久久久久av_欧美日韩一区二区在线_国产精品三区四区_日韩中字在线

Discuz! 官方交流社區

標題: 救命似乎又被掛馬了!!! [打印本頁]
作者: monery2    時間: 2021-8-2 16:49
標題: 救命似乎又被掛馬了!!!
mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=9.3&archy_gzdy=2&archy_xlyq=8&archy_gznx=3&archy_zpzw=2&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:13 [error] 6118#6118: *20268 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 171.109.216.72, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=9.3&archy_gzdy=2&archy_xlyq=8&archy_gznx=3&archy_zpzw=2&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20281 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 171.109.216.126, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=22.10&archy_xlyq=4&archy_gzdy=1&archy_zpzw=1&archy_gznx=4&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20281 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 171.109.216.126, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=22.10&archy_xlyq=4&archy_gzdy=1&archy_zpzw=1&archy_gznx=4&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20282 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 95.223.229.18, server: abcd.com, request: "GET /member.php?mod=logging&action=login&referer=https%3A%2F%2Frosyhub.com HTTP/1.1", host: "www.abcd.com", referrer: "https://www.abcd.com/"
2021/08/02 16:44:14 [error] 6118#6118: *20282 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 95.223.229.18, server: abcd.com, request: "GET /member.php?mod=logging&action=login&referer=https%3A%2F%2Frosyhub.com HTTP/1.1", host: "www.abcd.com", referrer: "https://www.abcd.com/"
2021/08/02 16:44:14 [error] 6118#6118: *20293 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 171.109.216.108, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=1&archy_zpzw=2&archy_xlyq=2&archy_gznx=3&archy_gzdy=4&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20293 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 171.109.216.108, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=1&archy_zpzw=2&archy_xlyq=2&archy_gznx=3&archy_gzdy=4&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20295 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 114.119.158.50, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=6&archy_gznx=3&archy_gzdy=2&archy_gsmc=all&archy_zpzw=all&archy_xlyq=7&page=1 HTTP/1.1", host: "www.abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20295 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 114.119.158.50, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=6&archy_gznx=3&archy_gzdy=2&archy_gsmc=all&archy_zpzw=all&archy_xlyq=7&page=1 HTTP/1.1", host: "www.abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20300 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 114.119.134.230, server: abcd.com, request: "GET /home.php?mod=space&uid=22364&do=wall&from=space HTTP/1.1", host: "www.abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20300 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 114.119.134.230, server: abcd.com, request: "GET /home.php?mod=space&uid=22364&do=wall&from=space HTTP/1.1", host: "www.abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20249 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 171.109.216.50, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=4&archy_zpzw=3&archy_gzdy=6&archy_xlyq=6&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20249 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 171.109.216.50, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=4&archy_zpzw=3&archy_gzdy=6&archy_xlyq=6&page=1 HTTP/1.1", host: "abcd.com"




只要一開php必定cpu100%   php-cfm跟sql  

作者: monery2    時間: 2021-8-2 17:13
別的網址都好的 就不知道他掛哪了 文件校驗都是對的
作者: 羅永浩    時間: 2021-8-2 23:51
盜版插件?
作者: 老周部落    時間: 2021-8-3 10:54
看日志好像是 Redis 連接不上,先排查一下 Redis
作者: monery2    時間: 2021-8-4 11:21
monery2 發表于 2021-8-2 17:13
別的網址都好的 就不知道他掛哪了 文件校驗都是對的

后來后臺查了nginx 查了php配置,最后發現是買的模板啟用后cpu飆高的,用默認的就好了 正在排查中。。。。
作者: monery2    時間: 2021-8-4 11:33
https://pc6a.com/1540.html.  似乎跟這個有關被惡意爬蟲了
作者: monery2    時間: 2021-8-4 22:51
好像也不是在排查中 插件全關了仍然沒有解決 奇怪
作者: monery2    時間: 2021-8-7 16:13
因為上班,連續三天4個小時,終于找到了,查找過程是這樣,查了nginx和php的配置正常,又查找死鎖表沒有,關閉所有插件仍然cpu飚高,還原默認模板,降到20%左右(但仍然不正常,測試新站3%以下),監聽網卡發現一直有ip訪問我的站,以為是哪個php被掛馬了(因為之前就掛過),查找所有被改過的文件沒有惡意掛馬現象,仍然飚高,又記錄調出mysql最近的查詢語句,不停的在select, 看了一下查詢語句好像就是有ip不停的刷我的網站,換了域名CPU正常了(原理域名被cc了),換回域名,開啟cc防護將http頭記錄在客戶端cookie中驗證無效,很有可能是木馬肉雞攻擊,又開啟cc防護將js驗證在客戶端cookie中正常了,期間開過阿里云的waf,理論上也可以防但收費無奈太貴放棄了
作者: monery2    時間: 2021-8-10 14:29
再補充下 https://blog.csdn.net/weixin_34234823/article/details/89779113



歡迎光臨 Discuz! 官方交流社區 (http://www.9999xn.com/) Powered by Discuz! W1.0