您的位置:首页技术文章
文章详情页

java - tomcat服务器莫名其妙打印出一些陌生IP请求,望各位大牛指导

【字号: 日期:2024-01-09 15:24:41浏览:25作者:猪猪

问题描述

118.190.15.31 阿里云- - [26/Feb/2017:02:30:48 +0800] 'GET / HTTP

117.185.27.114 上海移动- - [26/Feb/2017:02:47:54 +0800] 'GET /v1

118.178.227.101 - - [26/Feb/2017:03:29:00 +0800] 'GET /manager/h118.178.227.101 - tomcat [26/Feb/2017:03:29:03 +0800] 'GET /mana118.178.227.101 - - [26/Feb/2017:03:31:27 +0800] 'GET /manager/h118.178.227.101 - tomcat [26/Feb/2017:03:31:27 +0800] 'GET /mana118.178.227.101 - - [26/Feb/2017:03:31:27 +0800] 'GET /manager/i118.178.227.101 - - [26/Feb/2017:03:31:27 +0800] 'GET /manager/i118.178.227.101 - - [26/Feb/2017:03:31:28 +0800] 'GET /favicon.i

112.90.82.218 深圳联通- - [26/Feb/2017:04:30:42 +0800] 'GET /v10

180.153.212.13 上海电信- - [26/Feb/2017:04:30:51 +0800] 'GET /v1

36.34.10.89 安徽合肥- - [26/Feb/2017:04:50:46 +0800] 'CONNECT ww171.37.30.132 - - [26/Feb/2017:04:50:46 +0800] 'GET / HTTP/1.1'

125.39.207.33 天津联通 - - [26/Feb/2017:08:46:03 +0800] 'GET / H

101.226.64.174 上海电信 - - [26/Feb/2017:09:10:19 +0800] 'GET /v

123.151.42.61 - - [26/Feb/2017:09:12:16 +0800] 'GET / HTTP/1.1'

101.226.66.177 上海电信- - [26/Feb/2017:15:52:56 +0800] 'GET /ma

107.179.126.18 - - [26/Feb/2017:16:38:16 +0800] 'GET /manager/ht

139.162.81.62 美国- - [26/Feb/2017:17:45:20 +0800] 'GET /echo.ph

101.226.64.174 - - [26/Feb/2017:17:15:19 +0800] 'GET /manager/h

112.65.193.14 - - [26/Feb/2017:19:41:59 +0800] 'GET /manager/ht

119.5.0.45 - - [26/Feb/2017:19:42:12 +0800] 'GET /manager/html/

220.191.238.115 - - [26/Feb/2017:19:56:49 +0800] 'GET /phpmyadm

42.51.194.10 河南洛阳BGP多线- - [26/Feb/2017:21:21:37 +0800] 'GE42.51.194.10 - tomcat [26/Feb/2017:21:21:38 +0800] 'GET /manager

101.226.102.97 上海电信- - [26/Feb/2017:21:22:19 +0800] 'GET /ma

112.28.129.115 - - [26/Feb/2017:21:35:17 +0800] 'GET /manager/ht

112.28.129.115 - tomcat [26/Feb/2017:21:35:18 +0800] 'GET /manag112.28.129.115 - - [26/Feb/2017:21:35:18 +0800] 'GET /manager/im112.28.129.115 - - [26/Feb/2017:21:35:18 +0800] 'GET /manager/im112.28.129.115 - - [26/Feb/2017:21:35:18 +0800] 'GET /favicon.ic

101.226.33.202 - - [26/Feb/2017:23:54:20 +0800] 'GET /manager/ht

应用放在腾讯云上,但是日志莫名其妙有一些陌生的IP,查了一下地址标注在了后面,求大牛指导是什么原因

问题解答

回答1:

应用发布到网上,除了正常访问,一般还会有如下三种情况:

爬虫访问 这种情况在tomcat打印access日志时,把 user-agent 打印出来就可以看到,会有搜索引擎名字,如baidu、sogou等,而且一般搜索引擎IP都可以反查到,可以IP查询(http://www.ip138.com)反查一下

安全站点扫描 如果使用360或其他站长安全扫描工具,也会有大量IP过来访问

恶意工具扫描 与第二项类似,安全扫描会通过之前设置好的扫描点逐步扫描,也会造成大量IP访问

排查时主要关注扫描IP是否搜索引擎或安全站点扫描IP,以及扫描的目录点来综合判断,如果判断为恶意IP,可以配合防火墙规则进行屏蔽即可。

回答2:

额,被爬虫爬到了……

把User-Agent也打出来吧,会大开眼界的 :-)

回答3:

下面这条应该不是爬虫,是扫描程序吧

220.191.238.115 - - [26/Feb/2017:19:56:49 +0800] 'GET /phpmyadm

标签: java