部署在云上内部使用的服务一直有 ip 恶意请求 - V2EX
首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
广告
pureGirl
V2EX    信息安全

部署在云上内部使用的服务一直有 ip 恶意请求

  •   
  •   pureGirl 228 天前 3477 次点击
    这是一个创建于 228 天前的主题,其中的信息可能已经有所发展或是发生改变。
    跟丧尸围城一样
    django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: '123456.czxcz.cn:8000'. You may need to add '123456.czxcz.cn' to ALLOWED_HOSTS.
    Invalid HTTP_HOST header: '123456.czxcz.cn:8000'. You may need to add '123456.czxcz.cn' to ALLOWED_HOSTS.
    Traceback (most recent call last):
    File "/usr/local/lib/python3.13/site-packages/django/core/handlers/exception.py", line 55, in inner
    respOnse= get_response(request)
    File "/usr/local/lib/python3.13/site-packages/django/utils/deprecation.py", line 128, in __call__
    respOnse= self.process_request(request)
    File "/usr/local/lib/python3.13/site-packages/django/middleware/common.py", line 48, in process_request
    host = request.get_host()
    File "/usr/local/lib/python3.13/site-packages/django/http/request.py", line 151, in get_host
    raise DisallowedHost(msg)
    django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: '123456.czxcz.cn:8000'. You may need to add '123456.czxcz.cn' to ALLOWED_HOSTS.
    Bad Request: /robots.txt
    Bad Request: /robots.txt
    Invalid HTTP_HOST header: '123456.czxcz.cn:8000'. You may need to add '123456.czxcz.cn' to ALLOWED_HOSTS.
    Traceback (most recent call last):
    File "/usr/local/lib/python3.13/site-packages/django/core/handlers/exception.py", line 55, in inner
    respOnse= get_response(request)
    File "/usr/local/lib/python3.13/site-packages/django/utils/deprecation.py", line 128, in __call__
    respOnse= self.process_request(request)
    File "/usr/local/lib/python3.13/site-packages/django/middleware/common.py", line 48, in process_request
    host = request.get_host()
    File "/usr/local/lib/python3.13/site-packages/django/http/request.py", line 151, in get_host
    raise DisallowedHost(msg)
    django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: '123456.czxcz.cn:8000'. You may need to add '123456.czxcz.cn' to ALLOWED_HOSTS.
    Invalid HTTP_HOST header: '123456.czxcz.cn:8000'. You may need to add '123456.czxcz.cn' to ALLOWED_HOSTS.
    Traceback (most recent call last):
    File "/usr/local/lib/python3.13/site-packages/django/core/handlers/exception.py", line 55, in inner
    respOnse= get_response(request)
    File "/usr/local/lib/python3.13/site-packages/django/utils/deprecation.py", line 128, in __call__
    respOnse= self.process_request(request)
    File "/usr/local/lib/python3.13/site-packages/django/middleware/common.py", line 48, in process_request
    host = request.get_host()
    File "/usr/local/lib/python3.13/site-packages/django/http/request.py", line 151, in get_host
    raise DisallowedHost(msg)
    django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: '123456.czxcz.cn:8000'. You may need to add '123456.czxcz.cn' to ALLOWED_HOSTS.
    Bad Request: /sitemap.xml
    Bad Request: /sitemap.xml
    [2025-02-24 04:01:19 +0800] [17] [WARNING] Invalid request from ip=43.158.213.246: Invalid HTTP request line: '\x16\x03\x01\x00\x01\x00\x00\x03\x03~]\x88}à\x91\x7f3p\x112±_¨;@0\x00\x00\x1a/+\x11\x07\x13\t\x14\n\x00\x05\x00/\x005\x12\x00\n\x01\x00\x00|\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n\x00\x08\x00\x06\x00\x17\x00\x18\x00\x19\x00\x0b\x00\x02\x01\x00\x00#\x00\x00\x00\r\x00&\x00$\x06\x01\x06\x03\x06\x02\x05\x01\x05\x03\x05\x02\x04\x01\x04\x03\x04\x02\x03\x01\x03\x03\x03\x02\x02\x01\x02\x03\x02\x02\x01\x01\x01\x03\x01\x02\x01\x00\x01\x00\x00(\x00"\x00 a%/k\x00T$\x83\x0e6\x97\x8fE'
    [2025-02-24 04:02:26 +0800] [18] [WARNING] Invalid request from ip=43.158.213.246: Invalid HTTP request line: '\x16\x03\x01\x00\x01\x00\x00ê\x03\x03\x9c\x98\x9dO1\x06O\x83?bU\r\x16u\x11'
    Forbidden (Permission denied): /
    Traceback (most recent call last):
    File "/usr/local/lib/python3.13/site-packages/django/core/handlers/exception.py", line 55, in inner
  • IP
  • 恶意请求
  • DisallowedHost
    17 条回复    2025-02-24 20:22:47 +08:00
    pureGirl
        1
    pureGirl  
    OP
       228 天前
    是这个云安全性不好吗,应该怎么解决这个问题
    pota
        2
    pota  
       228 天前
    安全组开白
    lambdaq
        3
    lambdaq  
       228 天前   4
    你铺面开临街,还担心过往人流量多?
    CheckMySoul
        4
    CheckMySoul  
       228 天前   1
    暴露在公网上的内部服务?有固定 ip 就安全组加白名单,要么见一个恶意 ip 屏蔽一个,付费的话就云防火墙+云安全中心+WAF 。
    MFWT
        5
    MFWT  
       228 天前
    互联网噪音,很正常,都是脚本批量扫全网
    建议反向利用一下,根据恶意请求未雨绸缪修补/防止漏洞
    daimaosix
        6
    daimaosix  
       228 天前
    你公开访问必然被扫,都一样。既然是内部服务,为何不安全组加白?见过太多安全组全开放的,基本的安全意识都没得。
    linzyjx
        7
    linzyjx  
       228 天前
    公网 v4 必被扫
    我本地 v4 ,DNS 上加个子域名,1 分钟就看到 waf 上有 IP 过来扫这个域名了。ip 被扫那更是日常
    foolishcrab
        8
    foolishcrab  
       228 天前 via iPhone
    感觉你缺乏基本的运维知识,可以系统了解下企业云上部署结构,花不了几个小时
    opengps
        9
    opengps  
       228 天前
    这就是公网环境,完全正常的现象
    importmeta
        10
    importmeta  
       228 天前
    正常啊, 我经常看我服务器日志, 各种扫描器, 爆破, IP 全都不固定, 不用理会就行了.
    layxy
        11
    layxy  
       228 天前
    公网服务谁都可以访问,这种正常,只要不是 ddos 攻击问题不大,有很多外部扫描挖掘漏洞的(有很多勒索软件也会扫)
    usernametoolong
        12
    usernametoolong  
       228 天前   1
    现在搞网站的都退化到基础问题都不会搞了吗
    luodichen
        13
    luodichen  
       228 天前
    /robots.txt
    /sitemap.xml

    这些可不是恶意请求。
    PureWhiteWu
        14
    PureWhiteWu  
       228 天前
    公网可访问还是不可访问?
    MoeMoesakura
        15
    MoeMoesakura  
       228 天前 via Android
    Nginx 在外面反代一层就是了
    justfun
        16
    justfun  
       228 天前
    只要是公网 IP 都会被扫
    opengps
        17
    opengps  
       228 天前
    @luodichen 不完全,有些分析过程就是用 reobos 来获得后台隐藏路径的做法
    关于     帮助文档     自助推广系统     博客     API     FAQ     Solana     2294 人在线   最高记录 6679       Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 25ms UTC 15:53 PVG 23:53 LAX 08:53 JFK 11:53
    Do have faith in what you're doing.
    ubao snddm index pchome yahoo rakuten mypaper meadowduck bidyahoo youbao zxmzxm asda bnvcg cvbfg dfscv mmhjk xxddc yybgb zznbn ccubao uaitu acv GXCV ET GDG YH FG BCVB FJFH CBRE CBC GDG ET54 WRWR RWER WREW WRWER RWER SDG EW SF DSFSF fbbs ubao fhd dfg ewr dg df ewwr ewwr et ruyut utut dfg fgd gdfgt etg dfgt dfgd ert4 gd fgg wr 235 wer3 we vsdf sdf gdf ert xcv sdf rwer hfd dfg cvb rwf afb dfh jgh bmn lgh rty gfds cxv xcv xcs vdas fdf fgd cv sdf tert sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf shasha9178 shasha9178 shasha9178 shasha9178 shasha9178 liflif2 liflif2 liflif2 liflif2 liflif2 liblib3 liblib3 liblib3 liblib3 liblib3 zhazha444 zhazha444 zhazha444 zhazha444 zhazha444 dende5 dende denden denden2 denden21 fenfen9 fenf619 fen619 fenfe9 fe619 sdf sdf sdf sdf sdf zhazh90 zhazh0 zhaa50 zha90 zh590 zho zhoz zhozh zhozho zhozho2 lislis lls95 lili95 lils5 liss9 sdf0ty987 sdft876 sdft9876 sdf09876 sd0t9876 sdf0ty98 sdf0976 sdf0ty986 sdf0ty96 sdf0t76 sdf0876 df0ty98 sf0t876 sd0ty76 sdy76 sdf76 sdf0t76 sdf0ty9 sdf0ty98 sdf0ty987 sdf0ty98 sdf6676 sdf876 sd876 sd876 sdf6 sdf6 sdf9876 sdf0t sdf06 sdf0ty9776 sdf0ty9776 sdf0ty76 sdf8876 sdf0t sd6 sdf06 s688876 sd688 sdf86