搭建的易支付网站被人暴力破解

406次阅读
没有评论

2024-08-15更新:天天有个人爆破,把后台管理登录地址/admin/login.php 修改为一个随机地址。

某天想登录网站后台查看数据,却无法登录,提示:“多次登录失败,暂时禁止登录。可删除@login.lock文件解除限制”。

登录服务器,查看@login.lock文件生成的时间,该文件位于/admin/@login.lock,创建时间:2024-07-20 21:45:44,然后通过网站日志查看时间段的网络请求。

185.189.161.13 - - [20/Jul/2024:17:56:49 +0800] "GET /admin/login.php HTTP/1.1" 301 162 "-" "python-requests/2.24.0"
185.189.161.13 - - [20/Jul/2024:17:56:51 +0800] "GET /admin/login.php HTTP/1.1" 200 1882 "-" "python-requests/2.24.0"
185.189.161.13 - - [20/Jul/2024:17:56:54 +0800] "POST /admin/login.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4195.1 Safari/537.36"
185.189.161.13 - - [20/Jul/2024:17:56:56 +0800] "GET /admin/login.php HTTP/1.1" 200 1882 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4195.1 Safari/537.36"
185.189.161.13 - - [20/Jul/2024:17:56:57 +0800] "GET /admin/code.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4195.1 Safari/537.36"
185.189.161.13 - - [20/Jul/2024:17:56:59 +0800] "GET /admin/code.php HTTP/1.1" 200 5720 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4195.1 Safari/537.36"
185.189.161.13 - - [20/Jul/2024:17:57:01 +0800] "POST /admin/login.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4195.1 Safari/537.36"
185.189.161.13 - - [20/Jul/2024:17:57:03 +0800] "GET /admin/login.php HTTP/1.1" 200 1882 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4195.1 Safari/537.36"
185.189.161.13 - - [20/Jul/2024:17:57:05 +0800] "GET /admin/login.php HTTP/1.1" 200 1882 "-" "python-requests/2.24.0"
185.189.161.13 - - [20/Jul/2024:17:57:09 +0800] "POST /admin/login.php HTTP/1.1" 200 1882 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4195.1 Safari/537.36"
185.189.161.13 - - [20/Jul/2024:17:57:11 +0800] "GET /admin/code.php HTTP/1.1" 200 5626 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4195.1 Safari/537.36"
185.189.161.13 - - [20/Jul/2024:17:57:13 +0800] "POST /admin/login.php HTTP/1.1" 200 1882 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4195.1 Safari/537.36"
185.189.161.13 - - [20/Jul/2024:21:45:19 +0800] "GET /admin/login.php?act=login HTTP/1.1" 301 162 "-" "python-requests/2.24.0"
185.189.161.13 - - [20/Jul/2024:21:45:21 +0800] "GET /admin/login.php?act=login HTTP/1.1" 200 43 "-" "python-requests/2.24.0"
185.189.161.13 - - [20/Jul/2024:21:45:24 +0800] "POST /admin/login.php?act=login HTTP/1.1" 301 162 "http://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"
185.189.161.13 - - [20/Jul/2024:21:45:26 +0800] "GET /admin/login.php?act=login HTTP/1.1" 200 101 "http://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"
185.189.161.13 - - [20/Jul/2024:21:45:27 +0800] "GET /admin/code.php HTTP/1.1" 301 162 "http://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"
185.189.161.13 - - [20/Jul/2024:21:45:28 +0800] "GET /admin/code.php HTTP/1.1" 200 5842 "http://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"
185.189.161.13 - - [20/Jul/2024:21:45:30 +0800] "POST /admin/login.php?act=login HTTP/1.1" 301 162 "http://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"
185.189.161.13 - - [20/Jul/2024:21:45:32 +0800] "GET /admin/login.php?act=login HTTP/1.1" 200 101 "http://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"
185.189.161.13 - - [20/Jul/2024:21:45:36 +0800] "GET /admin/login.php?act=login HTTP/1.1" 200 43 "-" "python-requests/2.24.0"
185.189.161.13 - - [20/Jul/2024:21:45:40 +0800] "POST /admin/login.php?act=login HTTP/1.1" 200 77 "https://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"
185.189.161.13 - - [20/Jul/2024:21:45:41 +0800] "GET /admin/code.php HTTP/1.1" 200 5586 "https://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"
185.189.161.13 - - [20/Jul/2024:21:45:44 +0800] "POST /admin/login.php?act=login HTTP/1.1" 200 131 "https://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"
185.189.161.13 - - [20/Jul/2024:21:45:46 +0800] "POST /admin/login.php?act=login HTTP/1.1" 200 77 "https://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"
185.189.161.13 - - [20/Jul/2024:21:45:48 +0800] "GET /admin/code.php HTTP/1.1" 200 5546 "https://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"
185.189.161.13 - - [20/Jul/2024:21:45:48 +0800] "POST /admin/login.php?act=login HTTP/1.1" 200 153 "https://pay.elebear.com/admin/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0"

前面的部分请求的user-agent是python-requests,后面的user-agent虽然显示Firefox,但估计也是模拟的,实际发起请求应该还是使用pythone-requests发送的。

通过http访问185.189.161.13,发现是一个Golang语言文档网站。

搭建的易支付网站被人暴力破解

被曝日志:

  • 185.189.161.5 – – [29/Jul/2024:10:55:50 +0800]
正文完
 0
wujingquan
版权声明:本站原创文章,由 wujingquan 于2024-07-21发表,共计5088字。
转载说明:Unless otherwise specified, all articles are published by cc-4.0 protocol. Please indicate the source of reprint.
评论(没有评论)