受到黑客攻击

来源：互联网发布：网络主播琪琪编辑：程序博客网时间：2024/06/11 02:43

导致内存用量增加，最终服务挂掉的Catalina.out文件LOG的一部分：

16:57:12,881 ERROR [http-bio-80-exec-162][PortletRequestProcessor:324] Remote address 180.97.106.3716:57:12,890 ERROR [http-bio-80-exec-162][PortletRequestProcessor:326] Invalid path was requested /login/login%') LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#16:57:13,322 WARN  [http-bio-80-exec-132][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:15,542 ERROR [http-bio-80-exec-130][status_jsp:753] javax.portlet.PortletModeException: -9964%' or row(9156,3991)>(select count(*),concat(0x3a7167613a,(select (case when (9156=9156) then 1 else 0 end)),0x3a756f6e3a,floor(rand(0)*2))x from (select 5923 union select 8842 union select 7286 union select 3066)a group by x)  and '%'='16:57:15,722 ERROR [http-bio-80-exec-140][status_jsp:753] javax.portlet.PortletModeException: -617716:57:15,942 ERROR [http-bio-80-exec-149][status_jsp:753] javax.portlet.PortletModeException: -1974 or row(9156,3991)>(select count(*),concat(0x3a7167613a,(select (case when (9156=9156) then 1 else 0 end)),0x3a756f6e3a,floor(rand(0)*2))x from (select 5923 union select 8842 union select 7286 union select 3066)a group by x) -- fsxt16:57:15,994 WARN  [http-bio-80-exec-160][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 1263%'ORROW(4430,4808)>(SELECTCOUNT(*),CONCAT(0x3a716f703a,(SELECT(CASEWHEN(4430=4430)THEN1ELSE0END)),0x3a6e74743a,FLOOR(RAND(0)*2))xFROM(SELECT2861UNIONSELECT6672UNIONSELECT2046UNIONSELECT9462)aGROUPBYx)AND'%'='16:57:16,089 WARN  [http-bio-80-exec-139][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:16,271 ERROR [http-bio-80-exec-158][status_jsp:753] javax.portlet.PortletModeException: -633216:57:16,317 ERROR [http-bio-80-exec-155][PortletRequestProcessor:321] User ID null16:57:16,318 ERROR [http-bio-80-exec-155][PortletRequestProcessor:322] Current URL /ca/web/-/1?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin%25%27%29%20LIMIT%201%2C1%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2316:57:16,319 ERROR [http-bio-80-exec-155][PortletRequestProcessor:323] Referer null16:57:16,319 ERROR [http-bio-80-exec-155][PortletRequestProcessor:324] Remote address 180.97.106.16216:57:16,320 ERROR [http-bio-80-exec-155][PortletRequestProcessor:326] Invalid path was requested /login/login%') LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#16:57:16,398 WARN  [http-bio-80-exec-111][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 663616:57:16,434 WARN  [http-bio-80-exec-131][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:16,555 ERROR [http-bio-80-exec-148][PortletRequestProcessor:321] User ID null16:57:16,572 ERROR [http-bio-80-exec-148][PortletRequestProcessor:322] Current URL /ca/web/-/1?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin%25%27%29%20LIMIT%201%2C1%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2316:57:16,572 ERROR [http-bio-80-exec-148][PortletRequestProcessor:323] Referer null16:57:16,573 ERROR [http-bio-80-exec-148][PortletRequestProcessor:324] Remote address 180.97.106.16216:57:16,583 ERROR [http-bio-80-exec-148][PortletRequestProcessor:326] Invalid path was requested /login/login%') LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#16:57:16,642 ERROR [http-bio-80-exec-136][status_jsp:753] javax.portlet.PortletModeException: -4023) or 1 group by concat(0x3a7167613a,(select (case when (5081=5081) then 1 else 0 end)),0x3a756f6e3a,floor(rand(0)*2)) having min(0)#16:57:16,855 WARN  [http-bio-80-exec-130][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 9125)OR1GROUPBYCONCAT(0x3a716f703a,(SELECT(CASEWHEN(1418=1418)THEN1ELSE0END)),0x3a6e74743a,FLOOR(RAND(0)*2))HAVINGMIN(0)#16:57:17,187 WARN  [http-bio-80-exec-126][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:17,530 WARN  [http-bio-80-exec-139][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:18,105 WARN  [http-bio-80-exec-148][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4916:57:18,155 WARN  [http-bio-80-exec-161][SecurityPortletContainerWrapper:630] Reject process action for http://180.76.147.172/web/-/1 on 4502)OR1GROUPBYCONCAT(0x3a716f703a,(SELECT(CASEWHEN(1418=1418)THEN1ELSE0END)),0x3a6e74743a,FLOOR(RAND(0)*2))HAVINGMIN(0)#16:57:18,303 ERROR [http-bio-80-exec-162][PortletRequestProcessor:321] User ID null16:57:18,304 ERROR [http-bio-80-exec-162][PortletRequestProcessor:322] Current URL /ca/web/-/1?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin%25%27%29%20LIMIT%201%2C1%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2316:57:18,305 ERROR [http-bio-80-exec-162][PortletRequestProcessor:323] Referer null16:57:18,305 ERROR [http-bio-80-exec-162][PortletRequestProcessor:324] Remote address 180.97.106.16116:57:18,306 ERROR [http-bio-80-exec-162][PortletRequestProcessor:326] Invalid path was requested /login/login%') LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000f9cbe000, 104079360, 0) failed; error='Cannot allocate memory' (errno=12)## There is insufficient memory for the Java Runtime Environment to continue.# Native memory allocation (mmap) failed to map 104079360 bytes for committing reserved memory.# An error report file with more information is saved as:# //hs_err_pid1701.log

更多关于内存增加导致服务挂掉的我的记录，点击这里。

部分网站access记录：

221.223.194.189 - - [17/Jan/2017:13:36:41 +0000] "GET / HTTP/1.1" 200 5805221.223.194.189 - - [17/Jan/2017:13:36:41 +0000] "GET /image/layout_set_logo?img_id=29201&t=1484660200797 HTTP/1.1" 200 3260221.223.194.189 - - [17/Jan/2017:13:36:41 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:13:36:43 +0000] "GET /web/-/- HTTP/1.1" 200 4218221.223.194.189 - - [17/Jan/2017:13:36:43 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:13:36:45 +0000] "GET /Temperature/Temperature%20Diagram_wait.html HTTP/1.1" 304 -221.223.194.189 - - [17/Jan/2017:13:36:45 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337203.208.60.231 - - [17/Jan/2017:13:38:59 +0000] "GET /web/guest/-7?p_p_auth=LJR72FTn&p_p_id=49&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&_49_struts_action=%2Fmy_sites%2Fview&_49_groupId=20181&_49_privateLayout=false HTTP/1.1" 200 649266.249.73.196 - - [17/Jan/2017:22:46:49 +0000] "GET /html/portlet/login/css/main.css?browserId=other&themeId=QXDC_WAR_QXDCtheme&minifierType=css&languageId=hu_HU&b=6203&t=1481899774000 HTTP/1.1" 200 376221.223.194.189 - - [17/Jan/2017:22:46:58 +0000] "GET / HTTP/1.1" 200 5805221.223.194.189 - - [17/Jan/2017:22:46:58 +0000] "GET /image/layout_set_logo?img_id=29201&t=1484693211586 HTTP/1.1" 200 3260221.223.194.189 - - [17/Jan/2017:22:46:59 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:47:01 +0000] "GET /web/-/-1 HTTP/1.1" 200 4883221.223.194.189 - - [17/Jan/2017:22:47:01 +0000] "GET /Temperature/Temperature%20Diagram_wait_no_button.html? HTTP/1.1" 304 -221.223.194.189 - - [17/Jan/2017:22:47:01 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:47:02 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337221.223.194.189 - - [17/Jan/2017:22:48:38 +0000] "GET / HTTP/1.1" 200 5805221.223.194.189 - - [17/Jan/2017:22:48:39 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:48:41 +0000] "GET /web/-/-2 HTTP/1.1" 200 5264221.223.194.189 - - [17/Jan/2017:22:48:41 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337221.223.194.189 - - [17/Jan/2017:22:48:41 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:48:44 +0000] "GET /web/-/-1 HTTP/1.1" 200 4881221.223.194.189 - - [17/Jan/2017:22:48:44 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:48:44 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337221.223.194.189 - - [17/Jan/2017:22:48:46 +0000] "GET /web/-/- HTTP/1.1" 200 4218221.223.194.189 - - [17/Jan/2017:22:48:47 +0000] "GET /html/js/liferay/available_languages.jsp?browserId=other&themeId=QXDC_WAR_QXDCtheme&colorSchemeId=01&minifierType=js&languageId=zh_CN&b=6203&t=1429173626000 HTTP/1.1" 200 473221.223.194.189 - - [17/Jan/2017:22:48:48 +0000] "GET /Temperature/Temperature%20Diagram_wait.html HTTP/1.1" 304 -221.223.194.189 - - [17/Jan/2017:22:48:48 +0000] "GET /favicon.ico HTTP/1.1" 200 1150221.223.194.189 - - [17/Jan/2017:22:48:48 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337221.223.194.189 - - [17/Jan/2017:22:50:45 +0000] "GET /Temperature/Temperature%20Diagram_wait.html HTTP/1.1" 304 -221.223.194.189 - - [17/Jan/2017:22:50:46 +0000] "GET /ServeletQ/TestSV HTTP/1.1" 200 5337

有关的IP地址分析：

125.35.57.13 公司IP地址，含WIFI下连接

61.148.242.8 联通3G连接

221.223.194.189 家里联通宽带的IP地址

111.197.147.101 家里联通宽带的IP地址

180.153.236.35 上海某IP地址

设置Tomcat禁止一些IP地址的访问：

效果如下：

/var/lib/pgsql/data目录下，pg_hba.conf和pg_ident.conf，以及postgresql.conf在2016年Jul, 14 修改过。

pg_hba.conf修改前拷贝一份带日期的作为留底。修改后，直接重启DB服务(service postgresql restart）就可以了。

受影响的日期：

修改后的DB接入，仅仅允许我自己的几个服务器的IP地址可以连接（具体参见笔记）：

相关效果：

拷贝了部分pg_hba.conf说明如下：

# PostgreSQL Client Authentication Configuration File# ===================================================## Refer to the "Client Authentication" section in the# PostgreSQL documentation for a complete description# of this file.  A short synopsis follows.## This file controls: which hosts are allowed to connect, how clients# are authenticated, which PostgreSQL user names they can use, which# databases they can access.  Records take one of these forms:## local      DATABASE  USER  METHOD  [OPTIONS]# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]## (The uppercase items must be replaced by actual values.)## The first field is the connection type: "local" is a Unix-domain socket,# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.## DATABASE can be "all", "sameuser", "samerole", a database name, or# a comma-separated list thereof.## USER can be "all", a user name, a group name prefixed with "+", or# a comma-separated list thereof.  In both the DATABASE and USER fields# you can also write a file name prefixed with "@" to include names from# a separate file.## CIDR-ADDRESS specifies the set of hosts the record matches.# It is made up of an IP address and a CIDR mask that is an integer# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies# the number of significant bits in the mask.  Alternatively, you can write# an IP address and netmask in separate columns to specify the set of hosts.## METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", "krb5",# "ident", "pam", "ldap" or "cert".  Note that "password" sends passwords# in clear text; "md5" is preferred since it sends encrypted passwords.## OPTIONS are a set of options for the authentication in the format# NAME=VALUE. The available options depend on the different authentication# methods - refer to the "Client Authentication" section in the documentation# for a list of which options are available for which authentication methods.## Database and user names containing spaces, commas, quotes and other special# characters must be quoted. Quoting one of the keywords "all", "sameuser" or# "samerole" makes the name lose its special character, and just match a# database or username with that name.## This file is read on server startup and when the postmaster receives# a SIGHUP signal.  If you edit the file on a running system, you have# to SIGHUP the postmaster for the changes to take effect.  You can use# "pg_ctl reload" to do that.# Put your actual configuration here# ----------------------------------## If you want to allow non-local connections, you need to add more# "host" records. In that case you will also need to make PostgreSQL listen# on a non-local interface via the listen_addresses configuration parameter,# or via the -i or -h command line switches.## CAUTION: Configuring the system for local "trust" authentication allows# any local user to connect as any PostgreSQL user, including the database# superuser. If you do not trust all your local users, use another# authentication method.# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD# "local" is for Unix domain socket connections only

0 0