第一次使用 Frp 做内网穿透,早上看服务器日志发现 5 点多有请求日志,是被黑了吗?

2019-04-16 14:29:26 +08:00
 zuoakang

客户端配置:

[common]
server_addr = xxxx
server_port = 7000

[RDP]
type = tcp
local_ip = 0.0.0.0
local_port = 3389
remote_port = 6000

[web]
type = http
local_port = 8080
custom_domains = www.xxxx


[vnc]
type = tcp
local_ip = 127.0.0.1
local_port = 5900
remote_port = 5900

这种情况是不是被黑了? 有人晚上连我的电脑吗?日志记录如下:

2019/04/16 05:14:59 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:15:00 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:15:07 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:15:15 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:15:16 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:15:24 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:15:32 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:15:32 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:15:43 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:15:51 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:16:58 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:17:06 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:17:22 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:17:23 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:17:30 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:17:41 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:18:06 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:18:55 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:19:03 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:19:20 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:19:20 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:19:37 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:19:48 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:19:48 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:19:56 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:20:03 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:20:04 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:20:11 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:20:19 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:20:19 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:20:27 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:22:02 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:22:10 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
 2019/04/16 05:22:17 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
2788 次点击
所在节点    问与答
6 条回复
soulzz
2019-04-16 14:40:21 +08:00
token 要设的吧
现在有些爬虫专门爬你这种 frp 不设密码的
HuasLeung
2019-04-16 15:36:00 +08:00
就这点请求不一定是恶意攻击 有可能是正常采集
sodora
2019-04-16 15:40:00 +08:00
token 当然要设置,但这不是 token 问题。
5900 端口没做限制,有人 /爬虫尝试连接这个端口,如果这个 vnc 没设置密码,就可以直接操控你的电脑了哈。
zuoakang
2019-04-16 16:36:24 +08:00
谢谢大家,token 没有设置确实是问题。vnc 登录是需要电脑自带的账户名和密码的。爬虫为什么要爬这个端口的数据。。
yu1u
2019-04-16 16:39:00 +08:00
@zuoakang 不一定是爬虫,可能是来自网络的扫描在请求这个端口
flynaj
2019-04-17 00:34:39 +08:00
不要用默认端口

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/555682

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX