受到黑客攻击
来源:互联网 发布:网络主播琪琪 编辑:程序博客网 时间:2024/06/11 02:43
导致内存用量增加,最终服务挂掉的Catalina.out文件LOG的一部分:
16:57:12,881 ERROR [http-bio-80-exec-162][PortletRequestProcessor:324] Remote address 180.97.106.3716:57:12,890 ERROR [http-bio-80-exec-162][PortletRequestProcessor:326] Invalid path was requested /login/login%') LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#16:57:13,322 WARN [http-bio-80-exec-132][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:15,542 ERROR [http-bio-80-exec-130][status_jsp:753] javax.portlet.PortletModeException: -9964%' or row(9156,3991)>(select count(*),concat(0x3a7167613a,(select (case when (9156=9156) then 1 else 0 end)),0x3a756f6e3a,floor(rand(0)*2))x from (select 5923 union select 8842 union select 7286 union select 3066)a group by x) and '%'='16:57:15,722 ERROR [http-bio-80-exec-140][status_jsp:753] javax.portlet.PortletModeException: -617716:57:15,942 ERROR [http-bio-80-exec-149][status_jsp:753] javax.portlet.PortletModeException: -1974 or row(9156,3991)>(select count(*),concat(0x3a7167613a,(select (case when (9156=9156) then 1 else 0 end)),0x3a756f6e3a,floor(rand(0)*2))x from (select 5923 union select 8842 union select 7286 union select 3066)a group by x) -- fsxt16:57:15,994 WARN [http-bio-80-exec-160][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 1263%'ORROW(4430,4808)>(SELECTCOUNT(*),CONCAT(0x3a716f703a,(SELECT(CASEWHEN(4430=4430)THEN1ELSE0END)),0x3a6e74743a,FLOOR(RAND(0)*2))xFROM(SELECT2861UNIONSELECT6672UNIONSELECT2046UNIONSELECT9462)aGROUPBYx)AND'%'='16:57:16,089 WARN [http-bio-80-exec-139][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:16,271 ERROR [http-bio-80-exec-158][status_jsp:753] javax.portlet.PortletModeException: -633216:57:16,317 ERROR [http-bio-80-exec-155][PortletRequestProcessor:321] User ID null16:57:16,318 ERROR [http-bio-80-exec-155][PortletRequestProcessor:322] Current URL /ca/web/-/1?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin%25%27%29%20LIMIT%201%2C1%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2316:57:16,319 ERROR [http-bio-80-exec-155][PortletRequestProcessor:323] Referer null16:57:16,319 ERROR [http-bio-80-exec-155][PortletRequestProcessor:324] Remote address 180.97.106.16216:57:16,320 ERROR [http-bio-80-exec-155][PortletRequestProcessor:326] Invalid path was requested /login/login%') LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#16:57:16,398 WARN [http-bio-80-exec-111][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 663616:57:16,434 WARN [http-bio-80-exec-131][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:16,555 ERROR [http-bio-80-exec-148][PortletRequestProcessor:321] User ID null16:57:16,572 ERROR [http-bio-80-exec-148][PortletRequestProcessor:322] Current URL /ca/web/-/1?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin%25%27%29%20LIMIT%201%2C1%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2316:57:16,572 ERROR [http-bio-80-exec-148][PortletRequestProcessor:323] Referer null16:57:16,573 ERROR [http-bio-80-exec-148][PortletRequestProcessor:324] Remote address 180.97.106.16216:57:16,583 ERROR [http-bio-80-exec-148][PortletRequestProcessor:326] Invalid path was requested /login/login%') LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#16:57:16,642 ERROR [http-bio-80-exec-136][status_jsp:753] javax.portlet.PortletModeException: -4023) or 1 group by concat(0x3a7167613a,(select (case when (5081=5081) then 1 else 0 end)),0x3a756f6e3a,floor(rand(0)*2)) having min(0)#16:57:16,855 WARN [http-bio-80-exec-130][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 9125)OR1GROUPBYCONCAT(0x3a716f703a,(SELECT(CASEWHEN(1418=1418)THEN1ELSE0END)),0x3a6e74743a,FLOOR(RAND(0)*2))HAVINGMIN(0)#16:57:17,187 WARN [http-bio-80-exec-126][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:17,530 WARN [http-bio-80-exec-139][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:18,105 WARN [http-bio-80-exec-148][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:18,155 WARN [http-bio-80-exec-161][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4502)OR1GROUPBYCONCAT(0x3a716f703a,(SELECT(CASEWHEN(1418=1418)THEN1ELSE0END)),0x3a6e74743a,FLOOR(RAND(0)*2))HAVINGMIN(0)#16:57:18,303 ERROR [http-bio-80-exec-162][PortletRequestProcessor:321] User ID null16:57:18,304 ERROR [http-bio-80-exec-162][PortletRequestProcessor:322] Current URL /ca/web/-/1?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin%25%27%29%20LIMIT%201%2C1%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2316:57:18,305 ERROR [http-bio-80-exec-162][PortletRequestProcessor:323] Referer null16:57:18,305 ERROR [http-bio-80-exec-162][PortletRequestProcessor:324] Remote address 180.97.106.16116:57:18,306 ERROR [http-bio-80-exec-162][PortletRequestProcessor:326] Invalid path was requested /login/login%') LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000f9cbe000, 104079360, 0) failed; error='Cannot allocate memory' (errno=12)## There is insufficient memory for the Java Runtime Environment to continue.# Native memory allocation (mmap) failed to map 104079360 bytes for committing reserved memory.# An error report file with more information is saved as:# //hs_err_pid1701.log
更多关于内存增加导致服务挂掉的我的记录,点击这里。
部分网站access记录:
221.223.194.189 - - [17/Jan/2017:13:36:41 +0000] "GET / HTTP/1.1" 200 5805221.223.194.189 - - [17/Jan/2017:13:36:41 +0000] "GET /image/layout_set_logo?img_id=29201&t=1484660200797 HTTP/1.1" 200 3260221.223.194.189 - - [17/Jan/2017:13:36:41 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:13:36:43 +0000] "GET /web/-/- HTTP/1.1" 200 4218221.223.194.189 - - [17/Jan/2017:13:36:43 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:13:36:45 +0000] "GET /Temperature/Temperature%20Diagram_wait.html HTTP/1.1" 304 -221.223.194.189 - - [17/Jan/2017:13:36:45 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337203.208.60.231 - - [17/Jan/2017:13:38:59 +0000] "GET /web/guest/-7?p_p_auth=LJR72FTn&p_p_id=49&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&_49_struts_action=%2Fmy_sites%2Fview&_49_groupId=20181&_49_privateLayout=false HTTP/1.1" 200 649266.249.73.196 - - [17/Jan/2017:22:46:49 +0000] "GET /html/portlet/login/css/main.css?browserId=other&themeId=QXDC_WAR_QXDCtheme&minifierType=css&languageId=hu_HU&b=6203&t=1481899774000 HTTP/1.1" 200 376221.223.194.189 - - [17/Jan/2017:22:46:58 +0000] "GET / HTTP/1.1" 200 5805221.223.194.189 - - [17/Jan/2017:22:46:58 +0000] "GET /image/layout_set_logo?img_id=29201&t=1484693211586 HTTP/1.1" 200 3260221.223.194.189 - - [17/Jan/2017:22:46:59 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:47:01 +0000] "GET /web/-/-1 HTTP/1.1" 200 4883221.223.194.189 - - [17/Jan/2017:22:47:01 +0000] "GET /Temperature/Temperature%20Diagram_wait_no_button.html? HTTP/1.1" 304 -221.223.194.189 - - [17/Jan/2017:22:47:01 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:47:02 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337221.223.194.189 - - [17/Jan/2017:22:48:38 +0000] "GET / HTTP/1.1" 200 5805221.223.194.189 - - [17/Jan/2017:22:48:39 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:48:41 +0000] "GET /web/-/-2 HTTP/1.1" 200 5264221.223.194.189 - - [17/Jan/2017:22:48:41 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337221.223.194.189 - - [17/Jan/2017:22:48:41 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:48:44 +0000] "GET /web/-/-1 HTTP/1.1" 200 4881221.223.194.189 - - [17/Jan/2017:22:48:44 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:48:44 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337221.223.194.189 - - [17/Jan/2017:22:48:46 +0000] "GET /web/-/- HTTP/1.1" 200 4218221.223.194.189 - - [17/Jan/2017:22:48:47 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:48:48 +0000] "GET /Temperature/Temperature%20Diagram_wait.html HTTP/1.1" 304 -221.223.194.189 - - [17/Jan/2017:22:48:48 +0000] "GET /favicon.ico HTTP/1.1" 200 1150221.223.194.189 - - [17/Jan/2017:22:48:48 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337221.223.194.189 - - [17/Jan/2017:22:50:45 +0000] "GET /Temperature/Temperature%20Diagram_wait.html HTTP/1.1" 304 -221.223.194.189 - - [17/Jan/2017:22:50:46 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337
有关的IP地址分析:
125.35.57.13 公司IP地址,含WIFI下连接
61.148.242.8 联通3G连接
221.223.194.189 家里联通宽带的IP地址
111.197.147.101 家里联通宽带的IP地址
180.153.236.35 上海某IP地址
设置Tomcat禁止一些IP地址的访问:
效果如下:
/var/lib/pgsql/data目录下,pg_hba.conf和pg_ident.conf,以及postgresql.conf在2016年Jul, 14 修改过。
pg_hba.conf修改前拷贝一份带日期的作为留底。修改后,直接重启DB服务(service postgresql restart)就可以了。
受影响的日期:
修改后的DB接入,仅仅允许我自己的几个服务器的IP地址可以连接(具体参见笔记):
相关效果:
拷贝了部分pg_hba.conf说明如下:
# PostgreSQL Client Authentication Configuration File# ===================================================## Refer to the "Client Authentication" section in the# PostgreSQL documentation for a complete description# of this file. A short synopsis follows.## This file controls: which hosts are allowed to connect, how clients# are authenticated, which PostgreSQL user names they can use, which# databases they can access. Records take one of these forms:## local DATABASE USER METHOD [OPTIONS]# host DATABASE USER CIDR-ADDRESS METHOD [OPTIONS]# hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTIONS]# hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTIONS]## (The uppercase items must be replaced by actual values.)## The first field is the connection type: "local" is a Unix-domain socket,# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.## DATABASE can be "all", "sameuser", "samerole", a database name, or# a comma-separated list thereof.## USER can be "all", a user name, a group name prefixed with "+", or# a comma-separated list thereof. In both the DATABASE and USER fields# you can also write a file name prefixed with "@" to include names from# a separate file.## CIDR-ADDRESS specifies the set of hosts the record matches.# It is made up of an IP address and a CIDR mask that is an integer# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies# the number of significant bits in the mask. Alternatively, you can write# an IP address and netmask in separate columns to specify the set of hosts.## METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", "krb5",# "ident", "pam", "ldap" or "cert". Note that "password" sends passwords# in clear text; "md5" is preferred since it sends encrypted passwords.## OPTIONS are a set of options for the authentication in the format# NAME=VALUE. The available options depend on the different authentication# methods - refer to the "Client Authentication" section in the documentation# for a list of which options are available for which authentication methods.## Database and user names containing spaces, commas, quotes and other special# characters must be quoted. Quoting one of the keywords "all", "sameuser" or# "samerole" makes the name lose its special character, and just match a# database or username with that name.## This file is read on server startup and when the postmaster receives# a SIGHUP signal. If you edit the file on a running system, you have# to SIGHUP the postmaster for the changes to take effect. You can use# "pg_ctl reload" to do that.# Put your actual configuration here# ----------------------------------## If you want to allow non-local connections, you need to add more# "host" records. In that case you will also need to make PostgreSQL listen# on a non-local interface via the listen_addresses configuration parameter,# or via the -i or -h command line switches.## CAUTION: Configuring the system for local "trust" authentication allows# any local user to connect as any PostgreSQL user, including the database# superuser. If you do not trust all your local users, use another# authentication method.# TYPE DATABASE USER CIDR-ADDRESS METHOD# "local" is for Unix domain socket connections only
0 0
- 受到黑客攻击
- 伊朗黑客发难 百度受到历史最严重攻击(转)
- "谷姐"凌晨受到攻击
- 公司网络受到攻击
- 黑客攻击
- 网络受到攻击了吗
- 服务器受到arp病毒攻击
- [CentOS] 受到ssh攻击怎么办?
- 哈理工 1291 受到攻击
- 监视你的网络是否受到攻击
- 局域网受到ARP欺骗攻击的解决办法
- windows服务器是如何受到攻击的?
- filezilla server ftp受到攻击处理
- Ubuntu的供应商受到影响,攻击大多数人
- liunx网络系统可能受到那些攻击
- hrbust 1291 受到攻击【计算几何】
- 受到CC攻击有哪些症状?
- 常见黑客攻击类型
- 搭建三层架构
- 使用IDEA进行远程调试
- codeforces-755【C思维、并查集】
- wampserver2.5 apache2.4.9配置https 图文
- php简单的tocken验证
- 受到黑客攻击
- 关系型数据库与非关系型数据库....
- IoC之HelloWorld
- 指定长度进行剪切字符串
- android中Otto事件总线框架的使用
- pip安装selenium
- javaweb+tomcat实现通过ip访问项目
- AJAX - Jquery.ajax()
- 百度地图开发--解决地图无法显示的问题