阿里云ECS莫名其妙CPU飙升的原因
随风飘扬 学习 2016年02月04日0:58 2737
上次把某个网站数据库删除之后ECS没有出现满CPU的情况了,但是还是经常出现50%以上的情况。这对这
上次把某个网站数据库删除之后ECS没有出现满CPU的情况了,但是还是经常出现50%以上的情况。这对这样一个小站显然是不合理的,今天8:40又出现了报警,于是打开httpd日志看到阿里内网一台机器一直在向网站发出各种各样的请求,估计是阿里云盾,因为还有看到扫描SQL注入漏洞的
121.42.0.38 - - [04/Feb/2016:08:38:06 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:06 +0800] "GET /page/5?page=-1688%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:07 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:08 +0800] "GET /page/5?page=-1702%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:08 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:09 +0800] "GET /organizbuydetail.aspx?guid=63f1322b-be59-4ef0-a8b9-4c8f4c8a7fd6%27%20AND%201927%3DCONVERT%28INT%2C%28SELECT%20CHAR%28113%29%2BCHAR%2898%29%2BCHAR%2898%29%2BCHAR%28113%29%2BCHAR%28113%29%2B%28SELECT%20SUBSTRING%28%28ISNULL%28CAST%28124789213-12312412%20AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%29%2C1%2C1024%29%29%2BCHAR%28113%29%2BCHAR%28113%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%28113%29%29%29%20AND%20%27Pjcs%27%3D%27Pjcs&productguid=0c06ac6c-c074-46bc-87b4-cbf9b72bd390 HTTP/1.1" 301 -
121.42.0.38 - - [04/Feb/2016:08:38:09 +0800] "GET /page/5?page=-1007%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:09 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:10 +0800] "GET /page/5?page=-1569%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:11 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:11 +0800] "GET /page/5?page=-1027%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:12 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:12 +0800] "GET /page/5?page=-1353%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:13 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
121.42.0.38 - - [04/Feb/2016:08:38:13 +0800] "GET /page/5?page=-1941%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26
应该就是大量请求才导致CPU飙升的,所以云盾扫描也是造成CPU飙升的原因之一
Declaración: los textos que se reproducen en la red, como textos / gráficos, tienen por objeto transmitir más información y facilitar las deliberaciones, y no implican que el sitio y los patrocinadores o patrocinadores compartan sus opiniones o confirmen la autenticidad de su contenido, que sólo es de carácter informativo y que si se violan los derechos de los autores originales, por favor se pongan en contacto con el Administrador del sitio web.
Lista de comentarios