为了账号安全,请及时绑定邮箱和手机立即绑定

网站受到奇怪的攻击,请求网站的地址是 https://epay.12306.cn?

首页 猿问 网站受到奇怪的攻击,请求网站的地址...

网站受到奇怪的攻击,请求网站的地址是 https://epay.12306.cn?

PHP
翻过高山走不出你 2019-03-05 15:56:19
今天检查网站的debug,偶然发现了几条奇怪的记录: 不明白为什么会有向 https://*.12306.cn 发送的请求指向了我的服务器 下面是几个请求的Request Headers 1. POST https://epay.12306.cn/pay/payGateway at 2018-12-07 06:37:06 pm by 139.199.188.192 Name Value upgrade-insecure-requests '1' referer 'https://kyfw.12306.cn/otn/pay...' origin 'https://kyfw.12306.cn' content-type 'application/x-www-form-urlencoded' connection 'keep-alive' cache-control 'max-age=0' accept-language 'zh-CN,zh;q=0.8,en;q=0.6' accept-encoding 'gzip, deflate, br' accept 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8' content-length '1987' user-agent 'Mozilla/5.0 (Windows NT 6.3; ARM; Trident/7.0; Touch; rv:11.0) like Gecko' host 'epay.12306.cn' 2. GET https://kyfw.12306.cn/otn/login/init at 2018-12-07 06:36:34 pm by 121.41.39.6 Name Value referer 'https://kyfw.12306.cn/otn/lef...' connection 'keep-alive' accept-language 'zh-CN,zh;q=0.8,en;q=0.6' accept-encoding 'gzip, deflate, sdch, br' accept '/' user-agent 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A' host 'kyfw.12306.cn' 3. GET https://mobile.12306.cn/otsmobile/app/mgs/mgw.htm?operationType=com.cars.otsmobile.queryLeftTicket&requestData=%5B%7B%22train_date%22%3A%2220181217%22%2C%22purpose_codes%22%3A%2200%22%2C%22from_station%22%3A%22PIJ%22%2C%22to_station%22%3A%22POJ%22%2C%22station_train_code%22%3A%22%22%2C%22start_time_begin%22%3A%220000%22%2C%22start_time_end%22%3A%222400%22%2C%22train_headers%22%3A%22QB%23%22%2C%22train_flag%22%3A%22%22%2C%22seat_type%22%3A%22%22%2C%22seatBack_Type%22%3A%22%22%2C%22ticket_num%22%3A%22%22%2C%22dfpStr%22%3A%22%22%2C%22baseDTO%22%3A%7B%22check_code%22%3A%227d6a7259915ae11894d2afae8b3cb8a9%22%2C%22device_no%22%3A%2261af7de9dbacd2b6%22%2C%22mobile_no%22%3A%22%22%2C%22os_type%22%3A%22a%22%2C%22time_str%22%3A%2220181207183649%22%2C%22user_name%22%3A%22%22%2C%22version_no%22%3A%224.1.9%22%7D%7D%5D&ts=1544179009469&sign= at 2018-12-07 06:36:49 pm by 111.230.50.47 Name Value accept-encoding 'gzip' workspaceid 'product' trackerid '' signtype '0' riskudid '00cb8864-fa0c-11e8-8657-000000000000' platform 'ANDROID' did '61af7de9dbacd2b6' appid '9101430221728' user-agent 'Go-http-client/1.1' host 'mobile.12306.cn' 有哪位大佬了解是怎么发动攻击的吗?
查看完整描述

4 回答

?
墨色风雨

TA贡献1853条经验 获得超6个赞

我查看服务器日志,出现了和你一样的情况,就这样放着不管吗?

查看完整回答
反对 回复 2019-03-18
?
繁华开满天机

TA贡献1816条经验 获得超4个赞

我也有,怎么处理?

查看完整回答
反对 回复 2019-03-18
?
宝慕林4294392

TA贡献2021条经验 获得超8个赞

大佬你们好,很想知道一下最后是怎么处理的?我这边相同情况,查看nginx的日志发现每天无时无刻源源不断地在请求otsmobile/app/mgs/mgw.htm?operationType=com.... 状态是301。
只能推断是有人利用服务器流量,然后把这个请求(otsmobile/app/mgs)再转发到12306(推测)进行刷票。
但我查遍了nginx没有发现配置文件有任何被改动的地方。

查看完整回答
反对 回复 2019-03-18
  • 4 回答
  • 0 关注
  • 2529 浏览

添加回答

了解更多

举报

0/150
提交
取消
意见反馈 帮助中心 APP下载
官方微信