问是什么原因?

<code>localhost 115.239.248.246 - - [10/Aug/2015:00:07:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8839821094708698 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:00:40:48 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4025078830133967 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.40.114 - - [10/Aug/2015:01:02:54 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.159.2.233 - - [10/Aug/2015:01:03:07 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 115.239.248.246 - - [10/Aug/2015:01:13:49 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3043665172696199 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.51.130 - - [10/Aug/2015:01:17:51 +0800] "GET http://115.159.2.233/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_85"
localhost 115.239.248.246 - - [10/Aug/2015:01:46:50 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4615361246842085 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:02:19:45 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2990789348253239 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:02:52:44 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6869198661483608 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:03:25:46 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2991618600130071 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.159.2.233 - - [10/Aug/2015:03:26:25 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 192.184.40.114 - - [10/Aug/2015:03:26:55 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.239.248.246 - - [10/Aug/2015:03:58:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.1211653377116418 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:04:31:39 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.0352315087349496 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:05:04:36 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6878875883743808 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.40.114 - - [10/Aug/2015:05:17:39 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.159.2.233 - - [10/Aug/2015:05:18:18 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 115.239.248.246 - - [10/Aug/2015:05:37:29 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.7106912058271124 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:06:10:24 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3061906553984412 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:06:43:20 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6265654122561397 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:07:16:21 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6289064254784770 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:07:49:23 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8639985854100296 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 211.142.200.2 - - [10/Aug/2015:08:10:54 +0800] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
</code>

回复内容:

最近频繁有Apache服务挂掉的问题,分析日志有大量奇怪的访问请求,请问是什么原因?

<code>localhost 115.239.248.246 - - [10/Aug/2015:00:07:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8839821094708698 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:00:40:48 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4025078830133967 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.40.114 - - [10/Aug/2015:01:02:54 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.159.2.233 - - [10/Aug/2015:01:03:07 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 115.239.248.246 - - [10/Aug/2015:01:13:49 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3043665172696199 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.51.130 - - [10/Aug/2015:01:17:51 +0800] "GET http://115.159.2.233/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_85"
localhost 115.239.248.246 - - [10/Aug/2015:01:46:50 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.4615361246842085 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:02:19:45 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2990789348253239 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:02:52:44 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6869198661483608 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:03:25:46 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.2991618600130071 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.159.2.233 - - [10/Aug/2015:03:26:25 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 192.184.40.114 - - [10/Aug/2015:03:26:55 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.239.248.246 - - [10/Aug/2015:03:58:42 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.1211653377116418 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:04:31:39 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.0352315087349496 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:05:04:36 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6878875883743808 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 192.184.40.114 - - [10/Aug/2015:05:17:39 +0800] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_71"
localhost 115.159.2.233 - - [10/Aug/2015:05:18:18 +0800] "GET http://www.szwindoor.com/test/test_proxy.php HTTP/1.1" 404 - "-" "Java/1.7.0_65"
localhost 115.239.248.246 - - [10/Aug/2015:05:37:29 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.7106912058271124 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:06:10:24 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3061906553984412 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:06:43:20 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6265654122561397 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:07:16:21 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.6289064254784770 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 115.239.248.246 - - [10/Aug/2015:07:49:23 +0800] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.8639985854100296 HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"
localhost 211.142.200.2 - - [10/Aug/2015:08:10:54 +0800] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
</code>

http://zc.qq.com/cgi-bin/common/ 这个你程序中有请求这个地址么?

感觉是不是页面代码里面有一些qq统计的代码但是链接拼错了?

GET里带域名这是HTTP正向代理的格式吧……
看起来有人把你当成HTTP代理,或者有人在测试有没有支持正向代理出去的服务器(里面一堆test_proxy之类的东西)

<code>::ffff:192.184.40.114 - - [14/Aug/2015:06:55:01 +0000] "GET http://192.184.40.114/check_proxy.php HTTP/1.1" 200 594 "-" "Java/1.7.0_71"</code>

我的也是,楼主有什么解决方案吗?是因为没有设置反向代理吗?

我自己写了个http服务器,获取到了些信息,其实就是一个IP地址为115.239.228.14 伪造http请求,如果我这台服务器是个转发http请求的服务的话就能把他的这个请求转发并且返回结果。

<code>[2016-03-11 15:37:57--734000] [22496] CNetConnectHandle::handle_input(holder=Acceptor,sid=) => connect-handle 00000000000001D4 | IP(115.239.228.14:30584) 
[2016-03-11 15:37:57--740000] [22496] CReactorExplorer::ParseCmdLine() => Parse http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3376436716251803 .
[2016-03-11 15:37:57--741000] [22496] CResourceExplorer::OpenReactor() => sid is NULL in http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3376436716251803.
[2016-03-11 15:37:57--743000] [22496] CHttpFilter::InputProcess(sid=) => Fail to CResourceExplorer::OpenReactor(http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.3376436716251803)</code>
성명:
본 글의 내용은 네티즌들의 자발적인 기여로 작성되었으며, 저작권은 원저작자에게 있습니다. 본 사이트는 이에 상응하는 법적 책임을 지지 않습니다. 표절이나 침해가 의심되는 콘텐츠를 발견한 경우 admin@php.cn으로 문의하세요.