虎泰克博客

阿里云ECS莫名其妙CPU飙升的原因

随风飘扬 学习 2016年02月04日0:58 2729

上次把某个网站数据库删除之后ECS没有出现满CPU的情况了,但是还是经常出现50%以上的情况。这对这
20160204090115上次把某个网站数据库删除之后ECS没有出现满CPU的情况了,但是还是经常出现50%以上的情况。这对这样一个小站显然是不合理的,今天8:40又出现了报警,于是打开httpd日志看到阿里内网一台机器一直在向网站发出各种各样的请求,估计是阿里云盾,因为还有看到扫描SQL注入漏洞的 121.42.0.38 - - [04/Feb/2016:08:38:06 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:06 +0800] "GET /page/5?page=-1688%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:07 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:08 +0800] "GET /page/5?page=-1702%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:08 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:09 +0800] "GET /organizbuydetail.aspx?guid=63f1322b-be59-4ef0-a8b9-4c8f4c8a7fd6%27%20AND%201927%3DCONVERT%28INT%2C%28SELECT%20CHAR%28113%29%2BCHAR%2898%29%2BCHAR%2898%29%2BCHAR%28113%29%2BCHAR%28113%29%2B%28SELECT%20SUBSTRING%28%28ISNULL%28CAST%28124789213-12312412%20AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%29%2C1%2C1024%29%29%2BCHAR%28113%29%2BCHAR%28113%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%28113%29%29%29%20AND%20%27Pjcs%27%3D%27Pjcs&productguid=0c06ac6c-c074-46bc-87b4-cbf9b72bd390 HTTP/1.1" 301 - 121.42.0.38 - - [04/Feb/2016:08:38:09 +0800] "GET /page/5?page=-1007%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:09 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:10 +0800] "GET /page/5?page=-1569%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:11 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:11 +0800] "GET /page/5?page=-1027%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:12 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:12 +0800] "GET /page/5?page=-1353%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:13 +0800] "GET /page/5?page=4%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 121.42.0.38 - - [04/Feb/2016:08:38:13 +0800] "GET /page/5?page=-1941%27+UNION+ALL+SELECT+CONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%2CCONCAT%280x4c5a6f6e4776%2C0x48594f587077%29%23 HTTP/1.1" 301 26 应该就是大量请求才导致CPU飙升的,所以云盾扫描也是造成CPU飙升的原因之一
赞赏小编
Bản phát biểu: tất cả các bản vẽ được in trên trang web là để truyền thêm thông tin và dễ dàng thảo luận, không có nghĩa là website, máy chủ và người cầm đầu đồng ý ý kiến của họ hoặc xác nhận tính xác thực của nội dung của họ. Nội dung các bài báo chỉ có liên quan. Nếu quyền của tác giả gốc bị vi phạm, xin liên lạc với quản trị website.

Ký vào để ghi chú

Ghi chú

    Không có dữ liệu
Thư mục gốcthêm
未分类新闻mysqlphp学习myzone闲聊公告
Đang lưu thời gianthêm
2023/22023/12022/102022/72021/52021/42021/12020/92020/82020/52020/32019/22018/82018/72018/22018/12017/92017/82017/72017/6 thêm