luntan-beijiechi-beiheikeruqin 一种手机与攻击结合的cc！

wangbin

有许多不注意安全的站长被劫持后作为手机木马的服务器，被用完后又被作为攻击的跳板，这个是在日志中发现的。http://112.74.202.59/bbs 应该被人劫持了，发出大量的攻击请求给第三方。


220.181.108.81 - - [28/Mar/2016:08:01:44 +0800] "GET /thread-839211487-1-1.html HTTP/1.1" 200 31 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" "-"
117.83.126.3 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&11622 HTTP/1.1" 200 4403 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 8_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12D508 baiduboxapp/0_0.0.5.6_enohpi_4331_057/2.8_2C2%257enohPi/1099a/680AA1037541BF81DF684C2A25EC3E1371B2C23F7FCGOIAOEKD/1" "-"
118.118.46.84 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&2355 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
114.250.43.97 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&6570 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Mobile/11B554a" "-"
190.171.121.120 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&11752 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.3; ARM; Trident/7.0; Touch; rv:11.0) like Gecko" "-"
114.250.43.97 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&19072 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Mobile/11B554a" "-"
36.110.119.79 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&5177 HTTP/1.1" 200 4401 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Mobile; Windows Phone 8.1; Android 4.0; ARM; Trident/7.0; Touch; rv:11.0; IEMobile/11.0; NOKIA; Nokia 1320) like iPhone OS 7_0_3 Mac OS X AppleWebKit/537 (KHTML, like Gecko) Mobile Safari/537" "-"
118.26.176.23 - - [28/Mar/2016:08:01:44 +0800] "-" 400 0 "-" "-" "-"
118.26.176.23 - - [28/Mar/2016:08:01:44 +0800] "-" 400 0 "-" "-" "-"
36.49.161.162 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&12325 HTTP/1.1" 200 4404 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13E233 baiduboxapp/0_0.0.2.7_enohpi_4331_057/3.9_2C2%257enohPi/1099a/4EEABE58AAED5E2147D0C162DCEDAF3D4294B6B01OCMALKBFQA/1" "-"
171.111.40.82 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&18852 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko" "-"
114.250.43.97 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&808 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Mobile/11B554a" "-"
36.49.161.162 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&13542 HTTP/1.1" 200 4404 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13E233 baiduboxapp/0_0.0.2.7_enohpi_4331_057/3.9_2C2%257enohPi/1099a/4EEABE58AAED5E2147D0C162DCEDAF3D4294B6B01OCMALKBFQA/1" "-"
114.250.43.97 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&9463 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Mobile/11B554a" "-"
171.111.40.82 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&15746 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko" "-"
118.118.46.84 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&11888 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
211.72.180.203 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?mod=forumdisplay&fid=202&filter=author&orderby=dateline HTTP/1.1" 200 20400 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36" "-"
42.81.45.156 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&14061 HTTP/1.1" 200 128425 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPad; CPU OS 9_2_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) BaiduHD/4.6.1.6 Mobile/10A406 Safari/8536.25" "-"
118.118.46.84 - - [28/Mar/2016:08:01:44 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&14583 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
117.67.84.13 - - [28/Mar/2016:08:01:44 +0800] "-" 400 0 "-" "-" "-"
1.199.75.138 - - [28/Mar/2016:08:01:45 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&14484 HTTP/1.1" 200 4406 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Mobile/11D257 baiduboxapp/0_0.0.8.6_enohpi_069_046/2.1.7_1C2%254enohPi/1099a/4FE73BA8D964A7A3FF37A3BDB52A799BEC2D9FF6FOCCQTOAHEP/1" "-"
220.181.108.176 - - [28/Mar/2016:08:01:45 +0800] "GET /thread-352036016-1-1.html HTTP/1.1" 200 31 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" "-"
la/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0; JuziBrowser) like Gecko" "-"
61.165.249.131 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&16332 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; LCTE; rv:11.0) like Gecko" "-"
123.138.17.243 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&14140 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPad; U; CPU OS 7_1 like Mac OS X; zh-CN; iPad4,1) AppleWebKit/534.46 (KHTML, like Gecko) UCBrowser/2.9.3.730 U3/ Mobile/10A403 Safari/7543.48.3" "-"
124.116.241.64 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&15881 HTTP/1.1" 200 4404 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Linux; Android 5.0.2; ALE-TL00 Build/HuaweiALE-TL00) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36 baiduboxapp/5.0 (Baidu; P1 5.0.2)" "-"
61.165.249.131 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&2164 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; LCTE; rv:11.0) like Gecko" "-"
190.171.121.120 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&347 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.3; ARM; Trident/7.0; Touch; rv:11.0) like Gecko" "-"
171.111.40.82 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&9914 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko" "-"
183.38.83.34 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&16781 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
14.215.44.89 - - [28/Mar/2016:08:01:43 +0800] "-" 400 0 "-" "-" "-"
1.199.75.138 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&15312 HTTP/1.1" 200 4404 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Mobile/11D257 baiduboxapp/0_0.0.8.6_enohpi_069_046/2.1.7_1C2%254enohPi/1099a/4FE73BA8D964A7A3FF37A3BDB52A799BEC2D9FF6FOCCQTOAHEP/1" "-"
124.156.73.67 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&1122 HTTP/1.1" 200 4401 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12F70 search%2F1.0 baiduboxapp/0_0.0.2.7_enohpi_4331_057/3.8_2C2%257enohPi/1099a/87AA1AA38A5C9798AB404457678116455D227A789FRORPIFPQD/1" "-"
175.8.49.54 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&12241 HTTP/1.1" 200 4403 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12H143 rabbit%2F1.0 baiduboxapp/0_0.0.1.7_enohpi_8022_2421/4.8_1C2%257enohPi/1099a/18A63E6E0B9075B18061B407762BDE11D288AF95AOCGMMMTQTK/1" "-"
36.49.161.162 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&5374 HTTP/1.1" 200 4401 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13E233 baiduboxapp/0_0.0.2.7_enohpi_4331_057/3.9_2C2%257enohPi/1099a/4EEABE58AAED5E2147D0C162DCEDAF3D4294B6B01OCMALKBFQA/1" "-"
183.38.83.34 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&3593 HTTP/1.1" 200 27801 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
157.55.39.68 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?mod=post&action=reply&fid=129&tid=1026191&repquote=23923616&extra=page%3D1&page=9 HTTP/1.1" 200 5427 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" "-"
1.204.140.16 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&7975 HTTP/1.1" 200 4399 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_0_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13A404" "-"
14.215.41.36 - - [28/Mar/2016:08:01:43 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&7044 HTTP/1.1" 200 4398 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13B143" "-"

wangbin

http://www.freebuf.com/articles/web/86948.html

有网友谈过这个问题，请大家重视。

pdffj

这么复杂

<a href="cr175.com/soft/92077.html" alt="常荣下载-信长之野望创造战国立志传登陆武将档案">信长之野望创造战国立志传登陆武将档案</a>

lyhabc

@wangbin
这篇文章早就看过了
楼主服务器沦为肉鸡

wangbin

lyhabc 发表于 2016-03-28 17:26
@wangbin
这篇文章早就看过了
楼主服务器沦为肉鸡

我本地没有问题，是其他的沦为肉鸡在攻击我。

wangbin

223.215.127.116 - - [31/Mar/2016:14:54:53 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&2051 HTTP/1.1" 200 28100 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (iPad; CPU OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3" "-"
125.64.220.15 - - [31/Mar/2016:14:54:53 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&19703 HTTP/1.1" 200 28100 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; LCJB; rv:11.0) like Gecko" "-"
1.204.1.182 - - [31/Mar/2016:14:54:53 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&15646 HTTP/1.1" 200 28100 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
119.49.177.152 - - [31/Mar/2016:14:54:53 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&16495 HTTP/1.1" 200 28100 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" "-"
183.45.143.156 - - [31/Mar/2016:14:54:53 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&13404 HTTP/1.1" 200 28100 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" "-"
60.13.249.110 - - [31/Mar/2016:14:54:53 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&11668 HTTP/1.1" 200 28100 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ZHCN)" "-"
60.13.249.110 - - [31/Mar/2016:14:54:53 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&11030 HTTP/1.1" 200 28100 "http://112.74.202.59/bbs/forum.php" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ZHCN)" "-"





很明显112.74.202.59已经成为肉鸡了，通过js cc攻击。