虎泰克博客

阿里云ECS莫名其妙CPU飙升的原因


上次把某个网站数据库删除之后ECS没有出现满CPU的情况了,但是还是经常出现50%以上的情况。这对这

20160204090115上次把某个网站数据库删除之后ECS没有出现满CPU的情况了,但是还是经常出现50%以上的情况。这对这样一个小站显然是不合理的,今天8:40又出现了报警,于是打开httpd日志看到阿里内网一台机器一直在向网站发出各种各样的请求,估计是阿里云盾,因为还有看到扫描SQL注入漏洞的 121.42.0.38 - - [04/Feb/2016:08:38:06 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:06 +0800] "GET /page/5?page=-1688%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:07 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:08 +0800] "GET /page/5?page=-1702%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:08 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:09 +0800] "GET /organizbuydetail.aspx?guid=63f1322b-be59-4ef0-a8b9-4c8f4c8a7fd6%27%20AND%201927%3DCONVERT%28INT%2C%28SELECT%20CHAR%28113%29%2BCHAR%2898%29%2BCHAR%2898%29%2BCHAR%28113%29%2BCHAR%28113%29%2B%28SELECT%20SUBSTRING%28%28ISNULL%28CAST%28124789213-12312412%20AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%29%2C1%2C1024%29%29%2BCHAR%28113%29%2BCHAR%28113%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%28113%29%29%29%20AND%20%27Pjcs%27%3D%27Pjcs&productguid=0c06ac6c-c074-46bc-87b4-cbf9b72bd390 HTTP/1.1" 301 - 121.42.0.38 - - [04/Feb/2016:08:38:09 +0800] "GET /page/5?page=-1007%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:09 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:10 +0800] "GET /page/5?page=-1569%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:11 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:11 +0800] "GET /page/5?page=-1027%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:12 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:12 +0800] "GET /page/5?page=-1353%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:13 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:13 +0800] "GET /page/5?page=-1941%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 应该就是大量请求才导致CPU飙升的,所以云盾扫描也是造成CPU飙升的原因之一


Statement: all articles / drawings reproduced on this website are for the purpose of transmitting more information and facilitating discussion, which does not mean that the website, the host and the organizer agree with their opinions or confirm the authenticity of their contents. The contents of the articles are for reference only. If the rights of the original author are violated, please contact the website administrator.

Sign in to comment

Comment list

    No data