新創建的 VPS 上的未知和無法辨識的 POST 請求

我為個人項目創建了一個 VPS。我已經為傳入流量設置了 NGINX 代理。我打開了用於測試 SSL 和域名的伺服器，暫時將其置於基本身份驗證之後。

我剛剛注意到很多來自http://117.48.205.227的 POST 請求正在嘗試訪問

nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:27 +0000] "GET /phpdm.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:28 +0000] "GET /root.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:28 +0000] "GET /5678.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:28 +0000] "GET /root11.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:28 +0000] "GET /xiu.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:28 +0000] "POST /wuwu11.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:29 +0000] "POST /xw.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:29 +0000] "POST /xw1.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:29 +0000] "POST /9678.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:30 +0000] "POST /wc.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:30 +0000] "POST /xx.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:30 +0000] "POST /xx.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:30 +0000] "POST /s.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:31 +0000] "POST /w.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:31 +0000] "POST /sheep.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
nginx_1    | 117.48.205.227 - - [05/Aug/2019:07:45:31 +0000] "POST /qaq.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"

這只是所有請求中的一小部分。有人試圖找到不受保護的路線或其他東西，還是這是一些奇怪的網路爬蟲或其他東西？

無論如何，我應該如何處理這個？我的網路伺服器目前對 Internet 關閉。

問候！

這些是來自（很可能）受感染的 VPS 農場的標準黑客攻擊。您可以忽略這些攻擊，前提是您在將 Web 應用程序和 Web 伺服器打開到 Internet 之前對其進行了加固。您的 SSH 伺服器、FTP 伺服器和您的 VPS 的所有其他入口點也是如此。如果您訪問您的 SSH 日誌（或任何其他日誌，例如 FTP），您將看到來自相同類型 IP 地址的相同類型的黑客攻擊。請查找“VPS 強化”並按照說明進行操作。

引用自：https://serverfault.com/questions/977968